[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$foApMg5UEDqgjDL9NBxbnUy9AFdBwR7zYvVOvTvta-bs":3,"$fkAhY5RNy67n400EeQ7T6oKcHZfeWxldj68wtQUr9FlE":340,"$f1E_0ZfuMKeY5-k_MapeG9EJJ9hnB7BpGCUGvCCPccs4":344},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":16,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":37,"analysis":123,"fingerprints":320},"buddypress-activity-privacy","BuddyPress Activity Privacy","1.3.8","meg@info","https:\u002F\u002Fprofiles.wordpress.org\u002Fmegainfo\u002F","\u003Cp>BuddyPress Activity Privacy plugin add a privacy level to activity stream component.\u003C\u002Fp>\n\u003Cp>The plugin add the ability for members to choose who can read his activity (Anyone, Logged In Users, My Friends, Admins Only, Only me, My Friends in Group , Group Members …etc).\u003C\u002Fp>\n\u003Ch4>What’s news In Buddypress Activity Privacy 1.3.x ?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Admin have abitility to enable\u002Fdisable FontAwsome icons.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Admin have abitility to enable\u002Fdisable viewing and editing the privacy of all activities.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Admin have abitility to enable\u002Fdisable editing the privacy of posts for all members.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Admin have abitility show\u002Fhide the privacy label in selexbox.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Admin have abitility show\u002Fhide the privacy in activity meta.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Integration with Buddypress Media plugin\u003C\u002Fstrong> (https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbuddypress-media\u002F).\u003C\u002Fp>\n\u003Cp>Make sure to :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set the privacy settings to \u003Cstrong>OFF\u003C\u002Fstrong> in rtMedia settings.\u003C\u002Fli>\n\u003Cli>A new select-box (Privacy) is added to Edit Media form under Description Textarea.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The plugin work now on multi site Netowork.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>A New privacy level (@mentioned only). When a member choose this privacy level, only mentioned members (and admin of course) can see the activity.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Remark: Members mentioned in activity can see it’s content whatever the privacy level.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>New Drop down system with a nice icons (font awsome).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Admin Option Area, Admin can update Enable\u002FDisable privacy level, Sort the privacy levels and change the default privacy level.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>What’s news In Buddypress Activity Privacy 1.x ?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Members can now change the privacy of the activity already posted.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Admins can update the privacy of all activities.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Integration with BuddyPress Follow Plugin (https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fbuddypress-followers\u002F ).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Integration With Buddypress Activity Plus Plugin (https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fbuddypress-activity-plus\u002F ).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>-The plugin is now extensible for new privacy levels !! ( Check the integration of BuddyPress Follow in bp-activity-privacy-integrations.php ).\u003C\u002Fp>\n","BuddyPress Activity Privacy plugin add a privacy level to activity stream component.",100,59919,74,23,"2015-11-27T00:08:00.000Z","",[18,19,20,21,22],"activity","buddypress","privacy","stream","visibility","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.3.8.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":24,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"megainfo",4,160,30,84,"2026-05-20T00:42:38.356Z",[38,63,83,97,113],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":11,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":16,"tags":52,"homepage":57,"download_link":58,"security_score":59,"vuln_count":60,"unpatched_count":61,"last_vuln_date":62,"fetched_at":27},"bp-activity-plus-reloaded","Activity Plus Reloaded for BuddyPress","1.1.2","BuddyDev","https:\u002F\u002Fprofiles.wordpress.org\u002Fbuddydev\u002F","\u003Cp>Activity Plus Reloaded for BuddyPress gives your social network all the features and ease of Facebook when it comes to uploading and sharing media!\u003C\u002Fp>\n\u003Cp>It is a fork of now unmaintained \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fbuddypress-activity-plus\u002F\" rel=\"ugc\">BuddyPress Activity Plus\u003C\u002Fa>\u003Cbr \u002F>\nThe plugin adds 3 new buttons to your BuddyPress activity stream.  Enabling you to attach photos, videos, and even share web links with everyone on your network!\u003C\u002Fp>\n\u003Cp>Here’s the quick overview of this plugin’s features:\u003Cbr \u002F>\n * Upload a photo (or multiple) directly from your computer to the activity stream\u003Cbr \u002F>\n * Embed a video from popular sites such as youtube and vimeo by copying the link\u003Cbr \u002F>\n * Embed a link to any site – the site title and description will automatically be pulled in\u003Cbr \u002F>\n * Embedding a link also allows you to choose a thumbnail image from a list of images on the site’s homepage\u003Cbr \u002F>\n * Works perfectly with any theme based on the BuddyPress Default theme\u003C\u002Fp>\n\u003Cp>Blog Post :\u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002Fintroducing-buddypress-activity-plus-reloaded\u002F\" rel=\"nofollow ugc\">Introducing BuddyPress Activity Plus Reloaded\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Credit\u003C\u002Fh4>\n\u003Cp>Activity Plus Reloaded for BuddyPress is a fork of \u003Cem>BuddyPress Activity Plus\u003C\u002Fem>(now abandoned) by @wpmudev. We have refactored it to wok with current BuddyPress\u002FWordPress.\u003Cbr \u002F>\n and we plan to maintain and further develop it.\u003Cbr \u002F>\n We would like to express our sincere gratitude to the @wpmudv team for their cooperation in getting this plugin back.\u003C\u002Fp>\n\u003Cp>If you are looking to optimize media, We recommend \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-smushit\u002F\" rel=\"ugc\">Smush\u003C\u002Fa> to optimize your BuddyPress media.\u003C\u002Fp>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cp>The plugin is available on gihub. You can contribute by sending pull request, reporting errors and helping others.\u003Cbr \u002F>\nGithub repository: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbuddydev\u002Fbp-activity-plus-reloaded\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fbuddydev\u002Fbp-activity-plus-reloaded\u003C\u002Fa>\u003Cbr \u002F>\nSupport & reporting Issues: \u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002Fsupport\u002Fforums\u002F\" rel=\"nofollow ugc\">BuddyDev Forums\u003C\u002Fa>\u003C\u002Fp>\n","Note: This plugin will be discontinued by March 31st, 2025 in favor of BuddyPress Attachment plugin. Please migrate to the new plugin before that date &hellip;",1000,39127,9,"2025-01-22T12:55:00.000Z","6.7.5","5.0",[53,19,54,55,56],"activity-stream","buddypress-activity","buddypress-activity-upload","embed-video","https:\u002F\u002Fbuddydev.com\u002Fplugins\u002Fbp-activity-plus-reloaded\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-activity-plus-reloaded.1.1.2.zip",47,3,2,"2025-10-12 00:00:00",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":11,"downloaded":71,"rating":11,"num_ratings":72,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":76,"tags":77,"homepage":81,"download_link":82,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"buddykit","BuddyKit – Additional features for BuddyPress","0.0.4","Joseph G.","https:\u002F\u002Fprofiles.wordpress.org\u002Fdunhakdis\u002F","\u003Cp>BuddyKit adds several features like Live Notifications and Media Activities to your BuddyPress sites. More social media related features are coming soon!\u003C\u002Fp>\n","BuddyKit adds several features like Live Notifications and Media Activities to your BuddyPress powered websites.",12899,1,"2019-09-08T10:15:00.000Z","4.9.29","4.5","5.4",[78,19,79,80],"activity-streams","community","social-networking","https:\u002F\u002Fbuddykit.io\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddykit.0.0.4.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":13,"num_ratings":60,"last_updated":93,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":94,"homepage":95,"download_link":96,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"buddypress-edit-activity-stream","BuddyPress Edit Activity Stream","0.5.1","rich! @ etiviti","https:\u002F\u002Fprofiles.wordpress.org\u002Fnuprn1\u002F","\u003Cp>** IMPORTANT **\u003Cbr \u002F>\nThis plugin has been updated for BuddyPress 1.5.1\u003C\u002Fp>\n\u003Cp>Allows site admins and users to edit any activity update (except forum topics and replies) within a specified time period.\u003C\u002Fp>\n\u003Ch4>Related Links:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fetivite.com\" title=\"Plugin Demo Site\" rel=\"nofollow ugc\">Author’s Site\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fetivite.com\u002Fwordpress-plugins\u002Fbuddypress-edit-activity-stream\u002F\" rel=\"nofollow ugc\">BuddyPress Edit Activity Stream – About Page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fetivite.com\u002Fapi-hooks\u002F\" rel=\"nofollow ugc\">BuddyPress and bbPress Developer Hook and Filter API Reference\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Extra Configuration\u003C\u002Fh3>\n","This plugin allows an user to edit their activity stream status update within a specified time period.",40,9891,"2011-10-28T03:29:00.000Z",[53,19],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fbuddypress-edit-activity-stream\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-edit-activity-stream.0.5.1.zip",{"slug":98,"name":99,"version":41,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":34,"downloaded":104,"rating":105,"num_ratings":32,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":16,"tags":109,"homepage":111,"download_link":112,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"bp-activity-plus-styling","Buddypress Activity Plus Styling","Maksym Marko","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarkomaksym\u002F","\u003Cp>Add to the Buddypress Activity Plus plugin. This plugin adds CSS styles to images, videos and links. Also styling a THICKBOX.\u003C\u002Fp>\n","Additional CSS styles for the Buddypress Activity Plus plugin.",5598,50,"2019-05-01T15:35:00.000Z","5.1.22","4.3",[18,53,19,54,110],"wall","https:\u002F\u002Fgithub.com\u002FMaxim-us\u002Fbuddypress-activity-plus-styling","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-activity-plus-styling.1.1.2.zip",{"slug":114,"name":115,"version":86,"author":87,"author_profile":88,"description":116,"short_description":117,"active_installs":34,"downloaded":118,"rating":11,"num_ratings":61,"last_updated":119,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":120,"homepage":121,"download_link":122,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"buddypress-activity-stream-bump-to-top","BuddyPress Activity Stream Bump to Top","\u003Cp>** IMPORTANT **\u003Cbr \u002F>\nThis plugin has been updated for BuddyPress 1.5.1\u003C\u002Fp>\n\u003Cp>This plugin will “bump” an activity record to the top of the stream when an activity comment reply is made.\u003C\u002Fp>\n\u003Cp>The original date_recorded is appended to the time_since filter with an additional class named: time-created. Both timestamps are displayed within the activity stream meta div\u003C\u002Fp>\n\u003Ch4>Related Links:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fetivite.com\" title=\"Plugin Demo Site\" rel=\"nofollow ugc\">Author’s Site\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fetivite.com\u002Fwordpress-plugins\u002Fbuddypress-activity-stream-bump-to-top\u002F\" rel=\"nofollow ugc\">BuddyPress Activity Stream Bump – About Page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fetivite.com\u002Fapi-hooks\u002F\" rel=\"nofollow ugc\">BuddyPress and bbPress Developer Hook and Filter API Reference\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Extra Configuration\u003C\u002Fh3>\n\u003Cp>add a filter to bp_activity_bump_time_since (date_recorded, $bumpdate, $content)\u003C\u002Fp>\n","This plugin will \"bump\" an activity record to the top of the stream when activity comment reply is made.",9254,"2011-10-28T03:25:00.000Z",[53,19],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fbuddypress-activity-stream-bump-to-top\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-stream-bump-to-top.0.5.1.zip",{"attackSurface":124,"codeSignals":267,"taintFlows":295,"riskAssessment":314,"analyzedAt":319},{"hooks":125,"ajaxHandlers":263,"restRoutes":264,"shortcodes":265,"cronEvents":266,"entryPointCount":25,"unprotectedCount":25},[126,133,137,141,145,149,153,158,160,165,168,173,177,181,186,190,194,198,202,206,209,214,218,222,225,229,233,237,241,245,249,254,259],{"type":127,"name":128,"callback":129,"priority":130,"file":131,"line":132},"action","bp_activity_posted_update","bp_add_visibility_to_activity",10,"includes\\bp-activity-privacy-actions.php",38,{"type":127,"name":134,"callback":135,"priority":130,"file":131,"line":136},"bp_groups_posted_update","bp_add_visibility_to_group_activity",57,{"type":127,"name":138,"callback":139,"file":131,"line":140},"bp_activity_post_form_options","bp_add_activitiy_visibility_selectbox",71,{"type":127,"name":142,"callback":143,"priority":130,"file":131,"line":144},"bp_activity_entry_meta","bp_update_activitiy_visibility_selectbox",105,{"type":127,"name":146,"callback":147,"priority":130,"file":131,"line":148},"bp_insert_activity_meta","bp_activitiy_privacy_activity_visibility_meta",179,{"type":127,"name":150,"callback":151,"file":131,"line":152},"bp_after_activity_loop","bp_add_custom_style_selectbox",204,{"type":127,"name":154,"callback":155,"priority":72,"file":156,"line":157},"admin_init","do_activation_redirect","includes\\bp-activity-privacy-admin.php",28,{"type":127,"name":154,"callback":159,"file":156,"line":34},"admin_submit",{"type":161,"name":162,"callback":163,"priority":130,"file":156,"line":164},"filter","plugin_action_links","modify_plugin_action_links",34,{"type":161,"name":166,"callback":163,"priority":130,"file":156,"line":167},"network_admin_plugin_action_links",35,{"type":127,"name":169,"callback":170,"priority":72,"file":171,"line":172},"bp_activity_privacy_load_core","bp_activity_privacy_register_actions","includes\\bp-activity-privacy-ajax.php",32,{"type":127,"name":174,"callback":175,"priority":72,"file":176,"line":172},"wp_enqueue_scripts","bp_activity_privacy_add_js","includes\\bp-activity-privacy-cssjs.php",{"type":127,"name":178,"callback":179,"priority":72,"file":176,"line":180},"bp_actions","bp_activity_privacy_add_css",53,{"type":127,"name":182,"callback":183,"priority":130,"file":184,"line":185},"bp_has_activities","bp_visibility_activity_filter","includes\\bp-activity-privacy-filters.php",250,{"type":161,"name":187,"callback":188,"priority":130,"file":184,"line":189},"bp_get_activity_latest_update","bp_activity_privacy_latest_update",268,{"type":161,"name":191,"callback":192,"priority":130,"file":184,"line":193},"bp_get_member_latest_update","bp_activity_privacy_member_latest_update",298,{"type":161,"name":195,"callback":196,"priority":130,"file":184,"line":197},"get_user_metadata","bp_activity_privacy_latest_user_update",337,{"type":161,"name":199,"callback":200,"file":184,"line":201},"bp_activity_allowed_tags","bp_activity_privacy_override_allowed_tags",366,{"type":161,"name":203,"callback":204,"priority":130,"file":184,"line":205},"heartbeat_received","bp_activity_heartbeat_last_recorded",389,{"type":161,"name":207,"callback":204,"priority":130,"file":184,"line":208},"heartbeat_nopriv_received",390,{"type":161,"name":210,"callback":211,"priority":130,"file":212,"line":213},"bp_more_visibility_activity_filter","bp_follow_visibility_activity","includes\\bp-activity-privacy-integrations.php",14,{"type":127,"name":215,"callback":216,"file":212,"line":217},"wp_footer","bp_activity_privacy_fix_bp_activity_plus",106,{"type":127,"name":219,"callback":220,"file":212,"line":221},"rtmedia_before_media","bp_ap_rtmedia",202,{"type":127,"name":223,"callback":220,"file":212,"line":224},"rtmedia_after_media_gallery_title",203,{"type":127,"name":226,"callback":227,"file":212,"line":228},"bp_after_member_header","bp_ap_rtmedia_update_member_medias_count",299,{"type":127,"name":230,"callback":231,"file":212,"line":232},"bp_after_member_body","bp_ap_rtmedia_reset_member_medias_count",311,{"type":127,"name":234,"callback":235,"file":212,"line":236},"bp_after_group_header","bp_ap_rtmedia_update_group_medias_count",401,{"type":127,"name":238,"callback":239,"file":212,"line":240},"bp_after_group_body","bp_ap_rtmedia_reset_group_medias_count",421,{"type":127,"name":242,"callback":243,"file":212,"line":244},"rtmedia_add_edit_fields","bp_ap_rtmedia_add_edit_fields",471,{"type":127,"name":246,"callback":247,"file":212,"line":248},"rtmedia_after_update_media","bp_ap_rtmedia_after_update_media",492,{"type":127,"name":250,"callback":169,"priority":251,"file":252,"line":253},"bp_init",5,"includes\\bp-activity-privacy-loader.php",258,{"type":127,"name":255,"callback":256,"file":257,"line":258},"plugins_loaded","bp_activity_privacy_load_textdomain","loader.php",70,{"type":127,"name":260,"callback":261,"file":257,"line":262},"bp_include","bp_activity_privacy_init",146,[],[],[],[],{"dangerousFunctions":268,"sqlUsage":269,"outputEscaping":272,"fileOperations":25,"externalRequests":25,"nonceChecks":72,"capabilityChecks":25,"bundledLibraries":294},[],{"prepared":270,"raw":25,"locations":271},6,[],{"escaped":273,"rawEcho":274,"locations":275},11,8,[276,279,281,283,285,287,289,292],{"file":131,"line":277,"context":278},102,"raw output",{"file":156,"line":280,"context":278},353,{"file":156,"line":282,"context":278},372,{"file":156,"line":284,"context":278},644,{"file":156,"line":286,"context":278},654,{"file":212,"line":288,"context":278},467,{"file":290,"line":291,"context":278},"includes\\bp-activity-privacy-template.php",60,{"file":290,"line":293,"context":278},87,[],[296],{"entryPoint":297,"graph":298,"unsanitizedCount":25,"severity":313},"\u003Cbp-activity-privacy-admin> (includes\\bp-activity-privacy-admin.php:0)",{"nodes":299,"edges":310},[300,305],{"id":301,"type":302,"label":303,"file":156,"line":304},"n0","source","$_POST (x2)",104,{"id":306,"type":307,"label":308,"file":156,"line":280,"wp_function":309},"n1","sink","echo() [XSS]","echo",[311],{"from":301,"to":306,"sanitized":312},true,"low",{"summary":315,"deductions":316},"The \"buddypress-activity-privacy\" plugin v1.3.8 exhibits a generally strong security posture based on the provided static analysis. The absence of direct entry points like AJAX handlers, REST API routes, and shortcodes, coupled with the lack of file operations and external HTTP requests, significantly limits the plugin's attack surface. Furthermore, all observed SQL queries utilize prepared statements, which is a critical best practice for preventing SQL injection vulnerabilities. The presence of a nonce check is also a positive indicator of security awareness.\n\nHowever, the analysis does reveal some areas for improvement. A notable concern is the relatively low percentage of properly escaped output (58%). This indicates that there are instances where user-supplied data might be outputted without adequate sanitization, potentially leading to Cross-Site Scripting (XSS) vulnerabilities if malicious input is not properly handled. Additionally, the complete absence of capability checks, while not a direct vulnerability in itself given the limited entry points, means that the plugin does not enforce any WordPress role-based access control for its functionalities. The clean vulnerability history is a strong positive, suggesting a history of secure development and proactive patching.\n\nIn conclusion, the plugin is built with several fundamental security principles in mind, particularly regarding SQL injection and attack surface reduction. The primary area of concern is the unescaped output, which could be a vector for XSS. While the lack of capability checks isn't an immediate issue due to the limited entry points, it's a point to consider for future development to ensure robust access control.",[317],{"reason":318,"points":251},"Low percentage of properly escaped output","2026-03-16T20:35:13.894Z",{"wat":321,"direct":330},{"assetPaths":322,"generatorPatterns":325,"scriptPaths":326,"versionParams":327},[323,324],"\u002Fwp-content\u002Fplugins\u002Fbuddypress-activity-privacy\u002Fassets\u002Fcss\u002Fbp-activity-privacy-admin.css","\u002Fwp-content\u002Fplugins\u002Fbuddypress-activity-privacy\u002Fassets\u002Fjs\u002Fbp-activity-privacy-admin.js",[],[324],[328,329],"buddypress-activity-privacy\u002Fassets\u002Fcss\u002Fbp-activity-privacy-admin.css?ver=","buddypress-activity-privacy\u002Fassets\u002Fjs\u002Fbp-activity-privacy-admin.js?ver=",{"cssClasses":331,"htmlComments":333,"htmlAttributes":335,"restEndpoints":336,"jsGlobals":337,"shortcodeOutput":339},[332],"bp-activity-privacy-admin-wrap",[334],"\u003C!-- BP Activity Privacy admin page -->",[],[],[338],"BP_Activity_Privacy",[],{"error":312,"url":341,"statusCode":342,"statusMessage":343,"message":343},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fbuddypress-activity-privacy\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":14,"versions":345},[346,352,359,366,373,380,387,394,401,408,415,422,429,435,442,449,456,463,470,477,484,491,498],{"version":6,"download_url":23,"svn_tag_url":347,"released_at":26,"has_diff":348,"diff_files_changed":349,"diff_lines":26,"trac_diff_url":350,"vulnerabilities":351,"is_current":312},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.3.8\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.3.7&new_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.3.8",[],{"version":353,"download_url":354,"svn_tag_url":355,"released_at":26,"has_diff":348,"diff_files_changed":356,"diff_lines":26,"trac_diff_url":357,"vulnerabilities":358,"is_current":348},"1.3.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.3.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.3.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.3.6&new_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.3.7",[],{"version":360,"download_url":361,"svn_tag_url":362,"released_at":26,"has_diff":348,"diff_files_changed":363,"diff_lines":26,"trac_diff_url":364,"vulnerabilities":365,"is_current":348},"1.3.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.3.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.3.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.3.5&new_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.3.6",[],{"version":367,"download_url":368,"svn_tag_url":369,"released_at":26,"has_diff":348,"diff_files_changed":370,"diff_lines":26,"trac_diff_url":371,"vulnerabilities":372,"is_current":348},"1.3.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.3.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.3.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.3.4&new_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.3.5",[],{"version":374,"download_url":375,"svn_tag_url":376,"released_at":26,"has_diff":348,"diff_files_changed":377,"diff_lines":26,"trac_diff_url":378,"vulnerabilities":379,"is_current":348},"1.3.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.3.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.3.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.3.3&new_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.3.4",[],{"version":381,"download_url":382,"svn_tag_url":383,"released_at":26,"has_diff":348,"diff_files_changed":384,"diff_lines":26,"trac_diff_url":385,"vulnerabilities":386,"is_current":348},"1.3.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.3.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.3.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.3.2&new_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.3.3",[],{"version":388,"download_url":389,"svn_tag_url":390,"released_at":26,"has_diff":348,"diff_files_changed":391,"diff_lines":26,"trac_diff_url":392,"vulnerabilities":393,"is_current":348},"1.3.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.3.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.3.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.3.1&new_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.3.2",[],{"version":395,"download_url":396,"svn_tag_url":397,"released_at":26,"has_diff":348,"diff_files_changed":398,"diff_lines":26,"trac_diff_url":399,"vulnerabilities":400,"is_current":348},"1.3.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.3.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.3.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.3&new_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.3.1",[],{"version":402,"download_url":403,"svn_tag_url":404,"released_at":26,"has_diff":348,"diff_files_changed":405,"diff_lines":26,"trac_diff_url":406,"vulnerabilities":407,"is_current":348},"1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.2.2&new_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.3",[],{"version":409,"download_url":410,"svn_tag_url":411,"released_at":26,"has_diff":348,"diff_files_changed":412,"diff_lines":26,"trac_diff_url":413,"vulnerabilities":414,"is_current":348},"1.2.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.2.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.2.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.2.1&new_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.2.2",[],{"version":416,"download_url":417,"svn_tag_url":418,"released_at":26,"has_diff":348,"diff_files_changed":419,"diff_lines":26,"trac_diff_url":420,"vulnerabilities":421,"is_current":348},"1.2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.2&new_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.2.1",[],{"version":423,"download_url":424,"svn_tag_url":425,"released_at":26,"has_diff":348,"diff_files_changed":426,"diff_lines":26,"trac_diff_url":427,"vulnerabilities":428,"is_current":348},"1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.1.2&new_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.2",[],{"version":41,"download_url":430,"svn_tag_url":431,"released_at":26,"has_diff":348,"diff_files_changed":432,"diff_lines":26,"trac_diff_url":433,"vulnerabilities":434,"is_current":348},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.1.1&new_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.1.2",[],{"version":436,"download_url":437,"svn_tag_url":438,"released_at":26,"has_diff":348,"diff_files_changed":439,"diff_lines":26,"trac_diff_url":440,"vulnerabilities":441,"is_current":348},"1.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.1&new_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.1.1",[],{"version":443,"download_url":444,"svn_tag_url":445,"released_at":26,"has_diff":348,"diff_files_changed":446,"diff_lines":26,"trac_diff_url":447,"vulnerabilities":448,"is_current":348},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.0.4.3&new_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.1",[],{"version":450,"download_url":451,"svn_tag_url":452,"released_at":26,"has_diff":348,"diff_files_changed":453,"diff_lines":26,"trac_diff_url":454,"vulnerabilities":455,"is_current":348},"1.0.4.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.0.4.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.0.4.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.0.4.2&new_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.0.4.3",[],{"version":457,"download_url":458,"svn_tag_url":459,"released_at":26,"has_diff":348,"diff_files_changed":460,"diff_lines":26,"trac_diff_url":461,"vulnerabilities":462,"is_current":348},"1.0.4.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.0.4.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.0.4.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.0.4.1&new_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.0.4.2",[],{"version":464,"download_url":465,"svn_tag_url":466,"released_at":26,"has_diff":348,"diff_files_changed":467,"diff_lines":26,"trac_diff_url":468,"vulnerabilities":469,"is_current":348},"1.0.4.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.0.4.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.0.4.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.0.4&new_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.0.4.1",[],{"version":471,"download_url":472,"svn_tag_url":473,"released_at":26,"has_diff":348,"diff_files_changed":474,"diff_lines":26,"trac_diff_url":475,"vulnerabilities":476,"is_current":348},"1.0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.0.3&new_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.0.4",[],{"version":478,"download_url":479,"svn_tag_url":480,"released_at":26,"has_diff":348,"diff_files_changed":481,"diff_lines":26,"trac_diff_url":482,"vulnerabilities":483,"is_current":348},"1.0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.0.2&new_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.0.3",[],{"version":485,"download_url":486,"svn_tag_url":487,"released_at":26,"has_diff":348,"diff_files_changed":488,"diff_lines":26,"trac_diff_url":489,"vulnerabilities":490,"is_current":348},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.0.1&new_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.0.2",[],{"version":492,"download_url":493,"svn_tag_url":494,"released_at":26,"has_diff":348,"diff_files_changed":495,"diff_lines":26,"trac_diff_url":496,"vulnerabilities":497,"is_current":348},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.0&new_path=%2Fbuddypress-activity-privacy%2Ftags%2F1.0.1",[],{"version":499,"download_url":500,"svn_tag_url":501,"released_at":26,"has_diff":348,"diff_files_changed":502,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":503,"is_current":348},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbuddypress-activity-privacy\u002Ftags\u002F1.0\u002F",[],[]]