[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKlEJ1x5xmgLFvHLUbnWGKnI7-pirXDKX9fZZKCKrKCo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":15,"requires_php":15,"tags":16,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":121,"fingerprints":224},"bp-fadmin","BuddyPress Frontend Admin","0.3","D Cartwright","https:\u002F\u002Fprofiles.wordpress.org\u002Faekeron\u002F","\u003Cp>Included component allows group admins to easily promote\u002Fdemote\u002Fban members from all their groups.\u003C\u002Fp>\n\u003Cp>It can be further extended using the standard buddypress profile subnav registration functions (for example, the bp-wiki plugin hooks into this to enable movement of wiki pages between groups).\u003C\u002Fp>\n","This plugin brings site-wide-like administration options to the frontend, allowing group admins simpler management of all of their groups.",10,5752,0,"2010-12-10T12:41:00.000Z","",[17,18,19,20,21],"administration","buddypress","frontend","groups","members","http:\u002F\u002Fnamoo.co.uk","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-fadmin.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"aekeron",5,50,88,30,86,"2026-04-04T01:06:24.044Z",[37,57,74,90,107],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":11,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":15,"tags":51,"homepage":54,"download_link":55,"security_score":56,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"shortcodes-for-buddypress","Wbcom Designs – Shortcodes & Elementor Widgets For BuddyPress","2.9.1","wbcomdesigns","https:\u002F\u002Fprofiles.wordpress.org\u002Fwbcomdesigns\u002F","\u003Cp>This plugin will add an extended feature to BuddyPress. It will use Shortcode for Listing Activity Streams, Members directory, and Groups directory on any post or page within the website.\u003C\u002Fp>\n\u003Cp>With our current update, we have added three widgets to display the activity stream, member directory, and group directory using Elementor.\u003C\u002Fp>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F554193567\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>THEME – WORDPRESS THEME WITH OUTSTANDING BUDDYPRESS SUPPORT\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fbuddyx\u002F\" rel=\"ugc\">FREE BuddyPress Theme: BuddyX\u003C\u002Fa> – Offers unique layouts with clean code and easy-to-customise options, giving you a whole new way to visualize BuddyPress.\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin generates shortcodes for Listing Activity Streams, Members, and Groups on any website post or page.",700,51623,92,"2025-09-22T06:44:00.000Z","6.8.5","5.0.0",[52,18,53,20,21],"activity","buddypress-shortcodes","https:\u002F\u002Fgithub.com\u002Fwbcomdesigns\u002Fshortcodes-for-buddypress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshortcodes-for-buddypress.2.9.1.zip",100,{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":56,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":49,"requires_at_least":69,"requires_php":15,"tags":70,"homepage":15,"download_link":73,"security_score":56,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"bp-local-avatars","BP Local Avatars","3.0","shanebp","https:\u002F\u002Fprofiles.wordpress.org\u002Fshanebp\u002F","\u003Cp>BP Local Avatars is a BuddyPress plugin.\u003C\u002Fp>\n\u003Cp>Do you have members or groups on your BuddyPress site who do not have an Avatar?\u003Cbr \u002F>\nAnd you do not want to show the generic default avatar?\u003Cbr \u002F>\nOr maybe you do not want each page view to include a lot of calls to gravatar.com to load avatars?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>This plugin will create a Gravatar Identicon avatar, thumb and full versions, for any user who does not already have an Avatar, and save it locally.\u003C\u002Fli>\n\u003Cli>Supports user creation, user registration, user login, and Bulk Generation for user and groups.\u003C\u002Fli>\n\u003Cli>Uses the existing BuddyPress avatar directory structure.\u003C\u002Fli>\n\u003Cli>Conforms to the defined sizes for BuddyPress thumb and full avatars.\u003C\u002Fli>\n\u003Cli>Users can still upload an avatar via their profile.\u003C\u002Fli>\n\u003Cli>Groups can still upload an avatar via Group > Manage > Photo.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Usage:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Provides an option in wp-admin under:\u003Cbr \u002F>\nSettings -> Discussion > Default Avatar > BuddyPress Identicon (Generated and Stored Locally).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Select and Save. Otherwise this plugin will not do anything.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>After saving, you will see a link to ‘Bulk Generate’ avatars for all users and groups who do not have a local avatar. If a user already has their own Gravatar, it will save it locally.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>For more BuddyPress plugins, please visit \u003Ca href=\"https:\u002F\u002Fwww.philopress.com\u002F\" rel=\"nofollow ugc\">PhiloPress\u003C\u002Fa>\u003C\u002Fp>\n","A BuddyPress plugin that creates Gravatar avatars for any user or group without one, and stores them locally.",10578,82,7,"2025-04-19T17:32:00.000Z","4.0",[71,18,72,20,21],"avatars","gravatars","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-local-avatars.3.0.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":33,"downloaded":82,"rating":83,"num_ratings":84,"last_updated":85,"tested_up_to":15,"requires_at_least":15,"requires_php":15,"tags":86,"homepage":88,"download_link":89,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"bp-group-management","BP Group Management","0.6","Boone Gorges","https:\u002F\u002Fprofiles.wordpress.org\u002Fboonebgorges\u002F","\u003Cp>NOTE: This plugin is not recommended for users of BuddyPress 1.7+. Instead, use BP’s Groups panel in the Dashboard.\u003C\u002Fp>\n\u003Cp>This plugin creates an admin panel at Dashboard > BuddyPress > Group Management. On this panel, site admins can manage BP group membership by banning, unbanning, promoting and demoting current members of any group, adding members to any group, and deleting groups.\u003C\u002Fp>\n\u003Ch3>Translation credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Italian: Luca Camellini\u003C\u002Fli>\n\u003Cli>Turkish: gk\u003C\u002Fli>\n\u003Cli>German: Tom\u003C\u002Fli>\n\u003Cli>Dutch: \u003Ca href=\"http:\u002F\u002Fwerkgroepen.net\u002Fwordpress\u002F\" rel=\"nofollow ugc\">Anja\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Romanian, \u003Ca href=\"http:\u002F\u002Fwebhostinggeeks.com\u002F\" rel=\"nofollow ugc\">Web Geek Science\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>B. Radenovich, Slovak (\u003Ca href=\"http:\u002F\u002Fwebhostingw.com\u002F\" rel=\"nofollow ugc\">Web Hosting Watch\u003C\u002Fa>)\u003C\u002Fli>\n\u003C\u002Ful>\n","Allows site administrators to manage group membership on versions of BuddyPress earlier than 1.7.",38297,46,3,"2013-04-30T00:24:00.000Z",[18,20,87,21],"manage","http:\u002F\u002Fteleogistic.net\u002Fcode\u002Fbuddypress\u002Fbp-group-management","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-group-management.0.6.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":11,"downloaded":98,"rating":56,"num_ratings":99,"last_updated":100,"tested_up_to":101,"requires_at_least":102,"requires_php":15,"tags":103,"homepage":105,"download_link":106,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"bp-avatar-hover","Buddypress Avatar Hover","1.0","aghajoon","https:\u002F\u002Fprofiles.wordpress.org\u002Faghajoon\u002F","\u003Cp>BuddyPress  Avatar Hover let’s you add a pop box when hovering on the group\u002Fmember avatars and gives you more information at a glance.\u003Cbr \u002F>\nif you install bp-cover plugin , bp avatar hover show cover of memeber\u002Fgroup\u003C\u002Fp>\n","BuddyPress  Avatar Hover let's you add a pop box when hovering on the group\u002Fmember avatars and gives you more information at a glance.",5312,1,"2016-06-07T14:09:00.000Z","4.5.33","3.8",[52,104,18,20,21],"avatar","http:\u002F\u002Fwebcaffe.ir","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-avatar-hover.zip",{"slug":108,"name":109,"version":93,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":11,"downloaded":114,"rating":56,"num_ratings":99,"last_updated":115,"tested_up_to":15,"requires_at_least":15,"requires_php":15,"tags":116,"homepage":119,"download_link":120,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"bp-extend-widgets","BuddyPress Extend Widgets","Slava Abakumov","https:\u002F\u002Fprofiles.wordpress.org\u002Fslaffik\u002F","\u003Cp>After activating all current and possible future widgets will get extra BuddyPress specific options.\u003Cbr \u002F>\nYou will be able to select on which users profiles or groups pages you want to display this widget and on which – don’t.\u003C\u002Fp>\n\u003Cp>So you will get more flexibility in arranging your sidebars (or widget-zones).\u003C\u002Fp>\n","Provide all widgets with BuddyPress specific fields (conditional display logic)",6281,"2015-01-04T17:52:00.000Z",[18,117,20,21,118],"conditional","widgets","http:\u002F\u002Fovirium.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-extend-widgets.1.0.zip",{"attackSurface":122,"codeSignals":180,"taintFlows":212,"riskAssessment":213,"analyzedAt":223},{"hooks":123,"ajaxHandlers":176,"restRoutes":177,"shortcodes":178,"cronEvents":179,"entryPointCount":13,"unprotectedCount":13},[124,131,134,137,139,143,147,149,153,157,162,166,167,169,172],{"type":125,"name":126,"callback":127,"priority":128,"file":129,"line":130},"action","wp","bp_fadmin_setup_globals",2,"includes\\bp-fadmin-core.php",28,{"type":125,"name":132,"callback":127,"priority":128,"file":129,"line":133},"admin_menu",29,{"type":125,"name":126,"callback":135,"priority":128,"file":129,"line":136},"bp_fadmin_setup_nav",48,{"type":125,"name":132,"callback":135,"priority":128,"file":129,"line":138},49,{"type":125,"name":140,"callback":141,"priority":99,"file":129,"line":142},"template_redirect","bp_fadmin_add_js",62,{"type":125,"name":126,"callback":144,"priority":128,"file":145,"line":146},"bp_fadmin_setup_nav_groups","includes\\bp-fadmin-group-members.php",20,{"type":125,"name":132,"callback":144,"priority":128,"file":145,"line":148},21,{"type":125,"name":150,"callback":151,"file":145,"line":152},"bp_template_title","bp_fadmin_screen_groups_title",35,{"type":125,"name":154,"callback":155,"file":145,"line":156},"bp_template_content","bp_fadmin_screen_groups_content",36,{"type":158,"name":159,"callback":160,"file":145,"line":161},"filter","bp_fadmin_register_extension","bp_fadmin_register_groups",408,{"type":125,"name":126,"callback":163,"priority":128,"file":164,"line":165},"bp_fadmin_setup_nav_main_menu","includes\\bp-fadmin-main-menu.php",19,{"type":125,"name":132,"callback":163,"priority":128,"file":164,"line":146},{"type":125,"name":150,"callback":168,"file":164,"line":33},"bp_fadmin_screen_main_menu_title",{"type":125,"name":154,"callback":170,"file":164,"line":171},"bp_fadmin_screen_main_menu_content",31,{"type":125,"name":173,"callback":174,"file":175,"line":148},"bp_init","bp_fadmin_init","loader.php",[],[],[],[],{"dangerousFunctions":181,"sqlUsage":182,"outputEscaping":184,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":211},[],{"prepared":13,"raw":13,"locations":183},[],{"escaped":13,"rawEcho":185,"locations":186},12,[187,190,192,194,196,198,200,202,204,206,208,209],{"file":145,"line":188,"context":189},68,"raw output",{"file":145,"line":191,"context":189},77,{"file":145,"line":193,"context":189},184,{"file":145,"line":195,"context":189},185,{"file":145,"line":197,"context":189},188,{"file":145,"line":199,"context":189},189,{"file":145,"line":201,"context":189},192,{"file":145,"line":203,"context":189},193,{"file":145,"line":205,"context":189},196,{"file":145,"line":207,"context":189},197,{"file":164,"line":142,"context":189},{"file":164,"line":210,"context":189},63,[],[],{"summary":214,"deductions":215},"The 'bp-fadmin' plugin version 0.3 exhibits a generally positive security posture based on the provided static analysis. The absence of any recorded CVEs, coupled with the lack of dangerous functions, raw SQL queries, file operations, or external HTTP requests, suggests careful development practices.  The plugin also has a minimal attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events that could be exploited.  However, a significant concern is the complete lack of output escaping, meaning all 12 identified output points are potentially vulnerable to cross-site scripting (XSS) attacks. This is a critical oversight that could allow attackers to inject malicious scripts into the WordPress admin interface. Furthermore, the absence of nonce and capability checks on any entry points, although currently limited, leaves the door open for potential future vulnerabilities if new entry points are introduced without proper security measures.\n\nWhile the plugin's vulnerability history is clean, this is overshadowed by the critical issue of unescaped output. The lack of any taint analysis data is also a neutral point; it doesn't indicate security, but rather a potential lack of thorough dynamic analysis. The plugin has strengths in its limited attack surface and lack of dangerous code constructs. However, the severe lack of output escaping represents a substantial risk that needs immediate attention. The absence of basic security checks like nonces and capability checks, while not directly exploitable given the current entry points, highlights a potential weakness in the plugin's security framework.",[216,219,221],{"reason":217,"points":218},"Output not properly escaped",8,{"reason":220,"points":30},"Missing nonce checks",{"reason":222,"points":30},"Missing capability checks","2026-03-17T01:30:19.117Z",{"wat":225,"direct":232},{"assetPaths":226,"generatorPatterns":228,"scriptPaths":229,"versionParams":231},[227],"\u002Fwp-content\u002Fplugins\u002Fbp-fadmin\u002Fbp-fadmin\u002Flanguages\u002F",[],[230],"\u002Fwp-content\u002Fplugins\u002Fbp-fadmin\u002Fbp-fadmin\u002Fjs\u002Fgeneral.js",[],{"cssClasses":233,"htmlComments":234,"htmlAttributes":235,"restEndpoints":236,"jsGlobals":237,"shortcodeOutput":239},[],[],[],[],[238],"bp.fadmin.slug",[]]