[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fNBI8kwT_cSfY2l2QK18f0aZFmU47L6Qy_NPajye030s":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":16,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":139,"fingerprints":311},"bp-group-reviews","BP Group Reviews","1.3.2","Boone Gorges","https:\u002F\u002Fprofiles.wordpress.org\u002Fboonebgorges\u002F","\u003Cp>BP Group Reviews adds a new tab to your BuddyPress groups, where users can leave reviews and star ratings for the group.\u003C\u002Fp>\n\u003Cp>The guts of the plugin were written by Andy Peatling for use on the \u003Ca href=\"https:\u002F\u002Fbuddypress.org\u002Fextend\u002Fplugins\" rel=\"nofollow ugc\">Extend section of buddypress.org\u003C\u002Fa>. His code was adapted and expanded into this plugin by Boone Gorges. All praise goes to Andy, all blame for things broken goes to Boone 🙂\u003C\u002Fp>\n\u003Cp>Follow the plugin’s development at \u003Ca href=\"http:\u002F\u002Fgithub.com\u002Fboonebgorges\u002Fbp-group-reviews\" rel=\"nofollow ugc\">http:\u002F\u002Fgithub.com\u002Fboonebgorges\u002Fbp-group-reviews\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Translation credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Italian: Luca Camellini\u003C\u002Fli>\n\u003Cli>Persian: \u003Ca href=\"http:\u002F\u002Falefba.us\" rel=\"nofollow ugc\">Alefba\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Dutch: GooseNL\u003C\u002Fli>\n\u003Cli>Spanish: SeluGlindoo\u003C\u002Fli>\n\u003Cli>Russian: slaFFik\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds a reviews\u002Frating section to BuddyPress groups. As seen on the buddypress.org\u002Fextend\u002Fplugins",10,12449,84,5,"2013-05-17T01:24:00.000Z","",[18,19,20,21,22],"buddypress","group","groups","rating","review","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-group-reviews.1.3.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"boonebgorges",27,11620,88,1864,71,"2026-04-04T14:44:21.338Z",[38,58,78,97,118],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":33,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":16,"download_link":57,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"bp-registration-options","Registration Options for BuddyPress","4.4.5","Brian Messenlehner","https:\u002F\u002Fprofiles.wordpress.org\u002Fmessenlehner\u002F","\u003Cp>Prevent users and bots from accessing the BuddyPress or bbPress areas of your website(s) until they are approved.\u003C\u002Fp>\n\u003Cp>This BuddyPress extension allows you to enable user moderation for new members, as well as help create a private network for your users. If moderation is enabled, any new members will be denied access to your BuddyPress and bbPress areas on your site, with the exception of their own user profile. They will be allowed to edit and configure that much. They will also not be listed in the members lists on the frontend until approved. Custom messages are available so you can tailor them to the tone of your website and community. When an admin approves or denies a user, email notifications will be sent to let them know of the decision.\u003C\u002Fp>\n\u003Cp>Requires BuddyPress version 1.7 or higher and bbPress 2.0 or higher.\u003C\u002Fp>\n\u003Ch3>General Data Protection Regulation\u003C\u002Fh3>\n\u003Cp>BuddyPress Registration Options temporarily stores user IP addresses as user meta to help validate and vet pending users. Saved IP values are deleted upon both approval and denial of pending user. No other personal data is recorded.\u003C\u002Fp>\n","Moderate new BuddyPress members and fight BuddyPress spam.",1000,175480,33,"2023-03-05T15:26:00.000Z","6.0.11","5.2","5.6",[54,18,20,55,56],"admin","moderation","registration","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-registration-options.zip",{"slug":59,"name":60,"version":61,"author":7,"author_profile":8,"description":62,"short_description":63,"active_installs":46,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":75,"download_link":76,"security_score":77,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"buddypress-group-email-subscription","BuddyPress Group Email Subscription","4.2.4","\u003Cp>This powerful plugin allows users to receive email notifications of group activity. Weekly or daily digests are available. Each user can choose how they want to subscribe to their groups.\u003C\u002Fp>\n\u003Cp>Please note that this plugin requires BuddyPress, as well as the BuddyPress Groups and Activity components.\u003C\u002Fp>\n\u003Cp>EMAIL SUBSCRIPTION LEVELS\u003Cbr \u002F>\nThere are 5 levels of email subscription options:\u003C\u002Fp>\n\u003Col>\n\u003Cli>No Email – Read this group on the web\u003C\u002Fli>\n\u003Cli>Weekly Summary Email – A summary of new topics each week\u003C\u002Fli>\n\u003Cli>Daily Digest Email – All the day’s activity bundled into a single email\u003C\u002Fli>\n\u003Cli>New Topics Email – Send new topics as they arrive (but don’t send replies)\u003C\u002Fli>\n\u003Cli>All Email – Send all group activity as it arrives\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>DEFAULT SUBSCRIPTION STATUS\u003Cbr \u002F>\nGroup admins can choose one of the 5 subscription levels as a default that gets applied when new members join.\u003C\u002Fp>\n\u003Cp>DIGEST AND SUMMARY EMAILS\u003Cbr \u002F>\nThe daily digest email is sent every morning and contains all the emails from all the groups a user is subscribed to. The digest begins with a helpful topic summary. The weekly summary email contains the topic titles from the past week by default. Summary and digest timing can be configured in the back end. (The admin can view a sample of the digests and summaries in the queue by going adding this to your url: mydomain.com\u002Fsum=1. This won’t send emails just show what will be sent)\u003C\u002Fp>\n\u003Cp>HTML EMAILS\u003Cbr \u002F>\nThe digest and summary emails are sent out in multipart HTML and plain text email format. This makes the digest much more readable with better links. The email is multipart so users who need only plain text will get plain text.\u003C\u002Fp>\n\u003Cp>EMAILS FOR TOPICS I’VE STARTED OR COMMENTED ON (only available with BuddyPress legacy discussion forums)\u003Cbr \u002F>\nUsers receive email notifications when someone replies to a topic they create or comment on (similar to Facebook). This happens whether they are subscribed or not. Users can control this behaviour in their notifications page.\u003C\u002Fp>\n\u003Cp>TOPIC FOLLOW AND MUTE (only available with BuddyPress legacy discussion forums)\u003Cbr \u002F>\nUsers who are not fully subscribed to a group (ie. maybe they are on digest) can choose to get immediate email updates for specific topic threads. Any subsequent replies to that thread will be emailed to them. In an opposite way, users who are fully subscribed to a group but want to stop getting emails from a specific (perhaps annoying) thread can choose to mute that topic.  bbPress plugin users can utilize the “Subscribe” \u002F “Notify me of follow-up replies via email” option.\u003C\u002Fp>\n\u003Cp>ADMIN NOTIFICATION\u003Cbr \u002F>\nGroup admins can send out an email to all group members from the group’s admin section. This feature is helpful to quickly communicate to the whole group, but it should be used with caution.\u003C\u002Fp>\n\u003Cp>GROUP ADMINS CAN SET SUBSCRIPTION LEVEL\u003Cbr \u002F>\nGroup admins can set the subscription level for existing users on the group’s “Admin > Manage Members” page – either one by one or all at once.\u003C\u002Fp>\n\u003Cp>SPAM PROTECTION\u003Cbr \u002F>\nTo protect against spam, you can set a minimum number of days users need to be registered before their group activity will be emailed to other users. This feature is off by default, but can be enabled in the admin.\u003C\u002Fp>\n\u003Cp>TRANSLATORS\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brazilian Portuguese – www.about.me\u002Fdennisaltermann (or www.congregacao.net)\u003C\u002Fli>\n\u003Cli>Catalan – Sara Arjona Téllez\u003C\u002Fli>\n\u003Cli>Danish – Morten Nalholm\u003C\u002Fli>\n\u003Cli>Dutch – Anja werkgroepen.net\u002Fwordpress, Tim de Hoog\u003C\u002Fli>\n\u003Cli>Farsi – Vahid Masoomi http:\u002F\u002Fwww.AzUni.ir\u003C\u002Fli>\n\u003Cli>French – http:\u002F\u002Fwww.claudegagne-photo.com, Sylvain Ghysens\u003C\u002Fli>\n\u003Cli>German – Peter Peterson, Thorsten Wollenhöfer, Jörg Lohrer\u003C\u002Fli>\n\u003Cli>Hebrew – Iggy Pritzker\u003C\u002Fli>\n\u003Cli>Italian – Stefano Russo\u003C\u002Fli>\n\u003Cli>Japanese – https:\u002F\u002Fbuddypress.org\u002Fcommunity\u002Fmembers\u002Fchestnut_jp\u002F\u003C\u002Fli>\n\u003Cli>Lithuanian – Vincent G http:\u002F\u002Fwww.Host1Free.com\u003C\u002Fli>\n\u003Cli>Russian – http:\u002F\u002Fwww.viaestvita.net\u002Fgroups\u002F\u003C\u002Fli>\n\u003Cli>Spanish – Williams Castillo, Gregor Gimmy\u003C\u002Fli>\n\u003Cli>Swedish – Thomas Schneider, Joakim Hising\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>NOTE TO PLUGIN AUTHORS\u003Cbr \u002F>\nIf your plugin posts updates to the standard BuddyPress activity stream, then group members who are subscribed via 3. Daily Digest and 5. All Email will get your updates automatically. However people subscribed as 2. Weekly Summary and 4. New Topic will not. If you feel some of your plugin’s updates are very important and want to make sure all subscribed members receive them, you can filter ‘ass_this_activity_is_important’ and return TRUE when $type matches your activity. See the ass_this_activity_is_important() function in bp-activity-subscription-functions.phpfor more info.\u003C\u002Fp>\n\u003Cp>PLUGIN SUPPORTERS:\u003Cbr \u002F>\nMajor supporters: shambhalanetwork.org & commons.gc.cuny.edu\u003Cbr \u002F>\nOther supporters: bluedotproductions.com\u003C\u002Fp>\n\u003Cp>PLUGIN DEVELOPMENT\u003Cbr \u002F>\nFor bug reports or to add patches or translation files, please visit the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fboonebgorges\u002Fbuddypress-group-email-subscription\u002F\" rel=\"nofollow ugc\">GES Github page\u003C\u002Fa>.  Contributions are definitely welcome!\u003C\u002Fp>\n","This powerful plugin allows users to receive email notifications of group activity. Weekly or daily digests are available.",230356,80,32,"2024-10-04T14:35:00.000Z","6.6.5","3.2","5.3",[72,73,74,18,20],"activities","activity","bp","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fbuddypress-group-email-subscription\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-group-email-subscription.4.2.4.zip",92,{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":77,"num_ratings":11,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":16,"tags":91,"homepage":94,"download_link":95,"security_score":96,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"shortcodes-for-buddypress","Wbcom Designs – Shortcodes & Elementor Widgets For BuddyPress","2.9.1","wbcomdesigns","https:\u002F\u002Fprofiles.wordpress.org\u002Fwbcomdesigns\u002F","\u003Cp>This plugin will add an extended feature to BuddyPress. It will use Shortcode for Listing Activity Streams, Members directory, and Groups directory on any post or page within the website.\u003C\u002Fp>\n\u003Cp>With our current update, we have added three widgets to display the activity stream, member directory, and group directory using Elementor.\u003C\u002Fp>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F554193567\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>THEME – WORDPRESS THEME WITH OUTSTANDING BUDDYPRESS SUPPORT\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fbuddyx\u002F\" rel=\"ugc\">FREE BuddyPress Theme: BuddyX\u003C\u002Fa> – Offers unique layouts with clean code and easy-to-customise options, giving you a whole new way to visualize BuddyPress.\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin generates shortcodes for Listing Activity Streams, Members, and Groups on any website post or page.",700,51623,"2025-09-22T06:44:00.000Z","6.8.5","5.0.0",[73,18,92,20,93],"buddypress-shortcodes","members","https:\u002F\u002Fgithub.com\u002Fwbcomdesigns\u002Fshortcodes-for-buddypress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshortcodes-for-buddypress.2.9.1.zip",100,{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":107,"num_ratings":108,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":70,"tags":112,"homepage":116,"download_link":117,"security_score":77,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"bp-default-data","BuddyPress Default Data","1.4.0","Slava Abakumov","https:\u002F\u002Fprofiles.wordpress.org\u002Fslaffik\u002F","\u003Cp>Plugin will create lots of users, messages, friends connections, groups, topics, activity items, profile data – useful for testing purpose.\u003C\u002Fp>\n\u003Cp>All imported users will have avatars, generated by 8biticon.com and displayed by Gravatar.\u003C\u002Fp>\n\u003Cp>Please use this plugin with caution and not on a live site! Again, USE FOR TESTING THEMES AND PLUGINGS, NOT ON A STAGING SITE WITH LIVE DATA. Plugin should not mess with your live data, but not guaranteed.\u003C\u002Fp>\n\u003Cp>Clear BuddyPress button will delete all data, that was generated by this plugin: messages, groups, notifications, friends, forum posts, xprofile. Plugin won’t reimport data if clicked twice.\u003C\u002Fp>\n\u003Cp>And turn off email notifications in profile (friendship accepted and messages received) – or you will spam yourself 🙂 Imported users have these settings already turned off.\u003C\u002Fp>\n","Plugin will create lots of users, messages, friends connections, groups, topics, activity items, profile data - useful for testing purpose.",400,72981,78,22,"2024-11-30T22:53:00.000Z","6.7.5","4.4",[18,20,113,114,115],"import","messages","users","https:\u002F\u002Fovirium.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-default-data.1.4.0.zip",{"slug":119,"name":120,"version":121,"author":101,"author_profile":102,"description":122,"short_description":123,"active_installs":105,"downloaded":124,"rating":125,"num_ratings":126,"last_updated":127,"tested_up_to":110,"requires_at_least":128,"requires_php":129,"tags":130,"homepage":134,"download_link":135,"security_score":136,"vuln_count":137,"unpatched_count":25,"last_vuln_date":138,"fetched_at":27},"buddypress-groups-extras","BuddyPress Groups Extras","3.7.0","\u003Cp>BuddyPress Groups doesn’t have much-predefined content inside. Forums and activities are created (or not) by users. But most of the time group creators (aka administrators) have much more to say or explain to other members of the community.\u003C\u002Fp>\n\u003Cp>BuddyPress Groups Extras will give the ability to them to create extra content.\u003C\u002Fp>\n\u003Ch4>General\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Choose groups you want to allow custom fields and pages.\u003C\u002Fli>\n\u003Cli>Define who will have access to managing fields or pages in groups (groups admins or site admins or both).\u003C\u002Fli>\n\u003Cli>Create a predefined Set of Fields that can be imported to all groups on a site OR can be imported on a per-group basis.\u003C\u002Fli>\n\u003Cli>Tweak various options, like enabling Rich Editor.\u003C\u002Fli>\n\u003Cli>Drag-n-drop groups nav menu items as you wish (Fields and Pages can be your new group front page!).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Custom Group Fields\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Create custom fields using various types (radios, checkboxes, dropdown select, textarea, and text).\u003C\u002Fli>\n\u003Cli>Edit fields data on Edit Group Details page in Group Admin area.\u003C\u002Fli>\n\u003Cli>Display\u002Fhide page, where all groups fields will be displayed (and rename it too).\u003C\u002Fli>\n\u003Cli>Reorder fields.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Custom Group Pages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Create group pages (for group FAQ or wiki, or events, or descriptions or whatever you want).\u003C\u002Fli>\n\u003Cli>Edit page data in the Group Admin area using WordPress RichEditor (with embedding content that WordPress supports!).\u003C\u002Fli>\n\u003Cli>Display\u002Fhide page, where all group pages will be displayed (and rename it too).\u003C\u002Fli>\n\u003Cli>Reorder pages.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Make your groups full of possibilities!\u003C\u002Fp>\n","Introduce custom fields and custom pages to your BuddyPress-powered groups.",80493,86,35,"2024-12-01T18:56:00.000Z","6.0","7.2",[18,131,132,133,20],"field-sets","group-fields","group-pages","https:\u002F\u002Fovirium.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-groups-extras.3.7.0.zip",91,1,"2024-11-08 00:00:00",{"attackSurface":140,"codeSignals":242,"taintFlows":302,"riskAssessment":303,"analyzedAt":310},{"hooks":141,"ajaxHandlers":238,"restRoutes":239,"shortcodes":240,"cronEvents":241,"entryPointCount":25,"unprotectedCount":25},[142,148,152,156,158,162,167,171,175,179,183,187,190,194,198,203,206,210,214,218,222,225,230,234],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","bp_init","maybe_update","bp-group-reviews.php",18,{"type":143,"name":149,"callback":150,"file":146,"line":151},"bp_setup_globals","setup_globals",20,{"type":143,"name":153,"callback":154,"file":146,"line":155},"groups_setup_nav","current_group_set_available",21,{"type":143,"name":153,"callback":157,"file":146,"line":108},"setup_current_group_globals",{"type":143,"name":159,"callback":160,"file":146,"line":161},"wp_print_scripts","load_js",23,{"type":143,"name":163,"callback":164,"priority":165,"file":146,"line":166},"wp_head","maybe_previous_data",999,24,{"type":143,"name":168,"callback":169,"file":146,"line":170},"wp_print_styles","load_styles",25,{"type":143,"name":172,"callback":173,"priority":137,"file":146,"line":174},"bp_actions","grab_cookie",26,{"type":176,"name":177,"callback":178,"file":146,"line":31},"filter","bp_has_activities","activities_template_data",{"type":176,"name":180,"callback":181,"file":146,"line":182},"bp_has_groups","groups_template_data",28,{"type":143,"name":184,"callback":185,"priority":11,"file":146,"line":186},"bp_activity_before_action_delete_activity","delete_activity",31,{"type":143,"name":188,"callback":185,"priority":11,"file":146,"line":189},"bp_activity_action_delete_activity",34,{"type":143,"name":191,"callback":192,"file":146,"line":193},"bp_activity_excerpt_length","activity_excerpt_length",36,{"type":143,"name":195,"callback":196,"file":146,"line":197},"bp_get_activity_content_body","strip_star_tags",37,{"type":143,"name":199,"callback":200,"file":201,"line":202},"bp_before_group_settings_admin","toggle_markup","includes\\settings.php",13,{"type":143,"name":204,"callback":200,"file":201,"line":205},"bp_before_group_settings_creation_step",14,{"type":143,"name":207,"callback":208,"file":201,"line":209},"groups_group_settings_edited","toggle_save",15,{"type":143,"name":211,"callback":212,"file":201,"line":213},"groups_create_group_step_save_group-settings","toggle_save_during_create",16,{"type":143,"name":215,"callback":216,"file":217,"line":147},"bp_group_header_meta","bpgr_render_review","includes\\templatetags.php",{"type":143,"name":219,"callback":220,"file":217,"line":221},"bp_directory_groups_actions","bpgr_directory_rating",263,{"type":176,"name":195,"callback":223,"priority":11,"file":217,"line":224},"bpgr_current_group_filter_review_content",324,{"type":143,"name":226,"callback":227,"file":228,"line":229},"widgets_init","anonymous","includes\\widgets.php",79,{"type":143,"name":231,"callback":232,"file":233,"line":170},"bp_include","bpgr_loader","loader.php",{"type":143,"name":235,"callback":236,"file":233,"line":237},"plugins_loaded","bpgr_textdomain",43,[],[],[],[],{"dangerousFunctions":243,"sqlUsage":247,"outputEscaping":250,"fileOperations":25,"externalRequests":25,"nonceChecks":137,"capabilityChecks":25,"bundledLibraries":301},[244],{"fn":245,"file":228,"line":229,"context":246},"create_function","add_action('widgets_init', create_function('', 'return register_widget(\"RatingWidget\");'));",{"prepared":248,"raw":25,"locations":249},6,[],{"escaped":14,"rawEcho":182,"locations":251},[252,254,256,258,260,262,264,266,268,270,272,274,276,278,280,282,283,284,285,287,288,289,290,292,293,294,296,299],{"file":217,"line":209,"context":253},"raw output",{"file":217,"line":255,"context":253},144,{"file":217,"line":257,"context":253},154,{"file":217,"line":259,"context":253},163,{"file":217,"line":261,"context":253},181,{"file":217,"line":263,"context":253},191,{"file":217,"line":265,"context":253},240,{"file":217,"line":267,"context":253},261,{"file":217,"line":269,"context":253},330,{"file":217,"line":271,"context":253},333,{"file":228,"line":273,"context":253},48,{"file":228,"line":275,"context":253},49,{"file":228,"line":277,"context":253},58,{"file":228,"line":279,"context":253},64,{"file":228,"line":281,"context":253},72,{"file":228,"line":281,"context":253},{"file":228,"line":281,"context":253},{"file":228,"line":281,"context":253},{"file":228,"line":286,"context":253},74,{"file":228,"line":286,"context":253},{"file":228,"line":286,"context":253},{"file":228,"line":286,"context":253},{"file":291,"line":209,"context":253},"templates\\entry.php",{"file":291,"line":209,"context":253},{"file":291,"line":151,"context":253},{"file":295,"line":151,"context":253},"templates\\index.php",{"file":297,"line":298,"context":253},"templates\\post.php",3,{"file":297,"line":300,"context":253},8,[],[],{"summary":304,"deductions":305},"The \"bp-group-reviews\" plugin v1.3.2 exhibits a mixed security posture.  On the positive side, the plugin has no recorded vulnerabilities (CVEs), no external HTTP requests, no file operations, and all SQL queries are properly prepared. The static analysis also shows a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are exposed. Taint analysis found no critical or high severity issues, indicating no immediately obvious pathways for data injection or compromise based on that analysis. This suggests a generally cautious approach to some core security areas.\n\nHowever, several concerns are present. The use of the `create_function` PHP function is a significant red flag. While its direct impact isn't quantifiable without specific taint flow analysis, `create_function` is considered a deprecated and dangerous function due to its ability to execute arbitrary code and its inherent security risks, often leading to vulnerabilities if not handled with extreme care. Furthermore, only 15% of output is properly escaped. This indicates a high potential for Cross-Site Scripting (XSS) vulnerabilities across the plugin's output, which could be exploited to inject malicious scripts into users' browsers.\n\nThe lack of recorded vulnerabilities in its history is a positive indicator, suggesting the developers have either been diligent or the plugin hasn't been a target. However, this can also be a reflection of limited testing or auditing. The combination of a dangerous function and widespread unescaped output presents a substantial risk despite the absence of publicly known CVEs. The plugin has strengths in its limited attack surface and secure SQL practices, but the identified code quality issues present tangible risks.",[306,308],{"reason":307,"points":209},"Use of dangerous function create_function",{"reason":309,"points":300},"Low percentage of properly escaped output","2026-03-17T01:25:09.501Z",{"wat":312,"direct":319},{"assetPaths":313,"generatorPatterns":316,"scriptPaths":317,"versionParams":318},[314,315],"\u002Fwp-content\u002Fplugins\u002Fbp-group-reviews\u002Fcss\u002Fgroup-reviews.css","\u002Fwp-content\u002Fplugins\u002Fbp-group-reviews\u002Fjs\u002Fgroup-reviews.js",[],[315],[],{"cssClasses":320,"htmlComments":322,"htmlAttributes":323,"restEndpoints":324,"jsGlobals":325,"shortcodeOutput":327},[321],"bpgr-rating",[],[],[],[326],"bpgr",[]]