[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$feKqV1pkGRNfQhSM_tZsFrPBrw_mP6F0qT12qH-C1d3U":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":140,"fingerprints":240},"bp-automatic-friends","BuddyPress Automatic Friends","2.0.8","Steven Word","https:\u002F\u002Fprofiles.wordpress.org\u002Fstevenkword\u002F","\u003Cp>Automatically create and accept friendships for specified users upon new user registration. * Requires BuddyPress\u003C\u002Fp>\n","Automatically create and accept friendships for specified users upon new user registration. * Requires BuddyPress",200,26771,84,5,"2022-01-23T16:32:00.000Z","5.9.13","3.5","",[20,21,22,23,24],"admin","automatic","buddypress","friends","instant-friends","http:\u002F\u002Fwww.stevenword.com\u002Fbp-automatic-friends\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-automatic-friends.2.0.8.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":13,"computed_at":37},"stevenkword",2,210,30,"2026-04-04T05:55:21.325Z",[39,63,83,106,124],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":18,"tags":54,"homepage":59,"download_link":60,"security_score":61,"vuln_count":50,"unpatched_count":28,"last_vuln_date":62,"fetched_at":30},"aapanel-wp-toolkit","aapanel WP Toolkit","1.2","aapanel","https:\u002F\u002Fprofiles.wordpress.org\u002Faapanel\u002F","\u003Cp>Allows you to manage WordPress remotely on aapanel, one-click login, and some features will be coming in the future.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This file is part of aapanel WP Toolkit.\u003C\u002Fp>\n\u003Cp>aapanel WP Toolkit is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.\u003C\u002Fp>\n\u003Cp>aapanel WP Toolkit is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along with ManageWP Worker. If not, see \u003Ca href=\"https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\u003C\u002Fa>.\u003C\u002Fp>\n","A better way to manage dozens of WordPress websites.",1000,3914,100,1,"2025-07-29T02:40:00.000Z","6.8.5","3.0",[55,21,56,57,58],"administration","login","manage-wordpress","remote","https:\u002F\u002Fwww.aapanel.com\u002Fnew\u002Ffeature\u002Fwp.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faapanel-wp-toolkit.1.2.zip",98,"2025-07-17 16:21:33",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":47,"downloaded":71,"rating":72,"num_ratings":73,"last_updated":74,"tested_up_to":75,"requires_at_least":76,"requires_php":77,"tags":78,"homepage":18,"download_link":82,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"bp-registration-options","Registration Options for BuddyPress","4.4.5","Brian Messenlehner","https:\u002F\u002Fprofiles.wordpress.org\u002Fmessenlehner\u002F","\u003Cp>Prevent users and bots from accessing the BuddyPress or bbPress areas of your website(s) until they are approved.\u003C\u002Fp>\n\u003Cp>This BuddyPress extension allows you to enable user moderation for new members, as well as help create a private network for your users. If moderation is enabled, any new members will be denied access to your BuddyPress and bbPress areas on your site, with the exception of their own user profile. They will be allowed to edit and configure that much. They will also not be listed in the members lists on the frontend until approved. Custom messages are available so you can tailor them to the tone of your website and community. When an admin approves or denies a user, email notifications will be sent to let them know of the decision.\u003C\u002Fp>\n\u003Cp>Requires BuddyPress version 1.7 or higher and bbPress 2.0 or higher.\u003C\u002Fp>\n\u003Ch3>General Data Protection Regulation\u003C\u002Fh3>\n\u003Cp>BuddyPress Registration Options temporarily stores user IP addresses as user meta to help validate and vet pending users. Saved IP values are deleted upon both approval and denial of pending user. No other personal data is recorded.\u003C\u002Fp>\n","Moderate new BuddyPress members and fight BuddyPress spam.",175480,88,33,"2023-03-05T15:26:00.000Z","6.0.11","5.2","5.6",[20,22,79,80,81],"groups","moderation","registration","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-registration-options.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":47,"downloaded":91,"rating":92,"num_ratings":93,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":18,"tags":97,"homepage":101,"download_link":102,"security_score":103,"vuln_count":104,"unpatched_count":28,"last_vuln_date":105,"fetched_at":30},"invite-anyone","Invite Anyone","1.4.10","Boone Gorges","https:\u002F\u002Fprofiles.wordpress.org\u002Fboonebgorges\u002F","\u003Cp>Invite Anyone has two components:\u003C\u002Fp>\n\u003Cp>1) The ability to invite members to the site by email. The plugin creates a tab on each member’s Profile page called “Send Invites”, which contains a form where users can invite outsiders to join the site. There is a field for a custom message. Also, inviters can optionally select any number of their groups, and when the invitee accepts the invitation he or she automatically receive invitations to join those groups.\u003C\u002Fp>\n\u003Cp>The email invitation part of the plugin is customizable by the BP administrator, via Dashboard > BuddyPress > Invite Anyone.\u003C\u002Fp>\n\u003Cp>2) By default, BuddyPress only allows group admins to invite their friends to groups. In some communities, you might want members to be able to invite non-friends to groups as well. This plugin allows you to do so, by populating the invitation checklist with the entire membership of the site, rather than just a friend list.\u003C\u002Fp>\n\u003Cp>Because member lists can get very long and hard to navigate, this plugin adds a autosuggest search box to the Send Invites screen – the same one that appears on the Compose Message screen – which allows inviters to navigate directly to the members they want to invite.\u003C\u002Fp>\n\u003Cp>Invite Anyone features optional integration with CloudSponge http:\u002F\u002Fcloudsponge.com, a premium address book service, that allows your users to invite their friends to the site in a way that’s easy and fun. Enable it at Dashboard > BuddyPress > Invite Anyone.\u003C\u002Fp>\n\u003Ch3>Translation credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Belarussian: Alexander Ovsov (\u003Ca href=\"http:\u002F\u002Fwebhostinggeeks.com\u002Fscience\" rel=\"nofollow ugc\">Web Geek Science\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Brazilian Portuguese: Celso Bessa\u003C\u002Fli>\n\u003Cli>Catalan: Mònica Grau and Toni Ginard\u003C\u002Fli>\n\u003Cli>Danish: Mort3n\u003C\u002Fli>\n\u003Cli>Dutch: Jesper Popma, Tim de Hoog\u003C\u002Fli>\n\u003Cli>French: Guillaume Coulon, Nicolas Mollet\u003C\u002Fli>\n\u003Cli>German: Lars Berning, Thorsten Wollenhöfer, Matthias Lunz\u003C\u002Fli>\n\u003Cli>Greek: Lena Stergatou\u003C\u002Fli>\n\u003Cli>Italian: Luca Camellini\u003C\u002Fli>\n\u003Cli>Norwegian: Stig Ulfsby\u003C\u002Fli>\n\u003Cli>Russian: Jettochkin, Roman Leonov\u003C\u002Fli>\n\u003Cli>Serbo-Croatian: Anja Skrba\u003C\u002Fli>\n\u003Cli>Spanish: Mauricio Camayo, Gregor Gimmy\u003C\u002Fli>\n\u003Cli>Swedish: Alexander Berthelsen, Jan Anderson\u003C\u002Fli>\n\u003Cli>Ukrainian: \u003Ca href=\"http:\u002F\u002Fwww.coupofy.com\u002F\" rel=\"nofollow ugc\">Ivanka\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additional details about the plugin can be found in the following languages:\u003Cbr \u002F>\n* Serbo-Croatian: \u003Ca href=\"http:\u002F\u002Fscience.webhostinggeeks.com\u002Fteleogistic\" rel=\"nofollow ugc\">http:\u002F\u002Fscience.webhostinggeeks.com\u002Fteleogistic\u003C\u002Fa>\u003C\u002Fp>\n","Makes BuddyPress's invitation features more powerful.",262018,86,26,"2024-08-19T17:09:00.000Z","6.6.5","3.2",[22,23,98,99,100],"group","invitations","invite","http:\u002F\u002Fteleogistic.net\u002Fcode\u002Fbuddypress\u002Finvite-anyone\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finvite-anyone.1.4.10.zip",83,6,"2024-08-16 00:00:00",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":47,"downloaded":114,"rating":72,"num_ratings":14,"last_updated":115,"tested_up_to":116,"requires_at_least":117,"requires_php":18,"tags":118,"homepage":122,"download_link":123,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-updates-settings","WP Updates Settings","1.1.4","Yslo","https:\u002F\u002Fprofiles.wordpress.org\u002Fyslo\u002F","\u003Cp>Allows you the ability to set Updates and Automatic Background Updates through Settings panel.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Show\u002Fhide Updates notification\u003C\u002Fli>\n\u003Cli>Use default WordPress behaviors\u003C\u002Fli>\n\u003Cli>Enable\u002FDisable Updates capabilities to Administrator users\u003C\u002Fli>\n\u003Cli>Set Major Core Automatic Background Updates\u003C\u002Fli>\n\u003Cli>Set Minor Core Automatic Background Updates\u003C\u002Fli>\n\u003Cli>Set Plugin Automatic Background Updates\u003C\u002Fli>\n\u003Cli>Set Theme Automatic Background Updates\u003C\u002Fli>\n\u003Cli>Set Translation files Automatic Background Updates\u003C\u002Fli>\n\u003Cli>Set Auto Core Update Notification emails.\u003C\u002Fli>\n\u003Cli>Add Updates panel (Settings > Updates)\u003C\u002Fli>\n\u003Cli>Contextual Help\u003C\u002Fli>\n\u003Cli>Translation MO\u002FPO files\u003C\u002Fli>\n\u003Cli>Multisite\u003C\u002Fli>\n\u003Cli>Desactivate restore default WordPress behavior\u003C\u002Fli>\n\u003Cli>Uninstall restore default WordPress behavior\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003C\u002Ful>\n","Configure WordPress updates settings through UI (User Interface).",21138,"2017-12-20T22:09:00.000Z","4.9.29","3.7",[20,21,119,120,121],"background","core","updates","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-updates-settings\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-updates-settings.1.1.4.zip",{"slug":125,"name":126,"version":127,"author":110,"author_profile":111,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":132,"num_ratings":133,"last_updated":134,"tested_up_to":116,"requires_at_least":53,"requires_php":18,"tags":135,"homepage":138,"download_link":139,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-login-timeout-settings","WP Login Timeout Settings","1.1.3","\u003Cp>Allows you the ability to set login timeout Settings panel.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Set default login timeout\u003C\u002Fli>\n\u003Cli>Set login ‘Remember me’ timeout\u003C\u002Fli>\n\u003Cli>Set special timeout for Users with a specific capability. eg. : You can set longer\u002Fshorter login timeout to Administrators using “edit_theme_options” capability. (see \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FRoles_and_Capabilities\" rel=\"nofollow ugc\">Roles and Capabilities in WordPress Codex\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Use default WordPress behaviors\u003C\u002Fli>\n\u003Cli>Add Updates panel (Settings > Login timeout)\u003C\u002Fli>\n\u003Cli>Contextual Help\u003C\u002Fli>\n\u003Cli>Translation MO\u002FPO files\u003C\u002Fli>\n\u003Cli>Desactivate restore default WordPress behavior\u003C\u002Fli>\n\u003Cli>Uninstall restore default WordPress behavior\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003C\u002Ful>\n","Configure WordPress Login Timeout through UI (User Interface).",800,14423,70,8,"2017-12-20T22:30:00.000Z",[20,21,136,120,137],"cookie","timeout","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-login-timeout-settings\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-login-timeout-settings.1.1.3.zip",{"attackSurface":141,"codeSignals":200,"taintFlows":233,"riskAssessment":234,"analyzedAt":239},{"hooks":142,"ajaxHandlers":182,"restRoutes":196,"shortcodes":197,"cronEvents":198,"entryPointCount":199,"unprotectedCount":28},[143,149,152,156,161,165,168,172,177,181],{"type":144,"name":145,"callback":146,"file":147,"line":148},"action","bp_loaded","action_bp_loaded","bp-automatic-friends.php",79,{"type":144,"name":150,"callback":151,"file":147,"line":61},"admin_notices","admin_notice",{"type":144,"name":153,"callback":154,"file":147,"line":155},"wp","first_login",103,{"type":144,"name":157,"callback":158,"file":159,"line":160},"personal_options","action_personal_options","inc\\admin.php",66,{"type":144,"name":162,"callback":163,"file":159,"line":164},"personal_options_update","action_personal_options_update",67,{"type":144,"name":166,"callback":163,"file":159,"line":167},"edit_user_profile_update",68,{"type":144,"name":169,"callback":170,"file":159,"line":171},"admin_init","action_admin_init",76,{"type":144,"name":173,"callback":174,"priority":175,"file":159,"line":176},"admin_enqueue_scripts","action_admin_enqueue_scripts",11,77,{"type":144,"name":169,"callback":178,"file":179,"line":180},"action_admin_init_perform_updates","inc\\update.php",62,{"type":144,"name":150,"callback":151,"file":179,"line":155},[183,189,192],{"action":184,"nopriv":185,"callback":186,"hasNonce":187,"hasCapCheck":185,"file":159,"line":188},"bpaf_suggest_global_friend",false,"action_ajax_bpaf_suggest_global_friend",true,61,{"action":190,"nopriv":185,"callback":191,"hasNonce":187,"hasCapCheck":185,"file":159,"line":180},"bpaf_add_global_friend","action_ajax_bpaf_add_global_friend",{"action":193,"nopriv":185,"callback":194,"hasNonce":187,"hasCapCheck":185,"file":159,"line":195},"bpaf_delete_global_friend","action_ajax_bpaf_delete_global_friend",63,[],[],[],3,{"dangerousFunctions":201,"sqlUsage":202,"outputEscaping":204,"fileOperations":28,"externalRequests":28,"nonceChecks":231,"capabilityChecks":50,"bundledLibraries":232},[],{"prepared":50,"raw":28,"locations":203},[],{"escaped":28,"rawEcho":205,"locations":206},13,[207,210,212,213,214,216,217,219,221,223,225,227,229],{"file":147,"line":208,"context":209},237,"raw output",{"file":159,"line":211,"context":209},226,{"file":159,"line":211,"context":209},{"file":159,"line":211,"context":209},{"file":159,"line":215,"context":209},365,{"file":159,"line":215,"context":209},{"file":159,"line":218,"context":209},366,{"file":159,"line":220,"context":209},367,{"file":159,"line":222,"context":209},370,{"file":159,"line":224,"context":209},371,{"file":159,"line":226,"context":209},376,{"file":159,"line":228,"context":209},380,{"file":179,"line":230,"context":209},113,4,[],[],{"summary":235,"deductions":236},"The \"bp-automatic-friends\" plugin v2.0.8 exhibits a generally good security posture with a small attack surface consisting solely of AJAX handlers. Encouragingly, none of these AJAX handlers are exposed without authentication, and the plugin demonstrates robust SQL query sanitization through the consistent use of prepared statements. The absence of any recorded vulnerabilities, including CVEs, further strengthens its current security standing.  However, a significant concern arises from the complete lack of output escaping for all 13 identified output points. This oversight creates a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, as untrusted data could be rendered directly in the browser, potentially allowing attackers to inject malicious scripts. While the plugin has no known historical vulnerabilities, the identified output escaping issue is a critical weakness that requires immediate attention.",[237],{"reason":238,"points":133},"Output escaping is not properly implemented","2026-03-16T20:14:45.877Z",{"wat":241,"direct":250},{"assetPaths":242,"generatorPatterns":245,"scriptPaths":246,"versionParams":247},[243,244],"\u002Fwp-content\u002Fplugins\u002Fbp-automatic-friends\u002Fcss\u002Fbpaf-admin-styles.css","\u002Fwp-content\u002Fplugins\u002Fbp-automatic-friends\u002Fjs\u002Fbpaf-admin-scripts.js",[],[244],[248,249],"bp-automatic-friends\u002Fcss\u002Fbpaf-admin-styles.css?ver=","bp-automatic-friends\u002Fjs\u002Fbpaf-admin-scripts.js?ver=",{"cssClasses":251,"htmlComments":255,"htmlAttributes":282,"restEndpoints":287,"jsGlobals":288,"shortcodeOutput":290},[252,253,254],"bpaf-settings-field","bpaf-global-friends-wrapper","bpaf-user-search-wrap",[256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281],"\u003C!-- BuddyPress Automatic Friends Core -->","\u003C!-- Core plugin class -->","\u003C!-- Load the admin -->","\u003C!-- Do this the first time a new user logs in -->","\u003C!-- New method for creating friendships at first login. -->","\u003C!-- Prevents conflict with plugins such as \"Disable Activation\" that bypass the activation process. -->","\u003C!-- Hook into the 'wp' action and check if the user is logged in -->","\u003C!-- and if get_user_meta( $bp->loggedin_user->id, 'last_activity' ) is false. -->","\u003C!-- http:\u002F\u002Fbuddypress.trac.wordpress.org\u002Fticket\u002F3003 -->","\u003C!-- Get Global Friends -->","\u003C!-- The Query -->","\u003C!-- Create friendships automatically -->","\u003C!-- When a initiator user registers for the blog, create initiator friendship with the specified user(s) and autoaccept those friendhips. -->","\u003C!-- Disable email notifications.  In situations with hundreds of users, this can get SPAMMY fast -->","\u003C!-- Get the user data for the initiatorly registered user. -->","\u003C!-- Get the friend users id(s) -->","\u003C!-- Check to see if the admin options are set-->","\u003C!-- @legacy -->","\u003C!-- Request the friendship -->","\u003C!-- Destroy Friendships -->","\u003C!-- Update Friendship Counts -->","\u003C!-- Get friends of $user_id -->","\u003C!-- Loop through the initiator's friends and update their friend counts -->","\u003C!-- Update initiator friend counts -->","\u003C!-- Notify the admin of why we can't load the plugin. -->","\u003C!-- Wrappers -->",[283,284,285,286],"data-bpaf-action","data-bpaf-user-id","data-bpaf-nonce","data-bpaf-target-user-id",[],[289],"bpaf_global_vars",[]]