# PRIMATURE.GOUV.HT - WP REST API Data Dump Summary

**Site**: https://www.primature.gouv.ht (Prime Minister's Office - Republic of Haiti)
**Date**: 2026-03-04
**Description**: "Bienvenue sur le site officiel de la Primature"
**Hosting**: Bluehost shared hosting
**CMS**: WordPress with Elementor page builder

---

## API Exposure Status

| Endpoint | Status | Count |
|----------|--------|-------|
| Posts | OPEN | 319 (4 pages) |
| Pages | OPEN | 13 (1 page) |
| Media | OPEN | 1,098 (11 pages) |
| Categories | OPEN | 20 |
| Tags | OPEN | 184 (2 pages) |
| Users | OPEN | 4 |
| Comments | OPEN | 0 |
| Types | OPEN | exposed |
| Taxonomies | OPEN | exposed |
| Statuses | OPEN | exposed |
| GiveWP Donors | OPEN | 30 donors exposed |
| GiveWP Donations | OPEN | 30 donation records exposed |
| GiveWP Campaigns | OPEN | 0 (empty) |
| GiveWP Forms | OPEN | 0 (empty) |
| GiveWP Subscriptions | OPEN | 0 (empty) |
| Contact Form 7 | 403 (blocked) | N/A |
| Events Manager | OPEN | endpoint exposed |

---

## Users Enumerated (4 total)

| ID | Name | Slug | Gravatar Hash |
|----|------|------|---------------|
| 1 | Wilouis | wilfrid_lo | 76219724227ee490aef151f89f0512639270d0d86d6b4bb2711907e5b44c41db |
| 3 | Joreste Payen | joreste | d90afadd606815cdc755365a418e1c225ffe32971d0ec06d511f1d8f4d69d250 |
| 4 | jeanphilippe baptiste | jeanphilippe | b0d7088b226a69e2616f21a8a29bb5b65dac9adea3fddee522092aa0de9180c3 |
| 8 | Clifford TIMOTHE | webmaster | 214ef5f9ee306c8aaa4ea406db9f27d481bea173809b916ffeb76459100ca7b9 |

**Note**: User metadata exposes `marketing_optin`, `givewp_campaign_interaction_notice`, and `elementor_introduction` fields.

---

## Installed Plugins Identified (via API namespaces)

| Plugin | Namespace | Security Notes |
|--------|-----------|----------------|
| **GiveWP** | give-api/v2, givewp/v3 | CRITICAL: Donor/donation data exposed publicly |
| **Contact Form 7** | contact-form-7/v1 | 403 on forms endpoint (protected) |
| **Events Manager** | events-manager/v1 | Upload endpoint exposed |
| **MetaSlider** | metaslider/v1 | Slider plugin |
| **Elementor** | elementor/v1 | Page builder |
| **Elementor AI** | elementor-ai/v1 | AI features active |

---

## CRITICAL FINDING: GiveWP Donation Data Exposed

The GiveWP plugin exposes donor and donation data publicly via REST API:

### Donor Data Exposed (30 records, 2019-2021)
- Donor first/last names
- Donor IDs and creation dates
- Total amount donated per donor
- Total number of donations per donor
- Amounts range from $5 to $3,000 USD

### Donation Records Exposed (30 records)
- Individual donation amounts and dates
- Donor names linked to amounts
- Form titles: "Make a Donation", "Support us with your Funds", "Save Children From Hunger"
- Campaign IDs: 1, 9, 12
- All donations via "manual" / "Test Donation" gateway (test data)
- Donation comments exposed

### Notable Donors
- "Kaycee c" - $1,500.00
- "cv v" - $1,500.00
- "ewf f" - $3,000.00
- Most appear to be test entries with gibberish names

### GiveWP API also accepts POST/PUT/PATCH/DELETE
The API schema reveals write endpoints for campaigns, donors, donations, and subscriptions that may accept unauthenticated writes.

---

## Content Categories

Actualite (239), Affaires etrangeres (141), Gouvernement (103), Discours (36), Galerie (35), Economie & Finance (44), Education (31), Environnement (16), Elections (13), FADH (13), + 10 more

---

## Sitemap Structure

- Posts sitemap (wp-sitemap-posts-post-1.xml)
- Pages sitemap
- Events sitemap (custom post type)
- Locations sitemap (custom post type)
- Members sitemap (custom post type)
- Category/Tag/Post Format taxonomies
- Event categories taxonomy
- Member categories taxonomy
- Users sitemap (author URLs exposed)

---

## robots.txt

Standard WordPress robots.txt - only blocks /wp-admin/ (allows admin-ajax.php).

---

## Files Collected

| File | Size | Description |
|------|------|-------------|
| api-root.json | 307 KB | Full API schema |
| posts-page[1-4].json | ~2 MB total | All 319 posts |
| pages-page1.json | 171 KB | All 13 pages |
| media-page[1-11].json | ~7.4 MB total | All 1,098 media items |
| categories.json | 6.6 KB | 20 categories |
| tags.json + tags-page2.json | ~70 KB | 184 tags |
| users.json | 3.9 KB | 4 users |
| comments.json | 2 B | Empty |
| types.json | 6.6 KB | Post types |
| taxonomies.json | 2.2 KB | Taxonomy definitions |
| statuses.json | 1.7 KB | Post statuses |
| givewp-donors.json | - | 30 donor records |
| givewp-donations.json | - | 30 donation records |
| givewp-campaigns.json | - | Empty |
| givewp-forms.json | - | Empty |
| givewp-subscriptions.json | - | Empty |
| givewp-v3.json | - | Full GiveWP v3 API schema |
| events-manager.json | - | Events Manager schema |
| contact-form7.json | - | 403 response |
| robots.txt | 122 B | Standard WP |
| wp-sitemap.xml | 1.3 KB | Sitemap index |
| Sub-sitemaps (5 files) | - | Detailed URL lists |

**Total dump size**: ~11 MB, 43 files