[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFrVYBvPuxNIB68SnzpToNjJSS9SmkTx5AMnuLMhAzIQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":44,"crawl_stats":35,"alternatives":52,"analysis":143,"fingerprints":303},"bp-disable-activation-reloaded","BP Disable Activation Reloaded","1.2.1","Damian","https:\u002F\u002Fprofiles.wordpress.org\u002Ftimersys\u002F","\u003Cp>Based on crashutah, apeatling https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbp-disable-activation\u002F Disables the activation email and automatically activates new users in BuddyPress under a standard WP install and WPMU (multisite).  Also, automatically logs in the new user since the account is already active.\u003C\u002Fp>\n\u003Cp>Basically i updated the plugin and added some features like:\u003C\u002Fp>\n\u003Cp>-Option to turn off automatic login\u003Cbr \u002F>\n-Redirect options after account creation\u003C\u002Fp>\n\u003Cp>Known Bugs:\u003Cbr \u002F>\n-Doesn’t do the automatic login if you allow blog creation during the user creation in WPMU (multisite)\u003C\u002Fp>\n\u003Ch4>Install Multiple plugins at once with WpFavs\u003C\u002Fh4>\n\u003Cp>Bulk plugin installation tool, import WP favorites and create your own lists (\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwpfavs\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwpfavs\u002F\u003C\u002Fa>)\u003C\u002Fp>\n\u003Ch4>Increase your twitter followers\u003C\u002Fh4>\n\u003Cp>Increase your Twitter followers with Twitter likebox Plugin (\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ftwitter-like-box-reloaded\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ftwitter-like-box-reloaded\u002F\u003C\u002Fa>)\u003C\u002Fp>\n\u003Ch4>WordPress Social Invitations\u003C\u002Fh4>\n\u003Cp>Enhance your site by letting your users send Social Invitations (\u003Ca href=\"http:\u002F\u002Fwp.timersys.com\u002Fwordpress-social-invitations\u002F?utm_source=social-popup&utm_medium=readme\" rel=\"nofollow ugc\">http:\u002F\u002Fwp.timersys.com\u002Fwordpress-social-invitations\u002F\u003C\u002Fa>)\u003C\u002Fp>\n","Based on crashutah, apeatling plugin Disables the activation email and automatically activates new users in BuddyPress under a standard WP install and &hellip;",900,26606,100,19,"2014-08-14T15:54:00.000Z","3.9.40","3.6","",[20,21,22],"activation","buddypress","wpmu","http:\u002F\u002Fwww.timersys.com\u002Fplugins-wordpress\u002Fbp-disable-activation-reloaded","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-disable-activation-reloaded.1.2.1.zip",63,1,"2025-09-22 00:00:00","2026-03-15T15:16:48.613Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":35},"CVE-2025-57983","bp-disable-activation-reloaded-cross-site-request-forgery","BP Disable Activation Reloaded \u003C= 1.2.1 - Cross-Site Request Forgery","The BP Disable Activation Reloaded plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.2.1","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-09-26 16:11:50",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F304ed5df-27a4-4fd3-b572-51017142b510?source=api-prod",{"slug":45,"display_name":7,"profile_url":8,"plugin_count":46,"total_installs":47,"avg_security_score":48,"avg_patch_time_days":49,"trust_score":50,"computed_at":51},"timersys",6,34410,79,181,64,"2026-04-04T16:52:22.116Z",[53,72,87,108,127],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":63,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":66,"requires_php":18,"tags":67,"homepage":68,"download_link":69,"security_score":70,"vuln_count":71,"unpatched_count":71,"last_vuln_date":35,"fetched_at":28},"bp-disable-activation","BP Disable Activation","0.4","techguy","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrashutah\u002F","\u003Cp>Disables the activation email and automatically activates new users in BuddyPress under a standard WP install and WPMU (multisite).  Also, automatically logs in the new user since the account is already active.\u003C\u002Fp>\n\u003Cp>Possible Future Features:\u003Cbr \u002F>\n-Option to turn off automatic login\u003Cbr \u002F>\n-Option to not disable email\u003Cbr \u002F>\n-Redirect options after account creation\u003C\u002Fp>\n\u003Cp>Known Bugs:\u003Cbr \u002F>\n-Doesn’t do the automatic login if you allow blog creation during the user creation in WPMU (multisite)\u003C\u002Fp>\n","Disables the activation email and automatically activates new users in BuddyPress under a standard WP install and WPMU (multisite).",10,16744,60,2,"2010-06-09T16:37:00.000Z","2.9.2",[20,21,22],"http:\u002F\u002Fcrashutah.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-disable-activation.0.4.zip",85,0,{"slug":73,"name":74,"version":56,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":13,"downloaded":79,"rating":71,"num_ratings":71,"last_updated":80,"tested_up_to":18,"requires_at_least":18,"requires_php":18,"tags":81,"homepage":85,"download_link":86,"security_score":70,"vuln_count":71,"unpatched_count":71,"last_vuln_date":35,"fetched_at":28},"buddypress-russian-months","BuddyPress Russian Months","Slava Abakumov","https:\u002F\u002Fprofiles.wordpress.org\u002Fslaffik\u002F","\u003Cp>Plugin will transform wrong months’ cases (in date) to proper ones (according Russian grammar rules).\u003C\u002Fp>\n\u003Cp>Examples:\u003Cbr \u002F>\n* not “28 September” but “28 сентября” (Eng->Ru);\u003Cbr \u002F>\n* not “28 Сентябрь” but “28 сентября” (incorrect Ru->correct RU)\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"http:\u002F\u002Fcosydale.com\" rel=\"nofollow ugc\">CosyDale.com\u003C\u002Fa> for more information.\u003C\u002Fp>\n","Plugin will transform wrong months' cases (in date) to proper ones (according Russian grammar rules).",10094,"2011-04-21T20:34:00.000Z",[21,82,83,84,22],"grammar","months","wpms","http:\u002F\u002Fcosydale.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-russian-months.0.4.zip",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":97,"num_ratings":98,"last_updated":99,"tested_up_to":100,"requires_at_least":101,"requires_php":18,"tags":102,"homepage":106,"download_link":107,"security_score":70,"vuln_count":71,"unpatched_count":71,"last_vuln_date":35,"fetched_at":28},"demo-data-creator","Demo Data Creator","1.3.4","Chris Taylor","https:\u002F\u002Fprofiles.wordpress.org\u002Fmrwiblog\u002F","\u003Cp>DO NOT USE THIS PLUGIN ON A PRODUCTION SITE, OR ON A SITE WHERE YOU NEED TO KEEP THE DATA.\u003C\u002Fp>\n\u003Cp>When deleting demo data your ENTIRE WordPress database will be reset, deleting ALL your posts, pages, comments and users. ONLY USE THIS PLUGIN ON A SITE WHERE YOU KNOW THE DATABASE CAN BE WIPED.\u003C\u002Fp>\n\u003Cp>If you develop WordPress websites it’s useful to have some demo data in your system while it’s being built. This allows you to check that lists of things are displaying as they should, and that themes are working when they get data in them.\u003C\u002Fp>\n\u003Cp>Historically it’s been a pain to add that data in. Either you need to take a backup of another site and use that data, or you need to tediously create multiple users and blogs yourself. No more, not now my Demo Data Creator is in town!\u003C\u002Fp>\n\u003Cp>This WordPress, WPMU\u002FMultiSite and BuddyPress plugin gives you a new admin screen where you can enter some parameters, click a button and (after a short wait) random demo data will be created. The parameter options include:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>* Number of users to create\n* Number of blogs per user (for WPMU\u002FMultiSite)\n* Whether users must have a blog\n* Number of categories in each blog\n* Number of posts in each blog\n* Number of paragraphs in each blog post\n* Number of pages in each blog\n* Number of top-level pages\n* Number of levels to nest pages\n* Number of comments per post for each blog\n* Number of links in blogroll for each blog\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>For BuddyPress you also have:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>* Number of groups\n* Number of members per group\n* Number of wire posts for each group\n* Number of friends per user\n* Number of statuses for each user\n* Number of wire posts for each user\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Post content and comment text is automatically generated from Lorem ipsum text, for post content it’s even HTML-formatted.\u003C\u002Fp>\n\u003Cp>Thanks to derscheinwelt for the suggestion and code to create random dates for posts, and Steve at http:\u002F\u002Fslipfire.com\u002F for the wp_insert_user() code.\u003C\u002Fp>\n","Demo Data Creator is a Wordpress and BuddyPress plugin that allows a Wordpress developer to create demo users, blogs, posts, comments and more.",90,62828,70,22,"2017-01-31T20:00:00.000Z","4.7.32","2.7",[21,103,104,105,22],"data","demo","example","http:\u002F\u002Fwww.stillbreathing.co.uk\u002Fwordpress\u002Fdemo-data-creator\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdemo-data-creator.zip",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":116,"downloaded":117,"rating":13,"num_ratings":26,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":121,"tags":122,"homepage":125,"download_link":126,"security_score":13,"vuln_count":71,"unpatched_count":71,"last_vuln_date":35,"fetched_at":28},"vibe-buddypress-to-wp-mail-fix","Vibe BuddyPress Mails via WPMail","1.3","VibeThemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fvibethemes\u002F","\u003Cp>BuddyPress has a fantastic email templating system. Unfortunately, as soon as you use any third party plugin the BuddyPress stops sending their HTML templates and sends a basic text version of emails.\u003Cbr \u002F>\nThis plugin is for users who want to use WP Mail system for sending HTML templates. It works with plugin relay and transactional email services Like Mandrill, Mailgun, SendInBlue, Amazon SES,mailjet etc.\u003C\u002Fp>\n\u003Cp>This plugin will bypass BuddyPress PHP Mailer and use WordPress’s inbuilt WP Mail for sending BuddyPress HTML Emails.\u003C\u002Fp>\n\u003Cp>Explore our projects :\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwplms.io\" rel=\"nofollow ugc\">WordPress LMS\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwpappointify.com\" rel=\"nofollow ugc\">Booking Marketplace\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fmicronet.work\" rel=\"nofollow ugc\">WordPress Project management system\u003C\u002Fa>\u003C\u002Fp>\n","Send BuddyPress HTML Emails via WordPress Mail system.",80,2022,"2025-08-09T01:18:00.000Z","6.8.5","6.0","7.0",[123,21,124],"activation-email-not-working","emails","https:\u002F\u002Fwww.Vibethemes.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvibe-buddypress-to-wp-mail-fix.1.3.zip",{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":135,"downloaded":136,"rating":13,"num_ratings":46,"last_updated":137,"tested_up_to":16,"requires_at_least":138,"requires_php":18,"tags":139,"homepage":141,"download_link":142,"security_score":70,"vuln_count":71,"unpatched_count":71,"last_vuln_date":35,"fetched_at":28},"bp-blog-author-link","BP Blog Author Link","2.8.1","Ron Rennick","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpmuguru\u002F","\u003Cp>The WP\u002FWPMU author link from the \u003Ccode>the_author_posts_link()\u003C\u002Fcode> template tag on the blog will link to the author’s buddypress member profile instead of the author’s posts page.\u003C\u002Fp>\n\u003Cp>This plugin will only affect blogs where buddypress is activated sitewide. It will function the same in either the mu-plugins folder or in the plugins folder and activated sitewide.\u003C\u002Fp>\n","This plugin changes the blog author links on a buddypress site to link to the author's buddypress member profile.",50,9389,"2014-06-29T13:31:00.000Z","3.0",[140,21,22],"author","http:\u002F\u002Fwpmututorials.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-blog-author-link.2.8.1.zip",{"attackSurface":144,"codeSignals":191,"taintFlows":288,"riskAssessment":289,"analyzedAt":302},{"hooks":145,"ajaxHandlers":187,"restRoutes":188,"shortcodes":189,"cronEvents":190,"entryPointCount":71,"unprotectedCount":71},[146,152,156,160,164,169,173,177,181,184],{"type":147,"name":148,"callback":149,"file":150,"line":151},"action","admin_menu","register_menu","bp-disable-activation-loader.php",116,{"type":147,"name":153,"callback":154,"priority":135,"file":150,"line":155},"init","load_scripts",119,{"type":147,"name":157,"callback":158,"file":150,"line":159},"bp_init","my_plugin_init",121,{"type":147,"name":161,"callback":162,"file":150,"line":163},"bp_core_signup_user","disable_validation",143,{"type":165,"name":166,"callback":167,"file":150,"line":168},"filter","bp_registration_needs_activation","fix_signup_form_validation_text",144,{"type":165,"name":170,"callback":171,"file":150,"line":172},"bp_core_signup_send_activation_key","disable_activation_email",145,{"type":165,"name":174,"callback":175,"priority":26,"file":150,"line":176},"wpmu_signup_user_notification","cc_auto_activate_on_user_signup",152,{"type":147,"name":178,"callback":179,"file":180,"line":116},"admin_init","register_settings","WP_Plugin_Base.class.php",{"type":147,"name":153,"callback":182,"priority":61,"file":180,"line":183},"load_base_scripts",87,{"type":165,"name":185,"callback":186,"priority":61,"file":180,"line":95},"plugin_action_links","add_settings_link",[],[],[],[],{"dangerousFunctions":192,"sqlUsage":193,"outputEscaping":201,"fileOperations":71,"externalRequests":71,"nonceChecks":71,"capabilityChecks":71,"bundledLibraries":287},[],{"prepared":64,"raw":64,"locations":194},[195,198],{"file":150,"line":196,"context":197},158,"$wpdb->get_results() with variable interpolation",{"file":150,"line":199,"context":200},165,"$wpdb->get_var() with variable interpolation",{"escaped":202,"rawEcho":203,"locations":204},9,40,[205,208,210,212,214,216,219,221,223,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,255,257,259,261,263,265,267,269,271,273,275,277,279,281,283,285],{"file":206,"line":46,"context":207},"admin\\header.php","raw output",{"file":206,"line":209,"context":207},8,{"file":206,"line":211,"context":207},12,{"file":206,"line":213,"context":207},14,{"file":206,"line":215,"context":207},23,{"file":217,"line":218,"context":207},"admin\\sidebar.php",5,{"file":217,"line":220,"context":207},15,{"file":217,"line":222,"context":207},18,{"file":180,"line":224,"context":207},248,{"file":180,"line":226,"context":207},249,{"file":180,"line":228,"context":207},253,{"file":180,"line":230,"context":207},272,{"file":180,"line":232,"context":207},277,{"file":180,"line":234,"context":207},280,{"file":180,"line":236,"context":207},284,{"file":180,"line":238,"context":207},289,{"file":180,"line":240,"context":207},294,{"file":180,"line":242,"context":207},301,{"file":180,"line":244,"context":207},308,{"file":180,"line":246,"context":207},314,{"file":180,"line":248,"context":207},316,{"file":180,"line":250,"context":207},319,{"file":180,"line":252,"context":207},329,{"file":180,"line":254,"context":207},333,{"file":180,"line":256,"context":207},336,{"file":180,"line":258,"context":207},341,{"file":180,"line":260,"context":207},346,{"file":180,"line":262,"context":207},351,{"file":180,"line":264,"context":207},354,{"file":180,"line":266,"context":207},359,{"file":180,"line":268,"context":207},361,{"file":180,"line":270,"context":207},364,{"file":180,"line":272,"context":207},367,{"file":180,"line":274,"context":207},370,{"file":180,"line":276,"context":207},375,{"file":180,"line":278,"context":207},401,{"file":180,"line":280,"context":207},405,{"file":180,"line":282,"context":207},410,{"file":180,"line":284,"context":207},415,{"file":180,"line":286,"context":207},470,[],[],{"summary":290,"deductions":291},"The \"bp-disable-activation-reloaded\" plugin version 1.2.1 exhibits a mixed security posture.  On the positive side, the static analysis shows a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are accessible without authentication or proper permission checks.  Furthermore, the code doesn't appear to utilize dangerous functions, perform file operations, make external HTTP requests, or bundle external libraries, which are generally good practices.\n\nHowever, there are significant concerns, particularly regarding output escaping and SQL query security. A concerning 82% of output is not properly escaped, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. While SQL queries are used, only 50% are prepared, leaving potential for SQL injection if the other 50% are handling user-supplied data unsafely.  The lack of any nonce or capability checks across the board is also a significant weakness, especially when combined with the output escaping issues.\n\nThe plugin's vulnerability history is a major red flag. With one known medium-severity CVE that is currently unpatched, and a pattern of previous CSRF vulnerabilities, it indicates a history of security flaws that have not been fully addressed.  This suggests a potential lack of robust security testing or developer attention to security best practices. The unpatched CVE is the most immediate and critical concern, as it represents a known exploit that could be leveraged against users of this plugin.",[292,294,296,298,300],{"reason":293,"points":220},"Unpatched Medium CVE",{"reason":295,"points":209},"High percentage of unescaped output (82%)",{"reason":297,"points":218},"50% of SQL queries not using prepared statements",{"reason":299,"points":218},"0 Nonce checks",{"reason":301,"points":218},"0 Capability checks","2026-03-16T19:11:57.671Z",{"wat":304,"direct":313},{"assetPaths":305,"generatorPatterns":308,"scriptPaths":309,"versionParams":310},[306,307],"\u002Fwp-content\u002Fplugins\u002Fbp-disable-activation-reloaded\u002Fcss\u002Fbp-disable-activation-reloaded.css","\u002Fwp-content\u002Fplugins\u002Fbp-disable-activation-reloaded\u002Fjs\u002Fbp-disable-activation-reloaded.js",[],[307],[311,312],"bp-disable-activation-reloaded\u002Fcss\u002Fbp-disable-activation-reloaded.css?ver=","bp-disable-activation-reloaded\u002Fjs\u002Fbp-disable-activation-reloaded.js?ver=",{"cssClasses":314,"htmlComments":315,"htmlAttributes":317,"restEndpoints":318,"jsGlobals":319,"shortcodeOutput":320},[],[316],"\u003C!-- BP Disable Activation Reloaded -->",[],[],[],[]]