[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fabBXvOChvfm1Ts6AZqHMVLvp3WPtjFSFkLiPdDTfDRw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":11,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":120,"fingerprints":213},"bp-local-avatars","BP Local Avatars","3.0","shanebp","https:\u002F\u002Fprofiles.wordpress.org\u002Fshanebp\u002F","\u003Cp>BP Local Avatars is a BuddyPress plugin.\u003C\u002Fp>\n\u003Cp>Do you have members or groups on your BuddyPress site who do not have an Avatar?\u003Cbr \u002F>\nAnd you do not want to show the generic default avatar?\u003Cbr \u002F>\nOr maybe you do not want each page view to include a lot of calls to gravatar.com to load avatars?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>This plugin will create a Gravatar Identicon avatar, thumb and full versions, for any user who does not already have an Avatar, and save it locally.\u003C\u002Fli>\n\u003Cli>Supports user creation, user registration, user login, and Bulk Generation for user and groups.\u003C\u002Fli>\n\u003Cli>Uses the existing BuddyPress avatar directory structure.\u003C\u002Fli>\n\u003Cli>Conforms to the defined sizes for BuddyPress thumb and full avatars.\u003C\u002Fli>\n\u003Cli>Users can still upload an avatar via their profile.\u003C\u002Fli>\n\u003Cli>Groups can still upload an avatar via Group > Manage > Photo.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Usage:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Provides an option in wp-admin under:\u003Cbr \u002F>\nSettings -> Discussion > Default Avatar > BuddyPress Identicon (Generated and Stored Locally).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Select and Save. Otherwise this plugin will not do anything.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>After saving, you will see a link to ‘Bulk Generate’ avatars for all users and groups who do not have a local avatar. If a user already has their own Gravatar, it will save it locally.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>For more BuddyPress plugins, please visit \u003Ca href=\"https:\u002F\u002Fwww.philopress.com\u002F\" rel=\"nofollow ugc\">PhiloPress\u003C\u002Fa>\u003C\u002Fp>\n","A BuddyPress plugin that creates Gravatar avatars for any user or group without one, and stores them locally.",100,10578,82,7,"2025-04-19T17:32:00.000Z","6.8.5","4.0","",[20,21,22,23,24],"avatars","buddypress","gravatars","groups","members","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-local-avatars.3.0.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":11,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},9,2250,42,88,"2026-04-04T05:56:16.228Z",[37,56,74,91,105],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":16,"requires_at_least":50,"requires_php":18,"tags":51,"homepage":54,"download_link":55,"security_score":11,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"shortcodes-for-buddypress","Wbcom Designs – Shortcodes & Elementor Widgets For BuddyPress","2.9.1","wbcomdesigns","https:\u002F\u002Fprofiles.wordpress.org\u002Fwbcomdesigns\u002F","\u003Cp>This plugin will add an extended feature to BuddyPress. It will use Shortcode for Listing Activity Streams, Members directory, and Groups directory on any post or page within the website.\u003C\u002Fp>\n\u003Cp>With our current update, we have added three widgets to display the activity stream, member directory, and group directory using Elementor.\u003C\u002Fp>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F554193567\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>THEME – WORDPRESS THEME WITH OUTSTANDING BUDDYPRESS SUPPORT\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fbuddyx\u002F\" rel=\"ugc\">FREE BuddyPress Theme: BuddyX\u003C\u002Fa> – Offers unique layouts with clean code and easy-to-customise options, giving you a whole new way to visualize BuddyPress.\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin generates shortcodes for Listing Activity Streams, Members, and Groups on any website post or page.",700,51623,92,10,"2025-09-22T06:44:00.000Z","5.0.0",[52,21,53,23,24],"activity","buddypress-shortcodes","https:\u002F\u002Fgithub.com\u002Fwbcomdesigns\u002Fshortcodes-for-buddypress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshortcodes-for-buddypress.2.9.1.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":18,"requires_at_least":18,"requires_php":18,"tags":69,"homepage":71,"download_link":72,"security_score":73,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"bp-group-management","BP Group Management","0.6","Boone Gorges","https:\u002F\u002Fprofiles.wordpress.org\u002Fboonebgorges\u002F","\u003Cp>NOTE: This plugin is not recommended for users of BuddyPress 1.7+. Instead, use BP’s Groups panel in the Dashboard.\u003C\u002Fp>\n\u003Cp>This plugin creates an admin panel at Dashboard > BuddyPress > Group Management. On this panel, site admins can manage BP group membership by banning, unbanning, promoting and demoting current members of any group, adding members to any group, and deleting groups.\u003C\u002Fp>\n\u003Ch3>Translation credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Italian: Luca Camellini\u003C\u002Fli>\n\u003Cli>Turkish: gk\u003C\u002Fli>\n\u003Cli>German: Tom\u003C\u002Fli>\n\u003Cli>Dutch: \u003Ca href=\"http:\u002F\u002Fwerkgroepen.net\u002Fwordpress\u002F\" rel=\"nofollow ugc\">Anja\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Romanian, \u003Ca href=\"http:\u002F\u002Fwebhostinggeeks.com\u002F\" rel=\"nofollow ugc\">Web Geek Science\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>B. Radenovich, Slovak (\u003Ca href=\"http:\u002F\u002Fwebhostingw.com\u002F\" rel=\"nofollow ugc\">Web Hosting Watch\u003C\u002Fa>)\u003C\u002Fli>\n\u003C\u002Ful>\n","Allows site administrators to manage group membership on versions of BuddyPress earlier than 1.7.",30,38297,46,3,"2013-04-30T00:24:00.000Z",[21,23,70,24],"manage","http:\u002F\u002Fteleogistic.net\u002Fcode\u002Fbuddypress\u002Fbp-group-management","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-group-management.0.6.zip",85,{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":48,"downloaded":82,"rating":11,"num_ratings":83,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":18,"tags":87,"homepage":89,"download_link":90,"security_score":73,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"bp-avatar-hover","Buddypress Avatar Hover","1.0","aghajoon","https:\u002F\u002Fprofiles.wordpress.org\u002Faghajoon\u002F","\u003Cp>BuddyPress  Avatar Hover let’s you add a pop box when hovering on the group\u002Fmember avatars and gives you more information at a glance.\u003Cbr \u002F>\nif you install bp-cover plugin , bp avatar hover show cover of memeber\u002Fgroup\u003C\u002Fp>\n","BuddyPress  Avatar Hover let's you add a pop box when hovering on the group\u002Fmember avatars and gives you more information at a glance.",5312,1,"2016-06-07T14:09:00.000Z","4.5.33","3.8",[52,88,21,23,24],"avatar","http:\u002F\u002Fwebcaffe.ir","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-avatar-hover.zip",{"slug":92,"name":93,"version":77,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":48,"downloaded":98,"rating":11,"num_ratings":83,"last_updated":99,"tested_up_to":18,"requires_at_least":18,"requires_php":18,"tags":100,"homepage":103,"download_link":104,"security_score":73,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"bp-extend-widgets","BuddyPress Extend Widgets","Slava Abakumov","https:\u002F\u002Fprofiles.wordpress.org\u002Fslaffik\u002F","\u003Cp>After activating all current and possible future widgets will get extra BuddyPress specific options.\u003Cbr \u002F>\nYou will be able to select on which users profiles or groups pages you want to display this widget and on which – don’t.\u003C\u002Fp>\n\u003Cp>So you will get more flexibility in arranging your sidebars (or widget-zones).\u003C\u002Fp>\n","Provide all widgets with BuddyPress specific fields (conditional display logic)",6281,"2015-01-04T17:52:00.000Z",[21,101,23,24,102],"conditional","widgets","http:\u002F\u002Fovirium.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-extend-widgets.1.0.zip",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":48,"downloaded":113,"rating":26,"num_ratings":26,"last_updated":114,"tested_up_to":18,"requires_at_least":18,"requires_php":18,"tags":115,"homepage":118,"download_link":119,"security_score":73,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"bp-fadmin","BuddyPress Frontend Admin","0.3","D Cartwright","https:\u002F\u002Fprofiles.wordpress.org\u002Faekeron\u002F","\u003Cp>Included component allows group admins to easily promote\u002Fdemote\u002Fban members from all their groups.\u003C\u002Fp>\n\u003Cp>It can be further extended using the standard buddypress profile subnav registration functions (for example, the bp-wiki plugin hooks into this to enable movement of wiki pages between groups).\u003C\u002Fp>\n","This plugin brings site-wide-like administration options to the frontend, allowing group admins simpler management of all of their groups.",5752,"2010-12-10T12:41:00.000Z",[116,21,117,23,24],"administration","frontend","http:\u002F\u002Fnamoo.co.uk","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-fadmin.zip",{"attackSurface":121,"codeSignals":181,"taintFlows":199,"riskAssessment":200,"analyzedAt":212},{"hooks":122,"ajaxHandlers":177,"restRoutes":178,"shortcodes":179,"cronEvents":180,"entryPointCount":26,"unprotectedCount":26},[123,129,133,138,143,148,152,157,162,166,170,174],{"type":124,"name":125,"callback":126,"priority":48,"file":127,"line":128},"action","wp_login","login","class-pp-local-avatars.php",23,{"type":124,"name":130,"callback":131,"file":127,"line":132},"user_register","register",25,{"type":134,"name":135,"callback":136,"file":127,"line":137},"filter","bp_core_fetch_avatar_no_grav","no_grav",27,{"type":124,"name":139,"callback":140,"file":141,"line":142},"admin_notices","pp_local_avatars_install_buddypress_notice","loader.php",16,{"type":124,"name":144,"callback":145,"priority":146,"file":141,"line":147},"plugins_loaded","pp_local_avatars_bp_check",999,19,{"type":124,"name":149,"callback":150,"file":141,"line":151},"bp_include","pp_local_avatars_init",32,{"type":134,"name":153,"callback":154,"priority":155,"file":156,"line":137},"pre_get_avatar","pp_pre_get_avatar",15,"pp-local-avatars.php",{"type":134,"name":158,"callback":159,"priority":160,"file":156,"line":161},"avatar_defaults","pp_lc_add_avatar_default_option",11,38,{"type":134,"name":163,"callback":164,"priority":160,"file":156,"line":165},"default_avatar_select","pp_lc_add_avatar_default_option_img",40,{"type":124,"name":167,"callback":168,"file":156,"line":169},"admin_init","pp_lc_add_settings",50,{"type":124,"name":171,"callback":172,"priority":11,"file":156,"line":173},"bp_core_set_avatar_globals","pp_lc_load_class",159,{"type":124,"name":139,"callback":175,"file":156,"line":176},"pp_lc_avatars_admin_notice",168,[],[],[],[],{"dangerousFunctions":182,"sqlUsage":183,"outputEscaping":192,"fileOperations":197,"externalRequests":26,"nonceChecks":83,"capabilityChecks":26,"bundledLibraries":198},[],{"prepared":26,"raw":184,"locations":185},2,[186,189],{"file":127,"line":187,"context":188},49,"$wpdb->get_var() with variable interpolation",{"file":156,"line":190,"context":191},145,"$wpdb->get_col() with variable interpolation",{"escaped":26,"rawEcho":83,"locations":193},[194],{"file":156,"line":195,"context":196},101,"raw output",4,[],[],{"summary":201,"deductions":202},"The \"bp-local-avatars\" v3.0 plugin exhibits a strong security posture with an apparent absence of known vulnerabilities and a zero attack surface based on the provided static analysis. This indicates diligent security practices, including proper authentication and authorization checks for all entry points, and no readily exploitable code signals like dangerous functions or vulnerable SQL queries without preparation. The lack of any recorded CVEs, especially critical or high-severity ones, further reinforces this positive assessment, suggesting a history of well-maintained and secure code.\n\nHowever, the static analysis does reveal areas for improvement. The plugin performs file operations without explicit mention of sanitization or validation, which could present a risk if user-supplied data is involved in these operations. Similarly, while there is one nonce check, the complete absence of capability checks for any entry points is a significant concern, potentially leaving functionalities exposed to unauthorized users if they were to be exposed through other means. The lack of output escaping on the single output identified is another weakness, as it opens the door for cross-site scripting (XSS) vulnerabilities.\n\nIn conclusion, the plugin's current state appears secure, with no critical or high-severity risks identified from historical data or taint analysis. The primary concerns stem from potential file operation vulnerabilities and the lack of robust authorization and output sanitization, as highlighted by the static analysis. Addressing these specific areas will further harden the plugin's security.",[203,205,207,210],{"reason":204,"points":48},"Missing capability checks",{"reason":206,"points":48},"SQL queries not using prepared statements",{"reason":208,"points":209},"Output not properly escaped",5,{"reason":211,"points":209},"File operations without clear sanitization","2026-03-16T20:51:25.029Z",{"wat":214,"direct":219},{"assetPaths":215,"generatorPatterns":216,"scriptPaths":217,"versionParams":218},[],[],[],[],{"cssClasses":220,"htmlComments":223,"htmlAttributes":224,"restEndpoints":226,"jsGlobals":227,"shortcodeOutput":229},[221,222],"pp-local-avatars-upload-form","pp-local-avatars-delete-button",[],[225],"data-pp-local-avatars-upload-nonce",[],[228],"pp_local_avatars_params",[]]