[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fE3Fiuo1TXNguVkTpwoUkgb51MONlNLxrd0J9UwtThnk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":15,"requires_php":15,"tags":16,"homepage":19,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":32,"analysis":119,"fingerprints":194},"buddypress-activity-stream-ajax-notifier","BuddyPress Activity Stream Ajax Notifier","0.1.2","rich! @ etiviti","https:\u002F\u002Fprofiles.wordpress.org\u002Fnuprn1\u002F","\u003Cp>** IMPORTANT **\u003Cbr \u002F>\nThis plugin has been updated for BuddyPress 1.5.1\u003C\u002Fp>\n\u003Cp>This plugin will display a simple twitter-like notification ‘New activity update. Refresh the page.’ via ajax if a new activity stream record has been posted.\u003C\u002Fp>\n\u003Cp>Polling is enabled for certain areas – main activity, group activity, profile activity (and the subnav – just-me, friends, groups, mentions)\u003C\u002Fp>\n\u003Cp>Does not return a # of new activities – Does not live refresh the page. (no plans – future BP roadmap to include this already)\u003C\u002Fp>\n\u003Cp>Restricted to loggedin_users, does not check for new activity comments.\u003C\u002Fp>\n\u003Cp>The default polling is every 2 minutes (120000 milliseconds)\u003C\u002Fp>\n\u003Ch4>Related Links:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fetivite.com\" title=\"Plugin Demo Site\" rel=\"nofollow ugc\">Author’s Site\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fetivite.com\u002Fwordpress-plugins\u002Fbuddypress-activity-stream-ajax-notifier\u002F\" rel=\"nofollow ugc\">BuddyPress Activity Stream Ajax Notifier – About Page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fetivite.com\u002Fapi-hooks\u002F\" rel=\"nofollow ugc\">BuddyPress and bbPress Developer Hook and Filter API Reference\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Fetivite\" rel=\"nofollow ugc\">@etivite\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fplus.google.com\u002F114440793706284941584?rel=author\" rel=\"nofollow ugc\">etivite+\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Extra Configuration\u003C\u002Fh3>\n","This plugin will display a simple twitter-like notification 'New activity update. Refresh the page.' via ajax if a new activity stream recor …",10,6444,0,"2011-11-11T03:20:00.000Z","",[17,18],"activity-stream","buddypress","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fbuddypress-activity-stream-ajax-notifier\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-stream-ajax-notifier.0.1.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":11,"total_installs":27,"avg_security_score":28,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},"nuprn1",200,88,30,86,"2026-04-04T14:47:57.032Z",[33,58,78,97,109],{"slug":34,"name":35,"version":36,"author":37,"author_profile":38,"description":39,"short_description":40,"active_installs":41,"downloaded":42,"rating":43,"num_ratings":44,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":15,"tags":48,"homepage":52,"download_link":53,"security_score":54,"vuln_count":55,"unpatched_count":56,"last_vuln_date":57,"fetched_at":23},"bp-activity-plus-reloaded","Activity Plus Reloaded for BuddyPress","1.1.2","BuddyDev","https:\u002F\u002Fprofiles.wordpress.org\u002Fbuddydev\u002F","\u003Cp>Activity Plus Reloaded for BuddyPress gives your social network all the features and ease of Facebook when it comes to uploading and sharing media!\u003C\u002Fp>\n\u003Cp>It is a fork of now unmaintained \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fbuddypress-activity-plus\u002F\" rel=\"ugc\">BuddyPress Activity Plus\u003C\u002Fa>\u003Cbr \u002F>\nThe plugin adds 3 new buttons to your BuddyPress activity stream.  Enabling you to attach photos, videos, and even share web links with everyone on your network!\u003C\u002Fp>\n\u003Cp>Here’s the quick overview of this plugin’s features:\u003Cbr \u002F>\n * Upload a photo (or multiple) directly from your computer to the activity stream\u003Cbr \u002F>\n * Embed a video from popular sites such as youtube and vimeo by copying the link\u003Cbr \u002F>\n * Embed a link to any site – the site title and description will automatically be pulled in\u003Cbr \u002F>\n * Embedding a link also allows you to choose a thumbnail image from a list of images on the site’s homepage\u003Cbr \u002F>\n * Works perfectly with any theme based on the BuddyPress Default theme\u003C\u002Fp>\n\u003Cp>Blog Post :\u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002Fintroducing-buddypress-activity-plus-reloaded\u002F\" rel=\"nofollow ugc\">Introducing BuddyPress Activity Plus Reloaded\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Credit\u003C\u002Fh4>\n\u003Cp>Activity Plus Reloaded for BuddyPress is a fork of \u003Cem>BuddyPress Activity Plus\u003C\u002Fem>(now abandoned) by @wpmudev. We have refactored it to wok with current BuddyPress\u002FWordPress.\u003Cbr \u002F>\n and we plan to maintain and further develop it.\u003Cbr \u002F>\n We would like to express our sincere gratitude to the @wpmudv team for their cooperation in getting this plugin back.\u003C\u002Fp>\n\u003Cp>If you are looking to optimize media, We recommend \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-smushit\u002F\" rel=\"ugc\">Smush\u003C\u002Fa> to optimize your BuddyPress media.\u003C\u002Fp>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cp>The plugin is available on gihub. You can contribute by sending pull request, reporting errors and helping others.\u003Cbr \u002F>\nGithub repository: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbuddydev\u002Fbp-activity-plus-reloaded\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fbuddydev\u002Fbp-activity-plus-reloaded\u003C\u002Fa>\u003Cbr \u002F>\nSupport & reporting Issues: \u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002Fsupport\u002Fforums\u002F\" rel=\"nofollow ugc\">BuddyDev Forums\u003C\u002Fa>\u003C\u002Fp>\n","Note: This plugin will be discontinued by March 31st, 2025 in favor of BuddyPress Attachment plugin. Please migrate to the new plugin before that date …",1000,38738,100,9,"2025-01-22T12:55:00.000Z","6.7.5","5.0",[17,18,49,50,51],"buddypress-activity","buddypress-activity-upload","embed-video","https:\u002F\u002Fbuddydev.com\u002Fplugins\u002Fbp-activity-plus-reloaded\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-activity-plus-reloaded.1.1.2.zip",46,3,2,"2025-10-12 00:00:00",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":43,"downloaded":66,"rating":43,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":76,"download_link":77,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23},"buddykit","BuddyKit – Additional features for BuddyPress","0.0.4","Joseph G.","https:\u002F\u002Fprofiles.wordpress.org\u002Fdunhakdis\u002F","\u003Cp>BuddyKit adds several features like Live Notifications and Media Activities to your BuddyPress sites. More social media related features are coming soon!\u003C\u002Fp>\n","BuddyKit adds several features like Live Notifications and Media Activities to your BuddyPress powered websites.",12833,1,"2019-09-08T10:15:00.000Z","4.9.29","4.5","5.4",[73,18,74,75],"activity-streams","community","social-networking","https:\u002F\u002Fbuddykit.io\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddykit.0.0.4.zip",{"slug":79,"name":80,"version":36,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":15,"tags":92,"homepage":95,"download_link":96,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23},"bp-activity-plus-styling","Buddypress Activity Plus Styling","Maksym Marko","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarkomaksym\u002F","\u003Cp>Add to the Buddypress Activity Plus plugin. This plugin adds CSS styles to images, videos and links. Also styling a THICKBOX.\u003C\u002Fp>\n","Additional CSS styles for the Buddypress Activity Plus plugin.",40,5543,50,4,"2019-05-01T15:35:00.000Z","5.1.22","4.3",[93,17,18,49,94],"activity","wall","https:\u002F\u002Fgithub.com\u002FMaxim-us\u002Fbuddypress-activity-plus-styling","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-activity-plus-styling.1.1.2.zip",{"slug":98,"name":99,"version":100,"author":7,"author_profile":8,"description":101,"short_description":102,"active_installs":85,"downloaded":103,"rating":104,"num_ratings":55,"last_updated":105,"tested_up_to":15,"requires_at_least":15,"requires_php":15,"tags":106,"homepage":107,"download_link":108,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23},"buddypress-edit-activity-stream","BuddyPress Edit Activity Stream","0.5.1","\u003Cp>** IMPORTANT **\u003Cbr \u002F>\nThis plugin has been updated for BuddyPress 1.5.1\u003C\u002Fp>\n\u003Cp>Allows site admins and users to edit any activity update (except forum topics and replies) within a specified time period.\u003C\u002Fp>\n\u003Ch4>Related Links:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fetivite.com\" title=\"Plugin Demo Site\" rel=\"nofollow ugc\">Author’s Site\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fetivite.com\u002Fwordpress-plugins\u002Fbuddypress-edit-activity-stream\u002F\" rel=\"nofollow ugc\">BuddyPress Edit Activity Stream – About Page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fetivite.com\u002Fapi-hooks\u002F\" rel=\"nofollow ugc\">BuddyPress and bbPress Developer Hook and Filter API Reference\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Extra Configuration\u003C\u002Fh3>\n","This plugin allows an user to edit their activity stream status update within a specified time period.",9835,74,"2011-10-28T03:29:00.000Z",[17,18],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fbuddypress-edit-activity-stream\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-edit-activity-stream.0.5.1.zip",{"slug":110,"name":111,"version":100,"author":7,"author_profile":8,"description":112,"short_description":113,"active_installs":29,"downloaded":114,"rating":43,"num_ratings":56,"last_updated":115,"tested_up_to":15,"requires_at_least":15,"requires_php":15,"tags":116,"homepage":117,"download_link":118,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23},"buddypress-activity-stream-bump-to-top","BuddyPress Activity Stream Bump to Top","\u003Cp>** IMPORTANT **\u003Cbr \u002F>\nThis plugin has been updated for BuddyPress 1.5.1\u003C\u002Fp>\n\u003Cp>This plugin will “bump” an activity record to the top of the stream when an activity comment reply is made.\u003C\u002Fp>\n\u003Cp>The original date_recorded is appended to the time_since filter with an additional class named: time-created. Both timestamps are displayed within the activity stream meta div\u003C\u002Fp>\n\u003Ch4>Related Links:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fetivite.com\" title=\"Plugin Demo Site\" rel=\"nofollow ugc\">Author’s Site\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fetivite.com\u002Fwordpress-plugins\u002Fbuddypress-activity-stream-bump-to-top\u002F\" rel=\"nofollow ugc\">BuddyPress Activity Stream Bump – About Page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fetivite.com\u002Fapi-hooks\u002F\" rel=\"nofollow ugc\">BuddyPress and bbPress Developer Hook and Filter API Reference\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Extra Configuration\u003C\u002Fh3>\n\u003Cp>add a filter to bp_activity_bump_time_since (date_recorded, $bumpdate, $content)\u003C\u002Fp>\n","This plugin will \"bump\" an activity record to the top of the stream when activity comment reply is made.",9199,"2011-10-28T03:25:00.000Z",[17,18],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fbuddypress-activity-stream-bump-to-top\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-stream-bump-to-top.0.5.1.zip",{"attackSurface":120,"codeSignals":159,"taintFlows":185,"riskAssessment":186,"analyzedAt":193},{"hooks":121,"ajaxHandlers":149,"restRoutes":156,"shortcodes":157,"cronEvents":158,"entryPointCount":67,"unprotectedCount":67},[122,127,132,137,141,145],{"type":123,"name":124,"callback":125,"priority":28,"file":126,"line":29},"action","bp_include","etivite_bp_activity_ajax_init","bp-activity-ajax-loader.php",{"type":128,"name":129,"callback":130,"priority":11,"file":126,"line":131},"filter","plugin_action_links","etivite_bp_activity_ajax_admin_add_action_link",62,{"type":123,"name":133,"callback":134,"priority":87,"file":135,"line":136},"bp_after_activity_loop","etivite_bp_activity_ajax_after_activity_loop","bp-activity-ajax.php",19,{"type":123,"name":138,"callback":139,"priority":87,"file":135,"line":140},"bp_before_activity_loop","etivite_bp_activity_ajax_notifier",29,{"type":123,"name":142,"callback":143,"priority":87,"file":135,"line":144},"bp_head","etivite_bp_activity_ajax_head",34,{"type":123,"name":146,"callback":147,"file":135,"line":148},"wp_enqueue_scripts","etivite_bp_activity_ajax_enqueue_scripts",54,[150],{"action":151,"nopriv":152,"callback":153,"hasNonce":152,"hasCapCheck":152,"file":154,"line":155},"bpactivity_ajax",false,"etivite_bp_activity_ajax_process_ajax","bp-activity-ajax-process.php",8,[],[],[],{"dangerousFunctions":160,"sqlUsage":161,"outputEscaping":163,"fileOperations":13,"externalRequests":13,"nonceChecks":56,"capabilityChecks":13,"bundledLibraries":184},[],{"prepared":13,"raw":13,"locations":162},[],{"escaped":13,"rawEcho":44,"locations":164},[165,169,171,173,175,177,178,180,182],{"file":166,"line":167,"context":168},"admin\\bp-activity-ajax-admin.php",31,"raw output",{"file":166,"line":170,"context":168},33,{"file":166,"line":172,"context":168},39,{"file":154,"line":174,"context":168},68,{"file":135,"line":176,"context":168},6,{"file":135,"line":44,"context":168},{"file":135,"line":179,"context":168},12,{"file":135,"line":181,"context":168},15,{"file":135,"line":183,"context":168},27,[],[],{"summary":187,"deductions":188},"The 'buddypress-activity-stream-ajax-notifier' plugin version 0.1.2 exhibits a mixed security posture.  On the positive side, it demonstrates strong practices by avoiding dangerous functions, using prepared statements for all SQL queries, and having no known vulnerabilities or taint flows. This indicates a developer who is aware of common web security pitfalls.\n\nHowever, significant concerns arise from the static analysis. The plugin presents a single entry point via an AJAX handler, which critically lacks any authentication or capability checks. This unprotected endpoint is a major security weakness, potentially allowing any unauthenticated user to trigger functionality within the plugin, which could have unintended or malicious consequences depending on what the AJAX handler does. Furthermore, a concerning 0% of output escaping means that any data displayed back to the user, especially if it originates from user input or external sources processed by this AJAX handler, is vulnerable to cross-site scripting (XSS) attacks.\n\nWhile the absence of historical vulnerabilities is a good sign, it does not negate the immediate risks identified in the current version's code. The primary risks stem from the unprotected AJAX endpoint and the lack of output escaping, both of which are fundamental security oversights. The plugin has strengths in its SQL handling and lack of dangerous functions, but these are overshadowed by the critical vulnerability in its primary entry point and potential for XSS.",[189,191],{"reason":190,"points":11},"AJAX handler without authentication",{"reason":192,"points":155},"No output escaping on any outputs","2026-03-17T00:36:23.439Z",{"wat":195,"direct":202},{"assetPaths":196,"generatorPatterns":198,"scriptPaths":199,"versionParams":200},[197],"\u002Fwp-content\u002Fplugins\u002Fbuddypress-activity-stream-ajax-notifier\u002F_inc\u002Fjs\u002Fbp-activity-ajax.js",[],[197],[201],"wp-content\u002Fplugins\u002Fbuddypress-activity-stream-ajax-notifier\u002F_inc\u002Fjs\u002Fbp-activity-ajax.js?ver=20111013",{"cssClasses":203,"htmlComments":207,"htmlAttributes":208,"restEndpoints":217,"jsGlobals":218,"shortcodeOutput":220},[204,205,206],"activity-loop-ajax","activity-notifier","activity-notifier-link",[],[209,210,211,212,213,214,215,216],"id=\"activity-loop-ajax\"","name=\"activity-loop-ajax\"","id=\"date_recorded\"","id=\"gid\"","id=\"uid\"","id=\"ca\"","id=\"activity-notifier\"","id=\"activity-notifier-link\"",[],[219],"BPAA",[]]