[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f9W6e8CITrgY-BSVgjalrldN4-yQjxYkKBzsBJnRYoCc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":56,"analysis":154,"fingerprints":280},"activity-link-preview-for-buddypress","Activity Link Preview For BuddyPress","1.7.3","Varun Dubey","https:\u002F\u002Fprofiles.wordpress.org\u002Fvapvarun\u002F","\u003Cp>\u003Cstrong>Activity Link Preview For BuddyPress\u003C\u002Fstrong> automatically generates beautiful link previews when users share URLs in BuddyPress activity posts and comments. The plugin fetches Open Graph data (image, title, description) from shared links and displays them in an attractive card format.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatic Link Detection\u003C\u002Fstrong> – Detects URLs as users type in the activity form\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rich Previews\u003C\u002Fstrong> – Displays title, description, and featured image from shared links\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comment Support\u003C\u002Fstrong> – Link previews work in activity comments and replies\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Social Media Embeds\u003C\u002Fstrong> – Special handling for Twitter\u002FX, Facebook, YouTube, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Short URL Support\u003C\u002Fstrong> – Resolves shortened URLs (bit.ly, tinyurl, etc.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Caching\u003C\u002Fstrong> – Previews are cached for better performance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API Support\u003C\u002Fstrong> – Link preview data available via BuddyPress REST API\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Friendly\u003C\u002Fstrong> – Filters to customize or disable functionality\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Supported Platforms\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Twitter\u002FX – Native tweet embeds\u003C\u002Fli>\n\u003Cli>Facebook – Native post embeds\u003C\u002Fli>\n\u003Cli>YouTube – Video embeds via oEmbed\u003C\u002Fli>\n\u003Cli>LinkedIn, Instagram, Reddit – Link previews\u003C\u002Fli>\n\u003Cli>Any website with Open Graph meta tags\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 5.0 or higher\u003C\u002Fli>\n\u003Cli>PHP 7.4 or higher\u003C\u002Fli>\n\u003Cli>BuddyPress 6.0+ or BuddyBoss Platform\u003C\u002Fli>\n\u003C\u002Ful>\n","BuddyPress activity link preview displays image, title and description from websites when links are shared in activity posts.",100,10436,80,5,"2026-03-13T04:40:00.000Z","6.9.4","5.0","7.4",[20,21,22,23,24],"activity","buddypress","link-preview","open-graph","social","https:\u002F\u002Fwbcomdesigns.com\u002Fdownloads\u002Fbuddypress-activity-link-preview\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Factivity-link-preview-for-buddypress.1.7.3.zip",98,1,0,"2025-05-07 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2025-47548","wbcom-designs-activity-link-preview-for-buddypress-unauthenticated-server-side-request-forgery","Wbcom Designs - Activity Link Preview For BuddyPress \u003C= 1.4.4 - Unauthenticated Server-Side Request Forgery","The Wbcom Designs – Activity Link Preview For BuddyPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.",null,"\u003C=1.4.4","1.6.0","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Server-Side Request Forgery (SSRF)","2025-05-13 15:28:07",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb243beac-1d8e-494d-8009-173a0a6c4d97?source=api-prod",7,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":53,"trust_score":54,"computed_at":55},"vapvarun",420,95,532,76,"2026-04-04T04:00:02.641Z",[57,80,98,117,133],{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":77,"download_link":78,"security_score":79,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"buddypress-edit-activity","BuddyPress Edit Activity","1.1.1","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>Let your BuddyPress members edit their activity posts and replies on the front-end of the site. You can even set a time limit for how long activity posts should remain editable.\u003C\u002Fp>\n\u003Cp>Just activate the plugin, and every activity post and reply will become editable, styled automatically by BuddyPress to fit with your theme.\u003C\u002Fp>\n","BuddyPress Edit Activity allows your members to edit their activity posts on the front-end of your BuddyPress-powered site.",900,75058,92,17,"2020-04-23T13:56:00.000Z","5.4.19","3.8","",[20,21,74,75,76],"messaging","profiles","social-networking","https:\u002F\u002Fwww.buddyboss.com\u002Fproduct\u002Fbuddypress-edit-activity\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-edit-activity.1.1.1.zip",85,{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":11,"downloaded":88,"rating":11,"num_ratings":28,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":96,"download_link":97,"security_score":79,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"buddykit","BuddyKit – Additional features for BuddyPress","0.0.4","Joseph G.","https:\u002F\u002Fprofiles.wordpress.org\u002Fdunhakdis\u002F","\u003Cp>BuddyKit adds several features like Live Notifications and Media Activities to your BuddyPress sites. More social media related features are coming soon!\u003C\u002Fp>\n","BuddyKit adds several features like Live Notifications and Media Activities to your BuddyPress powered websites.",12833,"2019-09-08T10:15:00.000Z","4.9.29","4.5","5.4",[94,21,95,76],"activity-streams","community","https:\u002F\u002Fbuddykit.io\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddykit.0.0.4.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":11,"num_ratings":108,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":72,"tags":112,"homepage":115,"download_link":116,"security_score":79,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"bp-whats-hot","What's Hot Activity Tab for BuddyPress","0.2","edwardtownend","https:\u002F\u002Fprofiles.wordpress.org\u002Fedwardtownend\u002F","\u003Cp>Adds a What’s Hot tab to the BuddyPress activity stream.\u003C\u002Fp>\n\u003Cp>What’s Hot is defined by items that have received comments, ordered by recency of comments and posts.\u003C\u002Fp>\n","Adds a What's Hot tab to the BuddyPress activity stream.",10,4649,2,"2015-08-26T10:54:00.000Z","4.3.34","3.6",[20,113,21,76,114],"bp","whats-hot","http:\u002F\u002Fdmsqd.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-whats-hot.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":72,"short_description":123,"active_installs":29,"downloaded":124,"rating":29,"num_ratings":29,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":72,"tags":128,"homepage":72,"download_link":132,"security_score":79,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"personalized-activity-for-buddypress-frfwa","Personalized Activity for Buddypress – Friends, Following, Admin","1.0.3","crossbow6","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrossbow6\u002F","Makes Buddypress Activity Personalized For Users, by Including Activity Feeds Only From Users They Are Friends With, Users They Are Following And Administrator of Your Community.",906,"2021-11-13T04:43:00.000Z","5.8.13","5.5",[21,95,129,130,131],"friends-only-activity","personalized-activity","social-network","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpersonalized-activity-for-buddypress-frfwa.zip",{"slug":134,"name":135,"version":136,"author":137,"author_profile":138,"description":139,"short_description":140,"active_installs":141,"downloaded":142,"rating":67,"num_ratings":143,"last_updated":144,"tested_up_to":16,"requires_at_least":17,"requires_php":145,"tags":146,"homepage":72,"download_link":151,"security_score":152,"vuln_count":108,"unpatched_count":29,"last_vuln_date":153,"fetched_at":31},"wonderm00ns-simple-facebook-open-graph-tags","Open Graph and Twitter Card Tags","3.3.9","Saad Iqbal","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaadiqbal\u002F","\u003Cp>This plugin improves the sharing of your WordPress pages, posts, WooCommerce products, or any other post type on social media, by setting the correct Facebook Open Graph Tags.\u003C\u002Fp>\n\u003Cp>It also allows you to add the Twitter Card tags for more effective and efficient Twitter sharing results, as well as the Meta Description and Canonical tags if no other SEO plugin is setting them.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>This plugin is not, in any way, affiliated or endorsed by Facebook, Twitter, Google or any other 3rd party.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can also choose to insert the “enclosure” and “media:content” tags to the RSS feeds, so that apps like RSS Graffiti and twitterfeed post the image to Facebook correctly.\u003C\u002Fp>\n\u003Cp>It allows the user to choose which tags are included, and also the default image if the post\u002Fpage doesn’t have one.\u003C\u002Fp>\n\u003Cp>It’s also possible to add an overlay logo\u002Fwatermark to the image. The plugin will resize and crop the original image to 1200×630 and then overlay the chosen 1200×630 PNG file over it.\u003Cbr \u002F>\nIt be usefull to add your brand to the image that shows up on Facebook shared links.\u003C\u002Fp>\n\u003Cp>Our settings page is discreetly kept under “Options”.\u003C\u002Fp>\n\u003Ch4>The generated (Facebook) Open Graph Tags are:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>og:title\u003C\u002Fstrong>: From post\u002Fpage\u002Farchive\u002Ftag\u002F… title.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>og:site_name\u003C\u002Fstrong>: From blog title.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>og:url\u003C\u002Fstrong>: From the post\u002Fpage permalink.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>og:description\u003C\u002Fstrong>: From our specific custom field of the post\u002Fpage, or if not set post\u002Fpage excerpt if it exist, or from post\u002Fpage content. From category\u002Ftag description on its pages, if it exist. From tagline, or custom text, on all the others.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>og:image\u003C\u002Fstrong>: From our specific custom field of the post\u002Fpage, or if not set from the post\u002Fpage featured\u002Fthumbnail image, or if it doesn’t exist from the first image in the post content, or if it doesn’t exist from the first image on the post media gallery, or if it doesn’t exist from the default image defined on the options menu. The same image chosen here will be used and enclosure\u002Fmedia:content on the RSS feed.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>og:image:url\u003C\u002Fstrong>: Same as \u003Cstrong>og:image\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>og:image:secure_url\u003C\u002Fstrong>: Same as \u003Cstrong>og:image\u003C\u002Fstrong> if SSL is being used.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>og:image:width\u003C\u002Fstrong> and \u003Cstrong>og:image:height\u003C\u002Fstrong>: Image dimensions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>og:type\u003C\u002Fstrong>: “website” or “blog” for the homepage, “product” for WooCommerce products and “article” for all the others.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>article:author\u003C\u002Fstrong>: From the user (post author) Faceboook Profile URL.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>article:published_time\u003C\u002Fstrong>: Article published time (for posts only)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>article:modified_time\u003C\u002Fstrong> and \u003Cstrong>og:updated_time\u003C\u002Fstrong>: Article modified time (for posts only)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>article:section\u003C\u002Fstrong>: From post categories.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>article:publisher\u003C\u002Fstrong>: The website Facebook Page URL.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>og:locale\u003C\u002Fstrong>: From WordPress locale or chosen by the user.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>fb:admins\u003C\u002Fstrong>: From settings on the options screen.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>fb:app_id\u003C\u002Fstrong>: From settings on the options screen.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>og:price:amount\u003C\u002Fstrong> and \u003Cstrong>og:price:currency\u003C\u002Fstrong>: Price on WooCommerce products.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>The generated Twitter Card Tags are:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>twitter:title\u003C\u002Fstrong>: Same as \u003Ccode>og:title\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>twitter:url\u003C\u002Fstrong>: Sames as \u003Ccode>og:url\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>twitter:description\u003C\u002Fstrong>: Same as \u003Ccode>og:description\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>twitter:image\u003C\u002Fstrong>: Same as \u003Ccode>og:image\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>twitter:creator\u003C\u002Fstrong>: From the user (post author) Twitter account.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>twitter:site\u003C\u002Fstrong>: The website Twitter account.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>twitter:card\u003C\u002Fstrong>: With value “summary_large_image” or “summary”.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Other Tags:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>canonical\u003C\u002Fstrong>: Same as \u003Ccode>og:url\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>meta description\u003C\u002Fstrong>: Same as \u003Ccode>og:description\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>meta author\u003C\u002Fstrong>: From the user (post author) Display Name.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>meta publisher\u003C\u002Fstrong>: From the website title.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>enclosure\u003C\u002Fstrong>: On RSS feeds, same as \u003Ccode>og:image\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>media:content\u003C\u002Fstrong>: On RSS feeds, same as \u003Ccode>og:image\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>3rd Party Integration:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordpress-seo\u002F\" rel=\"ugc\">Yoast SEO\u003C\u002Fa>\u003C\u002Fstrong>: Allows you to use the title, URL (canonical), and description from the Yoast SEO plugin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa>\u003C\u002Fstrong>: On product pages sets \u003Ccode>og:type\u003C\u002Fcode> to “product” and adds the price including tax to the \u003Ccode>product:price\u003C\u002Fcode> and \u003Ccode>product:availability\u003C\u002Fcode> tags. Also allows you to use the Product Category thumbnails as Open Graph Image and have Product Gallery images as additional Open Graph Images\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fproducts\u002Fbrands\u002F\" rel=\"nofollow ugc\">WooCommerce Brands\u003C\u002Fa>\u003C\u002Fstrong>: On brand pages uses the brand image as Open Graph Image \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fbusiness-directory-plugin\u002F\" rel=\"ugc\">Business Directory Plugin\u003C\u002Fa>\u003C\u002Fstrong> (deprecated): Allows you to use BDP listing contents as Open Graph Tags.\u003C\u002Fli>\n\u003C\u002Ful>\n","Improve social media sharing by inserting Facebook Open Graph, Twitter Card, and SEO Meta Tags on your WordPress website pages, posts, WooCommerce pro &hellip;",60000,2301341,122,"2026-01-28T07:38:00.000Z","7.0",[147,23,148,149,150],"facebook","open-graph-protocol","social-media","twitter-card","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwonderm00ns-simple-facebook-open-graph-tags.3.3.9.zip",99,"2018-06-27 00:00:00",{"attackSurface":155,"codeSignals":219,"taintFlows":227,"riskAssessment":269,"analyzedAt":279},{"hooks":156,"ajaxHandlers":210,"restRoutes":216,"shortcodes":217,"cronEvents":218,"entryPointCount":28,"unprotectedCount":29},[157,163,167,170,175,179,185,187,191,195,199,204,206],{"type":158,"name":159,"callback":160,"file":161,"line":162},"action","admin_notices","bp_activity_link_preview_admin_notice","bp-activity-link-preview.php",72,{"type":158,"name":164,"callback":165,"file":161,"line":166},"admin_init","bp_activity_link_preview_requires_buddypress",75,{"type":158,"name":168,"callback":169,"file":161,"line":79},"wp_enqueue_scripts","bp_activity_link_preview_enqueue_scripts",{"type":158,"name":171,"callback":172,"priority":173,"file":161,"line":174},"bp_init","bp_activity_link_preview_disable_buddyboss_preview",999,88,{"type":158,"name":176,"callback":177,"priority":106,"file":161,"line":178},"bp_activity_after_save","bp_activity_link_preview_save_link_data",94,{"type":180,"name":181,"callback":182,"priority":183,"file":161,"line":184},"filter","bp_get_activity_content_body","bp_activity_link_preview_content_body_with_comments",8,97,{"type":158,"name":171,"callback":186,"file":161,"line":11},"bp_activity_link_preview_init_comment_filter",{"type":180,"name":188,"callback":189,"file":161,"line":190},"bp_activity_allowed_tags","bp_activity_link_preview_allowed_tags",103,{"type":180,"name":192,"callback":193,"priority":106,"file":161,"line":194},"bp_rest_activity_prepare_value","bp_activity_link_preview_data_embed_rest_api",106,{"type":158,"name":196,"callback":197,"file":161,"line":198},"wp_head","bp_activity_link_preview_add_facebook_root_div",109,{"type":158,"name":200,"callback":201,"priority":202,"file":161,"line":203},"plugins_loaded","closure",20,113,{"type":158,"name":159,"callback":160,"file":161,"line":205},119,{"type":180,"name":207,"callback":208,"file":161,"line":209},"bp_activity_comment_content","bp_activity_link_preview_comment_content",726,[211],{"action":212,"nopriv":213,"callback":212,"hasNonce":214,"hasCapCheck":213,"file":161,"line":215},"bp_activity_parse_url_preview",false,true,91,[],[],[],{"dangerousFunctions":220,"sqlUsage":221,"outputEscaping":223,"fileOperations":28,"externalRequests":108,"nonceChecks":28,"capabilityChecks":29,"bundledLibraries":226},[],{"prepared":28,"raw":29,"locations":222},[],{"escaped":224,"rawEcho":29,"locations":225},19,[],[],[228,251],{"entryPoint":229,"graph":230,"unsanitizedCount":28,"severity":250},"bp_activity_parse_url_preview (bp-activity-link-preview.php:170)",{"nodes":231,"edges":247},[232,237,241],{"id":233,"type":234,"label":235,"file":161,"line":236},"n0","source","$_POST",206,{"id":238,"type":239,"label":240,"file":161,"line":236},"n1","transform","→ bp_activity_link_parse_url()",{"id":242,"type":243,"label":244,"file":161,"line":245,"wp_function":246},"n2","sink","file_get_contents() [SSRF\u002FLFI]",261,"file_get_contents",[248,249],{"from":233,"to":238,"sanitized":213},{"from":238,"to":242,"sanitized":213},"medium",{"entryPoint":252,"graph":253,"unsanitizedCount":268,"severity":250},"\u003Cbp-activity-link-preview> (bp-activity-link-preview.php:0)",{"nodes":254,"edges":264},[255,257,258,260,262],{"id":233,"type":234,"label":235,"file":161,"line":256},183,{"id":238,"type":243,"label":244,"file":161,"line":245,"wp_function":246},{"id":242,"type":234,"label":259,"file":161,"line":236},"$_POST (x3)",{"id":261,"type":239,"label":240,"file":161,"line":236},"n3",{"id":263,"type":243,"label":244,"file":161,"line":245,"wp_function":246},"n4",[265,266,267],{"from":233,"to":238,"sanitized":214},{"from":242,"to":261,"sanitized":213},{"from":261,"to":263,"sanitized":213},3,{"summary":270,"deductions":271},"The 'activity-link-preview-for-buddypress' plugin version 1.7.3 exhibits a generally good security posture based on the static analysis. The absence of dangerous functions, 100% usage of prepared statements for SQL queries, and proper output escaping are all positive indicators. The presence of a nonce check and a file operation, while noted, do not immediately suggest critical vulnerabilities without further context, especially since there are no unauthenticated entry points identified in the attack surface analysis.\n\nHowever, the taint analysis reveals two flows with unsanitized paths, which, although not categorized as critical or high severity in this report, warrant careful consideration. These unsanitized paths could potentially lead to unexpected behavior or vulnerabilities if exploited, especially in combination with other factors not immediately apparent from this report. The vulnerability history shows a past high-severity SSRF vulnerability, which is a significant concern. While this specific vulnerability is reported as patched, its occurrence suggests a potential area of weakness within the plugin's code that attackers might seek to exploit again in different forms.\n\nIn conclusion, while the plugin implements several strong security practices, the presence of unsanitized taint flows and a history of significant vulnerabilities like SSRF highlight areas for continued vigilance and potential improvement. The lack of capability checks on the single identified entry point is also a minor concern, as it implies that any authenticated user might be able to trigger this functionality.",[272,274,276],{"reason":273,"points":183},"Taint flows with unsanitized paths found",{"reason":275,"points":14},"No capability checks on entry points",{"reason":277,"points":278},"Past high severity SSRF vulnerability history",15,"2026-03-16T20:40:36.075Z",{"wat":281,"direct":292},{"assetPaths":282,"generatorPatterns":285,"scriptPaths":286,"versionParams":289},[283,284],"\u002Fwp-content\u002Fplugins\u002Factivity-link-preview-for-buddypress\u002Fassets\u002Fcss\u002Fbp-activity-link-preview.css","\u002Fwp-content\u002Fplugins\u002Factivity-activity-link-preview-for-buddypress\u002Fassets\u002Fjs\u002Fbp-activity-link-preview.js",[],[287,288],"https:\u002F\u002Fplatform.twitter.com\u002Fwidgets.js","https:\u002F\u002Fconnect.facebook.net\u002Fen_US\u002Fsdk.js#xfbml=1&version=v21.0",[290,291],"activity-link-preview-for-buddypress\u002Fassets\u002Fcss\u002Fbp-activity-link-preview.css?ver=","activity-link-preview-for-buddypress\u002Fassets\u002Fjs\u002Fbp-activity-link-preview.js?ver=",{"cssClasses":293,"htmlComments":294,"htmlAttributes":295,"restEndpoints":296,"jsGlobals":298,"shortcodeOutput":300},[],[],[],[297],"\u002Fwp-json\u002Fbp-activity-link-preview\u002Fv1\u002Factivity\u002F",[299],"bp_activity_link_preview",[]]