[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fs44yENUJ1lQoCF3Uj86HWQCKhDJxUD07EgD5sgmDi98":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":122,"fingerprints":176},"bp-extend-widgets","BuddyPress Extend Widgets","1.0","Slava Abakumov","https:\u002F\u002Fprofiles.wordpress.org\u002Fslaffik\u002F","\u003Cp>After activating all current and possible future widgets will get extra BuddyPress specific options.\u003Cbr \u002F>\nYou will be able to select on which users profiles or groups pages you want to display this widget and on which – don’t.\u003C\u002Fp>\n\u003Cp>So you will get more flexibility in arranging your sidebars (or widget-zones).\u003C\u002Fp>\n","Provide all widgets with BuddyPress specific fields (conditional display logic)",10,6281,100,1,"2015-01-04T17:52:00.000Z","",[18,19,20,21,22],"buddypress","conditional","groups","members","widgets","http:\u002F\u002Fovirium.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-extend-widgets.1.0.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"slaffik",8,2980,90,104,72,"2026-04-04T02:42:25.765Z",[39,58,75,92,107],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":11,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":16,"tags":53,"homepage":56,"download_link":57,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"shortcodes-for-buddypress","Wbcom Designs – Shortcodes & Elementor Widgets For BuddyPress","2.9.1","wbcomdesigns","https:\u002F\u002Fprofiles.wordpress.org\u002Fwbcomdesigns\u002F","\u003Cp>This plugin will add an extended feature to BuddyPress. It will use Shortcode for Listing Activity Streams, Members directory, and Groups directory on any post or page within the website.\u003C\u002Fp>\n\u003Cp>With our current update, we have added three widgets to display the activity stream, member directory, and group directory using Elementor.\u003C\u002Fp>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F554193567\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>THEME – WORDPRESS THEME WITH OUTSTANDING BUDDYPRESS SUPPORT\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fbuddyx\u002F\" rel=\"ugc\">FREE BuddyPress Theme: BuddyX\u003C\u002Fa> – Offers unique layouts with clean code and easy-to-customise options, giving you a whole new way to visualize BuddyPress.\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin generates shortcodes for Listing Activity Streams, Members, and Groups on any website post or page.",700,51623,92,"2025-09-22T06:44:00.000Z","6.8.5","5.0.0",[54,18,55,20,21],"activity","buddypress-shortcodes","https:\u002F\u002Fgithub.com\u002Fwbcomdesigns\u002Fshortcodes-for-buddypress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshortcodes-for-buddypress.2.9.1.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":13,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":51,"requires_at_least":70,"requires_php":16,"tags":71,"homepage":16,"download_link":74,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"bp-local-avatars","BP Local Avatars","3.0","shanebp","https:\u002F\u002Fprofiles.wordpress.org\u002Fshanebp\u002F","\u003Cp>BP Local Avatars is a BuddyPress plugin.\u003C\u002Fp>\n\u003Cp>Do you have members or groups on your BuddyPress site who do not have an Avatar?\u003Cbr \u002F>\nAnd you do not want to show the generic default avatar?\u003Cbr \u002F>\nOr maybe you do not want each page view to include a lot of calls to gravatar.com to load avatars?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>This plugin will create a Gravatar Identicon avatar, thumb and full versions, for any user who does not already have an Avatar, and save it locally.\u003C\u002Fli>\n\u003Cli>Supports user creation, user registration, user login, and Bulk Generation for user and groups.\u003C\u002Fli>\n\u003Cli>Uses the existing BuddyPress avatar directory structure.\u003C\u002Fli>\n\u003Cli>Conforms to the defined sizes for BuddyPress thumb and full avatars.\u003C\u002Fli>\n\u003Cli>Users can still upload an avatar via their profile.\u003C\u002Fli>\n\u003Cli>Groups can still upload an avatar via Group > Manage > Photo.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Usage:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Provides an option in wp-admin under:\u003Cbr \u002F>\nSettings -> Discussion > Default Avatar > BuddyPress Identicon (Generated and Stored Locally).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Select and Save. Otherwise this plugin will not do anything.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>After saving, you will see a link to ‘Bulk Generate’ avatars for all users and groups who do not have a local avatar. If a user already has their own Gravatar, it will save it locally.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>For more BuddyPress plugins, please visit \u003Ca href=\"https:\u002F\u002Fwww.philopress.com\u002F\" rel=\"nofollow ugc\">PhiloPress\u003C\u002Fa>\u003C\u002Fp>\n","A BuddyPress plugin that creates Gravatar avatars for any user or group without one, and stores them locally.",10578,82,7,"2025-04-19T17:32:00.000Z","4.0",[72,18,73,20,21],"avatars","gravatars","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-local-avatars.3.0.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":85,"num_ratings":86,"last_updated":87,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":88,"homepage":90,"download_link":91,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"bp-group-management","BP Group Management","0.6","Boone Gorges","https:\u002F\u002Fprofiles.wordpress.org\u002Fboonebgorges\u002F","\u003Cp>NOTE: This plugin is not recommended for users of BuddyPress 1.7+. Instead, use BP’s Groups panel in the Dashboard.\u003C\u002Fp>\n\u003Cp>This plugin creates an admin panel at Dashboard > BuddyPress > Group Management. On this panel, site admins can manage BP group membership by banning, unbanning, promoting and demoting current members of any group, adding members to any group, and deleting groups.\u003C\u002Fp>\n\u003Ch3>Translation credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Italian: Luca Camellini\u003C\u002Fli>\n\u003Cli>Turkish: gk\u003C\u002Fli>\n\u003Cli>German: Tom\u003C\u002Fli>\n\u003Cli>Dutch: \u003Ca href=\"http:\u002F\u002Fwerkgroepen.net\u002Fwordpress\u002F\" rel=\"nofollow ugc\">Anja\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Romanian, \u003Ca href=\"http:\u002F\u002Fwebhostinggeeks.com\u002F\" rel=\"nofollow ugc\">Web Geek Science\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>B. Radenovich, Slovak (\u003Ca href=\"http:\u002F\u002Fwebhostingw.com\u002F\" rel=\"nofollow ugc\">Web Hosting Watch\u003C\u002Fa>)\u003C\u002Fli>\n\u003C\u002Ful>\n","Allows site administrators to manage group membership on versions of BuddyPress earlier than 1.7.",30,38297,46,3,"2013-04-30T00:24:00.000Z",[18,20,89,21],"manage","http:\u002F\u002Fteleogistic.net\u002Fcode\u002Fbuddypress\u002Fbp-group-management","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-group-management.0.6.zip",{"slug":93,"name":94,"version":6,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":11,"downloaded":99,"rating":13,"num_ratings":14,"last_updated":100,"tested_up_to":101,"requires_at_least":102,"requires_php":16,"tags":103,"homepage":105,"download_link":106,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"bp-avatar-hover","Buddypress Avatar Hover","aghajoon","https:\u002F\u002Fprofiles.wordpress.org\u002Faghajoon\u002F","\u003Cp>BuddyPress  Avatar Hover let’s you add a pop box when hovering on the group\u002Fmember avatars and gives you more information at a glance.\u003Cbr \u002F>\nif you install bp-cover plugin , bp avatar hover show cover of memeber\u002Fgroup\u003C\u002Fp>\n","BuddyPress  Avatar Hover let's you add a pop box when hovering on the group\u002Fmember avatars and gives you more information at a glance.",5312,"2016-06-07T14:09:00.000Z","4.5.33","3.8",[54,104,18,20,21],"avatar","http:\u002F\u002Fwebcaffe.ir","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-avatar-hover.zip",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":11,"downloaded":115,"rating":26,"num_ratings":26,"last_updated":116,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":117,"homepage":120,"download_link":121,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"bp-fadmin","BuddyPress Frontend Admin","0.3","D Cartwright","https:\u002F\u002Fprofiles.wordpress.org\u002Faekeron\u002F","\u003Cp>Included component allows group admins to easily promote\u002Fdemote\u002Fban members from all their groups.\u003C\u002Fp>\n\u003Cp>It can be further extended using the standard buddypress profile subnav registration functions (for example, the bp-wiki plugin hooks into this to enable movement of wiki pages between groups).\u003C\u002Fp>\n","This plugin brings site-wide-like administration options to the frontend, allowing group admins simpler management of all of their groups.",5752,"2010-12-10T12:41:00.000Z",[118,18,119,20,21],"administration","frontend","http:\u002F\u002Fnamoo.co.uk","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-fadmin.zip",{"attackSurface":123,"codeSignals":150,"taintFlows":164,"riskAssessment":165,"analyzedAt":175},{"hooks":124,"ajaxHandlers":146,"restRoutes":147,"shortcodes":148,"cronEvents":149,"entryPointCount":26,"unprotectedCount":26},[125,131,135,140,143],{"type":126,"name":127,"callback":128,"file":129,"line":130},"action","bp_init","bpew_load","bp-extend-widgets.php",17,{"type":126,"name":132,"callback":133,"priority":11,"file":129,"line":134},"in_widget_form","bpew_extend_form",24,{"type":136,"name":137,"callback":138,"priority":11,"file":129,"line":139},"filter","widget_update_callback","bpew_extend_update",27,{"type":136,"name":141,"callback":142,"priority":11,"file":129,"line":83},"widget_display_callback","bpew_extend_display",{"type":126,"name":133,"callback":144,"file":129,"line":145},"anonymous",60,[],[],[],[],{"dangerousFunctions":151,"sqlUsage":152,"outputEscaping":154,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":163},[],{"prepared":26,"raw":26,"locations":153},[],{"escaped":26,"rawEcho":86,"locations":155},[156,159,161],{"file":129,"line":157,"context":158},38,"raw output",{"file":129,"line":160,"context":158},45,{"file":129,"line":162,"context":158},54,[],[],{"summary":166,"deductions":167},"The \"bp-extend-widgets\" v1.0 plugin exhibits a seemingly strong security posture based on the provided static analysis. The absence of known CVEs and a clean vulnerability history are positive indicators. The plugin also demonstrates good practices by avoiding dangerous functions, performing all SQL queries using prepared statements, and not making external HTTP requests or file operations. This suggests a generally well-developed and secure plugin from a defensive coding perspective.\n\nHowever, the static analysis reveals significant concerns regarding output escaping. With 100% of its identified outputs not being properly escaped, this presents a substantial risk for Cross-Site Scripting (XSS) vulnerabilities. Any user-supplied data that is displayed by this plugin without proper sanitization is a potential vector for attackers to inject malicious scripts. Furthermore, the complete lack of nonce and capability checks, combined with zero identified entry points without authentication, might be a misleading indicator. It could mean the plugin has no direct user-facing entry points, or it could indicate that these checks are missing for any potential, even if currently undiscovered, entry points. This lack of explicit security checks on potential data flows is a notable weakness.\n\nIn conclusion, while the plugin avoids common pitfalls like raw SQL and dangerous functions, the unescaped output is a critical vulnerability that needs immediate attention. The absence of nonce and capability checks, even if the attack surface appears minimal, warrants further investigation and robust defensive programming. The plugin's clean history is a positive sign, but the unescaped outputs represent a clear and present danger.",[168,170,173],{"reason":169,"points":32},"Unescaped output detected",{"reason":171,"points":172},"No nonce checks detected",5,{"reason":174,"points":172},"No capability checks detected","2026-03-17T00:38:08.976Z",{"wat":177,"direct":184},{"assetPaths":178,"generatorPatterns":180,"scriptPaths":181,"versionParams":182},[179],"\u002Fwp-content\u002Fplugins\u002Fbp-extend-widgets\u002F",[],[],[183],"bp-extend-widgets\u002Fbp-extend-widgets.php?ver=",{"cssClasses":185,"htmlComments":186,"htmlAttributes":187,"restEndpoints":192,"jsGlobals":193,"shortcodeOutput":194},[],[],[188,189,190,191],"id=\"bp_component_type\"","name=\"bp_component_type\"","id=\"bp_component_ids\"","name=\"bp_component_ids\"",[],[],[]]