Plugins API
The Plugins API includes, from today, a new field called “latest” that informs, in UNIXTIME, the date of last update of a plugin. It is not available in all plugins (it will be available progressively) and its value can be unixtime or null. “latest”: “1664858712”
As a general rule, a plugin is considered obsolete if it takes more than 1 year, or 3 major versions of WordPress, without any modification. This does not mean that it has a vulnerability, but it can imply sloppiness for the developer and perhaps the search for an alternative one.
If everything goes well, it is possible that future API updates will also include if the plugin has been closed or is obsolete.
Last updates API (for sponsors)
Three routes have been created to know the latest vulnerability updates. There is a route for core, plugins and themes.
These routes return, in core, the version that has undergone a modification, date, and the API path to download the data; in the case of plugins and themes include the slug, date and API path to download the data.
With this system, you can know when to update the data of a plugin, and cache it, if applicable.
These APIs require an API key that will be offered to those who sponsor the project.