{"id":286915,"date":"2026-07-16T16:22:48","date_gmt":"2026-07-16T16:22:48","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/flowra-connector\/"},"modified":"2026-07-16T16:22:37","modified_gmt":"2026-07-16T16:22:37","slug":"sudhan-publishing-connector-for-flowra","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/sudhan-publishing-connector-for-flowra\/","author":20061993,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.4","stable_tag":"1.0.4","tested":"7.0.1","requires":"6.0","requires_php":"","requires_plugins":null,"header_name":"Publishing Connector for Flowra","header_author":"Flowra","header_description":"Connect Flowra content workflows with WordPress publishing.","assets_banners_color":"","last_updated":"2026-07-16 16:22:37","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/useflowra.com\/plugin","header_author_uri":"https:\/\/useflowra.com","rating":0,"author_block_rating":0,"active_installs":0,"downloads":25,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","changelog"],"tags":{"1.0.4":{"tag":"1.0.4","author":"sudhanrichardson","date":"2026-07-16 16:22:37"}},"upgrade_notice":{"1.0.4":"<p>Hardening release: prevents fatal errors if the legacy flowra-connector plugin is also active, and adds an opt-in admin notice to deactivate it manually.<\/p>","1.0.3":"<p>Security fix: corrected an invalid capability check on the \/publish endpoint and tightened \/content permission checks for status=any. Update recommended for all sites.<\/p>","1.0.2":"<p>Security fix: REST API permission checks now correctly require publishing capability for publish\/schedule actions and private-content capability for private posts. Update recommended for all sites.<\/p>","1.0.0":"<p>Initial stable release.<\/p>"},"ratings":[],"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.4"],"block_files":[],"assets_screenshots":[],"screenshots":[]},"plugin_section":[],"plugin_tags":[1556,529,7143,186],"plugin_category":[55],"plugin_contributors":[271918],"plugin_business_model":[],"class_list":["post-286915","plugin","type-plugin","status-publish","hentry","plugin_tags-api","plugin_tags-content","plugin_tags-publishing","plugin_tags-seo","plugin_category-seo-and-marketing","plugin_contributors-sudhanrichardson","plugin_committers-sudhanrichardson"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/sudhan-publishing-connector-for-flowra.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"<!--section=description-->\n<p>Publishing Connector for Flowra is a lightweight infrastructure plugin that securely connects a WordPress site with the Flowra content operations platform.<\/p>\n\n<p>This plugin allows Flowra to interact with WordPress as a trusted publishing client while respecting WordPress permissions, themes, and existing SEO plugins.<\/p>\n\n<p>The plugin has no user interface and no settings screen. It exists purely as a secure bridge between Flowra and WordPress.<\/p>\n\n<h3>Features<\/h3>\n\n<ul>\n<li>Secure authentication using WordPress Application Passwords<\/li>\n<li>OAuth-ready architecture for future connection methods<\/li>\n<li>Read posts and pages from WordPress<\/li>\n<li>Publish, update, and schedule posts<\/li>\n<li>Assign categories and tags<\/li>\n<li>Sync SEO metadata from popular SEO plugins:\n\n<ul>\n<li>Rank Math<\/li>\n<li>Yoast SEO<\/li>\n<li>All in One SEO<\/li>\n<li>SEOPress<\/li>\n<\/ul><\/li>\n<li>No conflicts with existing SEO plugins<\/li>\n<li>No background jobs or cron tasks<\/li>\n<li>No tracking or data collection<\/li>\n<\/ul>\n\n<h3>Usage<\/h3>\n\n<p>Once activated, the plugin exposes secure REST API endpoints used by Flowra.<\/p>\n\n<p>All content creation, publishing, and scheduling actions are performed from the Flowra platform.<\/p>\n\n<p>There are no WordPress admin pages or settings for this plugin.<\/p>\n\n<h3>Security<\/h3>\n\n<ul>\n<li>All API requests require authentication<\/li>\n<li>Only users with publishing permissions can access endpoints<\/li>\n<li>No data is exposed publicly<\/li>\n<li>No credentials are stored by the plugin<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>publishing-connector-for-flowra<\/code> folder to the <code>\/wp-content\/plugins\/<\/code> directory<\/li>\n<li>Activate the plugin through the WordPress Plugins screen<\/li>\n<li>Generate a WordPress Application Password for an admin or editor user<\/li>\n<li>Connect your site from the Flowra app using the site URL, username, and application password<\/li>\n<\/ol>\n\n<!--section=changelog-->\n<h4>1.0.4<\/h4>\n\n<ul>\n<li>Added defensive class guards to prevent fatal errors if the legacy, manually-installed \"flowra-connector\" plugin is active on the same site<\/li>\n<li>If the legacy flowra-connector plugin is detected, an admin notice now offers a one-click, user-initiated link to deactivate it (nothing is deactivated automatically)<\/li>\n<li>Status endpoint now reports the correct plugin slug<\/li>\n<\/ul>\n\n<h4>1.0.3<\/h4>\n\n<ul>\n<li>Security fix: the \/publish permission check used a non-existent \"publish_post\" per-post capability, which could incorrectly deny (or in some setups mis-evaluate) publish\/schedule requests; it now correctly checks the type-wide publish_posts capability<\/li>\n<li>Security fix: the \/content permission check for status=any now also requires edit_others_posts in addition to read_private_posts, since \"any\" can include other users' draft\/pending\/future posts, not just private ones<\/li>\n<\/ul>\n\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Security: tightened REST API permission checks on the \/publish and \/content endpoints so capability requirements match the action actually being performed (publishing\/scheduling vs. editing, and private vs. other non-public statuses)<\/li>\n<li>Fix: content read endpoint now sets up post data correctly before running the_content filters, avoiding conflicts with themes\/plugins that rely on it<\/li>\n<li>Hardening: SEO metadata fields are now sanitized before being saved<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial public release<\/li>\n<li>Secure Flowra \u2194 WordPress connector<\/li>\n<li>Publishing, scheduling, and SEO metadata sync<\/li>\n<li>OAuth-ready architecture<\/li>\n<\/ul>","raw_excerpt":"Publishing Connector for Flowra is a lightweight infrastructure plugin that securely connects a WordPress site with the Flowra content operations plat &hellip;","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/286915","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=286915"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/sudhanrichardson"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=286915"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=286915"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=286915"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=286915"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=286915"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=286915"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}