Relying solely on wp_rest_nonce for REST API security creates a false sense of safety. Nonces protect against Cross-Site Request Forgery (CSRF) within a browser…