[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fcsiB3AD_ozSHGJVFzGJnXFWPW2WgK96A9q_pEHD71yE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":20,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":36,"fingerprints":194},"bp-auto-group-join","BP Auto Group Join","1.0.4","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>Automatically join new and existing BuddyPress members to Groups of your choice. Optionally determine which group to join based on Member Type, using our \u003Ca href=\"https:\u002F\u002Fwww.buddyboss.com\u002Fproduct\u002Fbuddypress-member-types\u002F\" rel=\"nofollow ugc\">BuddyPress Member Types\u003C\u002Fa> plugin.\u003C\u002Fp>\n\u003Cp>Watch our \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=IN9iJIFRyts\" rel=\"nofollow ugc\">video tutorial\u003C\u002Fa> for setup and configuration instructions.\u003C\u002Fp>\n\u003Cp>BP Auto Group Join is built by the experienced developers at BuddyBoss who also offer premium \u003Ca href=\"https:\u002F\u002Fwww.buddyboss.com\u002Fthemes\u002F\" title=\"BuddyPress themes from BuddyBoss\" rel=\"nofollow ugc\">BuddyPress themes\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.buddyboss.com\u002Fplugins\u002F\" title=\"BuddyPress plugins from BuddyBoss\" rel=\"nofollow ugc\">plugins\u003C\u002Fa> to build your social network.\u003C\u002Fp>\n","Automatically join BuddyPress members to Groups.",800,17317,90,6,"2020-10-22T09:11:00.000Z","5.5.18","3.8","",[],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbp-auto-group-join\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-auto-group-join.1.0.4.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"smub",94,23510130,91,795,73,"2026-04-03T23:32:39.650Z",[],{"attackSurface":37,"codeSignals":122,"taintFlows":181,"riskAssessment":182,"analyzedAt":193},{"hooks":38,"ajaxHandlers":118,"restRoutes":119,"shortcodes":120,"cronEvents":121,"entryPointCount":23,"unprotectedCount":23},[39,45,49,53,56,62,65,69,73,76,81,84,88,91,94,98,101,105,109,114],{"type":40,"name":41,"callback":42,"file":43,"line":44},"action","plugins_loaded","BP_AUTO_GROUP_JOIN_init","bp-auto-group-join.php",61,{"type":40,"name":46,"callback":47,"file":43,"line":48},"admin_notices","bb_auto_group_admin_notice",65,{"type":40,"name":50,"callback":50,"file":51,"line":52},"admin_init","includes\\admin.php",139,{"type":40,"name":50,"callback":54,"file":51,"line":55},"register_support_settings",140,{"type":57,"name":58,"callback":59,"priority":60,"file":51,"line":61},"filter","plugin_action_links","add_action_links",10,144,{"type":57,"name":63,"callback":59,"priority":60,"file":51,"line":64},"network_admin_plugin_action_links",145,{"type":40,"name":66,"callback":67,"priority":60,"file":51,"line":68},"network_admin_edit_bp_auto_group_join","save_network_settings_page",179,{"type":40,"name":70,"callback":70,"file":71,"line":72},"bp_groups_admin_load","includes\\bp-auto-group-join-admin-class.php",25,{"type":40,"name":74,"callback":74,"file":71,"line":75},"bp_groups_admin_meta_boxes",26,{"type":40,"name":77,"callback":78,"priority":79,"file":80,"line":75},"bp_core_activated_user","wpmu_auto_group_join_new_user",999,"includes\\bp-auto-group-join-base-class.php",{"type":40,"name":82,"callback":78,"priority":79,"file":80,"line":83},"wpmu_activate_user",27,{"type":40,"name":85,"callback":86,"priority":79,"file":80,"line":87},"xprofile_updated_profile","auto_group_join_new_user",28,{"type":40,"name":89,"callback":86,"priority":79,"file":80,"line":90},"user_register",29,{"type":57,"name":92,"callback":92,"priority":79,"file":80,"line":93},"wpmu_signup_user_notification_email",30,{"type":40,"name":95,"callback":96,"file":80,"line":97},"wp_footer","maybe_auto_join_current_group",32,{"type":40,"name":46,"callback":99,"file":80,"line":100},"member_types_plugin_check",33,{"type":40,"name":102,"callback":103,"file":80,"line":104},"wp_enqueue_scripts","assets",182,{"type":40,"name":106,"callback":107,"file":80,"line":108},"admin_enqueue_scripts","admin_assets",186,{"type":40,"name":110,"callback":111,"file":112,"line":113},"init","setup_admin_settings","includes\\main-class.php",352,{"type":40,"name":115,"callback":116,"file":112,"line":117},"bp_init","bp_loaded",358,[],[],[],[],{"dangerousFunctions":123,"sqlUsage":128,"outputEscaping":137,"fileOperations":23,"externalRequests":23,"nonceChecks":178,"capabilityChecks":179,"bundledLibraries":180},[124],{"fn":125,"file":112,"line":126,"context":127},"unserialize",279,"$saved_options = unserialize($saved_options[0]);",{"prepared":23,"raw":129,"locations":130},2,[131,134],{"file":51,"line":132,"context":133},210,"$wpdb->get_results() with variable interpolation",{"file":112,"line":135,"context":136},277,"$wpdb->get_col() with variable interpolation",{"escaped":138,"rawEcho":139,"locations":140},1,20,[141,144,146,148,150,152,154,156,158,160,161,163,164,166,168,170,171,173,174,176],{"file":43,"line":142,"context":143},82,"raw output",{"file":51,"line":145,"context":143},337,{"file":51,"line":147,"context":143},341,{"file":51,"line":149,"context":143},371,{"file":51,"line":151,"context":143},379,{"file":51,"line":153,"context":143},395,{"file":51,"line":155,"context":143},398,{"file":71,"line":157,"context":143},113,{"file":71,"line":159,"context":143},121,{"file":71,"line":159,"context":143},{"file":71,"line":162,"context":143},122,{"file":71,"line":162,"context":143},{"file":71,"line":165,"context":143},127,{"file":71,"line":167,"context":143},151,{"file":71,"line":169,"context":143},159,{"file":71,"line":169,"context":143},{"file":71,"line":172,"context":143},160,{"file":71,"line":172,"context":143},{"file":71,"line":175,"context":143},165,{"file":80,"line":177,"context":143},238,4,5,[],[],{"summary":183,"deductions":184},"The \"bp-auto-group-join\" plugin v1.0.4 exhibits a mixed security posture. On the positive side, the plugin has no recorded vulnerabilities (CVEs), a clean vulnerability history, and a relatively small attack surface with no discovered AJAX handlers, REST API routes, shortcodes, or cron events that are immediately exploitable.  Furthermore, it demonstrates some good security practices with the presence of nonce and capability checks.\n\nHowever, several concerning code signals were identified. The use of the `unserialize` function without explicit input validation is a significant risk, as it can lead to object injection vulnerabilities if manipulated by an attacker. Additionally, the plugin performs SQL queries without using prepared statements, leaving it susceptible to SQL injection attacks. The low percentage of properly escaped output (5%) indicates a high likelihood of cross-site scripting (XSS) vulnerabilities. The static analysis also found no taint flows, which could be due to the limited scope of the analysis or a genuine lack of complex data flows, but the presence of other vulnerabilities makes this less reassuring.",[185,188,190],{"reason":186,"points":187},"Use of unserialize without sanitization",15,{"reason":189,"points":60},"SQL queries not using prepared statements",{"reason":191,"points":192},"Low percentage of properly escaped output",8,"2026-03-16T19:18:02.480Z",{"wat":195,"direct":204},{"assetPaths":196,"generatorPatterns":199,"scriptPaths":200,"versionParams":201},[197,198],"\u002Fwp-content\u002Fplugins\u002Fbp-auto-group-join\u002Fcss\u002Fbp-auto-group-join.css","\u002Fwp-content\u002Fplugins\u002Fbp-auto-group-join\u002Fjs\u002Fbp-auto-group-join.js",[],[198],[202,203],"bp-auto-group-join\u002Fcss\u002Fbp-auto-group-join.css?ver=","bp-auto-group-join\u002Fjs\u002Fbp-auto-group-join.js?ver=",{"cssClasses":205,"htmlComments":206,"htmlAttributes":207,"restEndpoints":210,"jsGlobals":211,"shortcodeOutput":212},[],[],[208,209],"aj_new_registrations","aj_new_registrations_mt",[],[],[]]