[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1cem2V5JwCFVMdQOLur-q9UZQcufmuCfgk08COOYAh4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":9,"tags":17,"homepage":9,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":120,"fingerprints":233},"bp-activity-comment-like-dislike","Comment Like Dislike for BuddyPress Activity","1.0","Dhaval Kasavala","https:\u002F\u002Fprofiles.wordpress.org\u002Fdhavalkasvala\u002F","","Comment Like Dislike for BuddyPress Activity also known as upvote \u002F downvote counters.",10,1110,0,"2022-03-30T03:50:00.000Z","5.9.13","5.0",[18,19,20,21],"activity","buddypress","comment","like-dislike","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-activity-comment-like-dislike.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":23,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"dhavalkasvala",2,910,30,84,"2026-04-04T10:55:27.399Z",[35,54,72,85,101],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":9,"requires_at_least":9,"requires_php":9,"tags":48,"homepage":52,"download_link":53,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"bp-activity-comment-notifier","BuddyPress Activity Comment Notifier","1.2.0","Brajesh Singh","https:\u002F\u002Fprofiles.wordpress.org\u002Fsbrajesh\u002F","\u003Cp>BuddyPress Activity Comment Notifier plugin emulates the facebook style notification for the comments made on user activity. It will show the notification to a user in following scenario\u003C\u002Fp>\n\u003Cul>\n\u003Cli>When a user has an update and someone else comments on it(It is handled by BuddyPress Now)\u003C\u002Fli>\n\u003Cli>When a user comments on someone’s update and other users also comment on that update, all the users are notified\u003C\u002Fli>\n\u003Cli>When a user favorites your activity\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For more details, please visit \u003Ca href=\"http:\u002F\u002Fbuddydev.com\u002Fplugins\u002Fbuddypress-activity-comment-notifier\u002F\" title=\"Plugin page\" rel=\"nofollow ugc\">BuddyPress Activity Comment Notifier plugin page\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Free & paid supports are available via \u003Ca href=\"http:\u002F\u002Fbuddydev.com\u002Fsupport\u002Fforums\u002F\" title=\"BuddyDev support forums\" rel=\"nofollow ugc\">BuddyDev Support Forum\u003C\u002Fa>\u003C\u002Fp>\n","BuddyPress Activity Comment Notifier plugin emulates the facebook style notification for the comments made on user activity.",70,12214,80,3,"2017-12-06T07:37:00.000Z",[18,49,50,19,51],"activity-comment","activity-comment-notification","notification","https:\u002F\u002Fbuddydev.com\u002Fplugins\u002Fbuddypress-activity-comment-notifier\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-activity-comment-notifier.1.2.0.zip",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":11,"downloaded":62,"rating":63,"num_ratings":64,"last_updated":65,"tested_up_to":9,"requires_at_least":9,"requires_php":9,"tags":66,"homepage":70,"download_link":71,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"bp-import-blog-activity","BP Import Blog Activity","0.2","Boone Gorges","https:\u002F\u002Fprofiles.wordpress.org\u002Fboonebgorges\u002F","\u003Cp>If you install BuddyPress on an already thriving WordPress installation, you’ll notice that existing blog comments and posts are not inserted into the activity stream. This plugin fixes that.\u003C\u002Fp>\n\u003Cp>Requires WordPress Multisite\u003C\u002Fp>\n","Updates BuddyPress activity streams with missing blog comments and posts",4652,20,1,"2012-09-17T01:07:00.000Z",[18,67,19,68,69],"blog","comments","import","http:\u002F\u002Fteleogistic.net\u002Fcode\u002Fbuddypress\u002Fbp-import-blog-activity","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-import-blog-activity.0.2.zip",{"slug":73,"name":74,"version":75,"author":58,"author_profile":59,"description":76,"short_description":77,"active_installs":11,"downloaded":78,"rating":13,"num_ratings":13,"last_updated":79,"tested_up_to":9,"requires_at_least":9,"requires_php":9,"tags":80,"homepage":83,"download_link":84,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"bp-include-non-member-comments","BP Include Non-member Comments","1.3","\u003Cp>By default, BuddyPress does not include comments from non-members (or non-logged-in users more generally) in the sitewide activity stream. This plugin records activity items for those comments.\u003C\u002Fp>\n\u003Cp>Please note: the latest version of this plugin (1.2) will NOT work with versions of BuddyPress between 1.2RC and 1.2.1. BP versions 1.2.2+ are supported. Please download an earlier version of this plugin for compatibility with older versions of BuddyPress\u003C\u002Fp>\n","Inserts blog comments from non-logged-in users into the activity stream",4788,"2013-03-26T16:03:00.000Z",[18,81,19,68,82],"blogs","non-members","http:\u002F\u002Fteleogistic.net\u002Fcode\u002Fbuddypress\u002Fbp-include-non-member-comments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-include-non-member-comments.1.3.zip",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":11,"downloaded":93,"rating":94,"num_ratings":64,"last_updated":9,"tested_up_to":9,"requires_at_least":9,"requires_php":9,"tags":95,"homepage":98,"download_link":99,"security_score":94,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":100},"buddypress-activity-as-blog-comments","BuddyPress Activity Stream as Blog Comments","0.1.1","rich! @ etiviti","https:\u002F\u002Fprofiles.wordpress.org\u002Fnuprn1\u002F","\u003Cp>This plugin will replace the main BuddyPress blog (for what BP is activated on) comments section with the activity stream reply system (threaded) and the (reply | favorite) links\u003C\u002Fp>\n\u003Cp>This will remove the WP Comments reply section – only the site admin will have access to make traditional comment replies (you may adjust this in the theme file)\u003C\u002Fp>\n\u003Cp>I consider this an experimental plugin showing how the activity stream can be more a main component across WordPress.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Activity stream enabled\u003C\u002Fli>\n\u003Cli>blog and forum activity stream enabled\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Important Notes\u003C\u002Fh4>\n\u003Cp>Please see the FAQ – if you have an existing BP install with blog postings and comments you MUST run an additional plugin to import blog postings and comments into the activity stream (this is untested)\u003C\u002Fp>\n\u003Cp>Currently no WPMU subblog support – looking for any brave souls to configure it properly. 🙂\u003C\u002Fp>\n\u003Ch4>Related Links:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fblog.etiviti.com\u002F2010\u002F04\u002Fbuddypress-activity-stream-as-blog-comments\u002F\" title=\"BuddyPress Activity Stream as Blog Comments - Blog About Page\" rel=\"nofollow ugc\">About Page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fetivite.com\u002F2010\u002F04\u002Fwhat-does-it-mean\u002F\" title=\"Plugin Demo Site\" rel=\"nofollow ugc\">See it in action\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please report any bugs, ideas, concerns, etc – detailed.\u003C\u002Fp>\n\u003Ch3>Extra Configuration\u003C\u002Fh3>\n\u003Ch4>Allow other members to use traditional blog comment reply\u003C\u002Fh4>\n\u003Cp>Edit the theme file theme\u002Factivitycomments\u002Fblogactivity-commments.php (you may want to copy this activitycomments\u002Ffile to your default theme to prevent future updates from overwriting)\u003C\u002Fp>\n\u003Cp>change the line\n    \u003C\u002Fp>\n\u003Cp>Where is_site_admin can be \u003Ccode>current_user_can()\u003C\u002Fcode> with the wp_cap level (lets say you want editors or authors to reply to comments in the traditional sense). Then additional blog_comments will show activity replies underneath as well. (a neat nested effect)\u003C\u002Fp>\n","This plugin will replace the blog comments section with the activity stream reply system",7332,100,[96,97,19],"activity-stream","blog-comments","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fbuddypress-activity-as-blog-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-as-blog-comments.zip","2026-03-15T10:48:56.248Z",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":13,"downloaded":109,"rating":13,"num_ratings":13,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":113,"tags":114,"homepage":9,"download_link":119,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"bp-last-comments-widget","BuddyPress Last Comments Widget","2.0","udarmo","https:\u002F\u002Fprofiles.wordpress.org\u002Fudarmo\u002F","\u003Cp>Shows a list of most recently added BP activity comments.\u003C\u002Fp>\n","Shows a list of most recently added BP activity comments.",1713,"2017-10-17T20:45:00.000Z","4.8.28","4.6","5.6",[115,116,19,117,118],"activity-comments","activity-widget","buddypress-widget","recent-comments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-last-comments-widget.2.0.zip",{"attackSurface":121,"codeSignals":151,"taintFlows":166,"riskAssessment":221,"analyzedAt":232},{"hooks":122,"ajaxHandlers":138,"restRoutes":148,"shortcodes":149,"cronEvents":150,"entryPointCount":29,"unprotectedCount":29},[123,129,134],{"type":124,"name":125,"callback":126,"file":127,"line":128},"action","admin_notices","acld_requires_plugin","bp-activity-comment-like-dislike.php",33,{"type":124,"name":130,"callback":131,"priority":132,"file":133,"line":63},"bp_activity_comment_options","acld_comment_options_display_custom",15,"includes\\class-acld-vote-updown.php",{"type":124,"name":135,"callback":136,"file":133,"line":137},"wp_enqueue_scripts","acld_bp_scripts",21,[139,144],{"action":140,"nopriv":141,"callback":142,"hasNonce":141,"hasCapCheck":141,"file":133,"line":143},"buddypress_user_like",false,"acld_bp_user_like",22,{"action":145,"nopriv":141,"callback":146,"hasNonce":141,"hasCapCheck":141,"file":133,"line":147},"buddypress_user_dislike","acld_bp_user_dislike",23,[],[],[],{"dangerousFunctions":152,"sqlUsage":153,"outputEscaping":155,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":165},[],{"prepared":143,"raw":13,"locations":154},[],{"escaped":156,"rawEcho":46,"locations":157},26,[158,161,163],{"file":127,"line":159,"context":160},48,"raw output",{"file":133,"line":162,"context":160},156,{"file":133,"line":164,"context":160},244,[],[167,193,207],{"entryPoint":168,"graph":169,"unsanitizedCount":29,"severity":192},"acld_bp_user_like (includes\\class-acld-vote-updown.php:75)",{"nodes":170,"edges":189},[171,176,182,184],{"id":172,"type":173,"label":174,"file":133,"line":175},"n0","source","$_POST",77,{"id":177,"type":178,"label":179,"file":133,"line":180,"wp_function":181},"n1","sink","get_results() [SQLi]",88,"get_results",{"id":183,"type":173,"label":174,"file":133,"line":175},"n2",{"id":185,"type":178,"label":186,"file":133,"line":187,"wp_function":188},"n3","get_var() [SQLi]",140,"get_var",[190,191],{"from":172,"to":177,"sanitized":141},{"from":183,"to":185,"sanitized":141},"high",{"entryPoint":194,"graph":195,"unsanitizedCount":29,"severity":192},"acld_bp_user_dislike (includes\\class-acld-vote-updown.php:165)",{"nodes":196,"edges":204},[197,199,201,202],{"id":172,"type":173,"label":174,"file":133,"line":198},167,{"id":177,"type":178,"label":179,"file":133,"line":200,"wp_function":181},177,{"id":183,"type":173,"label":174,"file":133,"line":198},{"id":185,"type":178,"label":186,"file":133,"line":203,"wp_function":188},229,[205,206],{"from":172,"to":177,"sanitized":141},{"from":183,"to":185,"sanitized":141},{"entryPoint":208,"graph":209,"unsanitizedCount":220,"severity":192},"\u003Cclass-acld-vote-updown> (includes\\class-acld-vote-updown.php:0)",{"nodes":210,"edges":217},[211,213,214,216],{"id":172,"type":173,"label":212,"file":133,"line":175},"$_POST (x2)",{"id":177,"type":178,"label":179,"file":133,"line":180,"wp_function":181},{"id":183,"type":173,"label":215,"file":133,"line":175},"$_POST (x3)",{"id":185,"type":178,"label":186,"file":133,"line":187,"wp_function":188},[218,219],{"from":172,"to":177,"sanitized":141},{"from":183,"to":185,"sanitized":141},5,{"summary":222,"deductions":223},"The \"bp-activity-comment-like-dislike\" plugin version 1.0 exhibits a concerning security posture primarily due to a lack of authentication checks on its AJAX handlers and the presence of unsanitized data flows. While the plugin demonstrates good practices by exclusively using prepared statements for SQL queries and having a high percentage of properly escaped output, these strengths are overshadowed by critical vulnerabilities identified through taint analysis. Three high-severity taint flows with unsanitized paths indicate that user-supplied data might be processed in a way that could lead to security issues, even without direct SQL injection or cross-site scripting being explicitly reported. The complete absence of a vulnerability history is a positive indicator of past security diligence, but it does not negate the current risks identified in the static analysis.  Overall, the plugin has significant weaknesses that expose it to potential attacks through its unprotected AJAX endpoints, which could be exploited if the identified taint flows are successfully leveraged.",[224,226,228,230],{"reason":225,"points":11},"AJAX handlers without authentication checks",{"reason":227,"points":132},"High severity unsanitized taint flows",{"reason":229,"points":220},"No nonce checks on AJAX handlers",{"reason":231,"points":220},"No capability checks on AJAX handlers","2026-03-17T01:34:54.961Z",{"wat":234,"direct":241},{"assetPaths":235,"generatorPatterns":237,"scriptPaths":238,"versionParams":239},[236],"\u002Fwp-content\u002Fplugins\u002Fbp-activity-comment-like-dislike\u002Fassets\u002Fjs\u002Fscript.js",[],[236],[240],"bp-activity-comment-like-dislike\u002Fassets\u002Fjs\u002Fscript.js?ver=1.0.0",{"cssClasses":242,"htmlComments":247,"htmlAttributes":248,"restEndpoints":254,"jsGlobals":256,"shortcodeOutput":258},[243,244,245,246],"like_text","like_count","dislike_text","dislike_count",[],[249,250,251,252,253],"data-cmt-id","data-act-id","data-act-snd-id","data-usr-id","data-type",[255],"\u002Fwp-json\u002Fadmin-ajax.php",[257],"frontend_ajax",[]]