All the data can be yours
This article presents tips for finding and using undocumented APIs. GitHub's code search tool is a powerful way to look for potential endpoints. Parts of pages that load after the rest of the page or actions that don't cause a full page refresh are likely making requests to JSON APIs. All WordPress sites have a built-in REST API for accessing posts, pages, media, and more. Other tips include looking at the site's robots.txt file, searching Google, reading and debugging JavaScript, and looking through the site's mobile app.
Wow.... I tested the Wordpress Snooper linked in the article on my friends website, and wow... It scraped it!!
This could be used in dangerous ways.