[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f07lu7vPyKICDM61HLDtsWRNWeaUHWIN3xm5zJZyiT8I":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":133,"fingerprints":311},"buddypress-cover-photo","BuddyPress Default Cover Photo","1.6.0","SeventhQueen","https:\u002F\u002Fprofiles.wordpress.org\u002Fseventhqueen\u002F","\u003Cp>The plugin adds DEFAULT Profile and Group cover settings in WP Admin – Settings – BuddyPress – Settings.\u003C\u002Fp>\n\u003Cp>You also have the option to replace default BuddyPress cover photo and use this plugin for the cover functionality.\u003C\u002Fp>\n\u003Cp>Check out this demo to see it in action:\u003Cbr \u002F>\nhttp:\u002F\u002Fseventhqueen.com\u002Fthemes\u002Fkleo\u002Fmembers\u002Fkleoadmin\u002F\u003C\u002Fp>\n","The plugin adds DEFAULT Profile and Group cover settings in WP Admin - Settings - BuddyPress - Settings.",600,102728,76,12,"2019-12-20T13:38:00.000Z","5.3.21","4.1","",[20,21,22,23,24],"avatar","buddypress","default-cover","group-cover","profile-cover","http:\u002F\u002Fseventhqueen.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-cover-photo.1.6.0.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"seventhqueen",3,1050,90,109,72,"2026-04-04T02:30:41.874Z",[41,62,82,101,117],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":49,"downloaded":50,"rating":51,"num_ratings":52,"last_updated":53,"tested_up_to":54,"requires_at_least":55,"requires_php":18,"tags":56,"homepage":18,"download_link":61,"security_score":49,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"bp-local-avatars","BP Local Avatars","3.0","shanebp","https:\u002F\u002Fprofiles.wordpress.org\u002Fshanebp\u002F","\u003Cp>BP Local Avatars is a BuddyPress plugin.\u003C\u002Fp>\n\u003Cp>Do you have members or groups on your BuddyPress site who do not have an Avatar?\u003Cbr \u002F>\nAnd you do not want to show the generic default avatar?\u003Cbr \u002F>\nOr maybe you do not want each page view to include a lot of calls to gravatar.com to load avatars?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>This plugin will create a Gravatar Identicon avatar, thumb and full versions, for any user who does not already have an Avatar, and save it locally.\u003C\u002Fli>\n\u003Cli>Supports user creation, user registration, user login, and Bulk Generation for user and groups.\u003C\u002Fli>\n\u003Cli>Uses the existing BuddyPress avatar directory structure.\u003C\u002Fli>\n\u003Cli>Conforms to the defined sizes for BuddyPress thumb and full avatars.\u003C\u002Fli>\n\u003Cli>Users can still upload an avatar via their profile.\u003C\u002Fli>\n\u003Cli>Groups can still upload an avatar via Group > Manage > Photo.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Usage:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Provides an option in wp-admin under:\u003Cbr \u002F>\nSettings -> Discussion > Default Avatar > BuddyPress Identicon (Generated and Stored Locally).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Select and Save. Otherwise this plugin will not do anything.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>After saving, you will see a link to ‘Bulk Generate’ avatars for all users and groups who do not have a local avatar. If a user already has their own Gravatar, it will save it locally.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>For more BuddyPress plugins, please visit \u003Ca href=\"https:\u002F\u002Fwww.philopress.com\u002F\" rel=\"nofollow ugc\">PhiloPress\u003C\u002Fa>\u003C\u002Fp>\n","A BuddyPress plugin that creates Gravatar avatars for any user or group without one, and stores them locally.",100,10578,82,7,"2025-04-19T17:32:00.000Z","6.8.5","4.0",[57,21,58,59,60],"avatars","gravatars","groups","members","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-local-avatars.3.0.zip",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":49,"downloaded":70,"rating":71,"num_ratings":72,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":18,"tags":76,"homepage":80,"download_link":81,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"buddypress-first-letter-avatar","BuddyPress First Letter Avatar","2.2.8","DanielAGW","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanielagw\u002F","\u003Cp>BuddyPress First Letter Avatar \u003Cstrong>sets custom avatars for users without profile picture or Gravatar\u003C\u002Fstrong>. The avatar will be a first letter of user’s name. You can also configure plugin to use any other letter to set custom avatar.\u003C\u002Fp>\n\u003Cp>BuddyPress First Letter Avatar is based on my other plugin – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-first-letter-avatar\u002F\" rel=\"ugc\">WP First Letter Avatar\u003C\u002Fa>. BuddyPress First Letter Avatar is basically the same thing, but programmed to work with BuddyPress.\u003C\u002Fp>\n\u003Cp>BuddyPress First Letter Avatar includes a set of \u003Cstrong>beautiful, colorful letter avatars\u003C\u002Fstrong> in many sizes. Optimal size will be chosen by the plugin in order to display high quality avatar and not download, for example, big 512px avatars when only 48px is needed… \u003Cstrong>PSD template\u003C\u002Fstrong> for avatar is also included.\u003C\u002Fp>\n\u003Cp>You can also create your own avatar set by creating new directory next to \u003Cem>‘default’\u003C\u002Fem> folder and following the naming convention from \u003Cem>‘default’\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>By default, custom avatar will be set only to users without profile pictures and Gravatars, but you can change that in settings and not use Gravatar\u002Fprofile pictures at all.\u003C\u002Fp>\n\u003Cp>BuddyPress First Letter Avatar helps you \u003Cstrong>bring more colors into your BuddyPress site\u003C\u002Fstrong>. Plus, your users will be more \u003Cstrong>willing to actively participate in your site\u003C\u002Fstrong> since they can actually relate to these avatars much better than to the Mystery Person.\u003C\u002Fp>\n\u003Cp>All images were compressed using the fantastic \u003Ca href=\"https:\u002F\u002Ftinypng.com\u002F\" rel=\"nofollow ugc\">TinyPNG\u003C\u002Fa>, so avatars are \u003Cstrong>incredibly light and ultra-high quality\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Plugin is also available \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FDev49net\u002Fbuddypress-first-letter-avatar\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cp>BuddyPress First Letter Avatar requires at least PHP 5.4. It \u003Cstrong>does not work properly\u003C\u002Fstrong> on PHP 5.3.x and earlier.\u003C\u002Fp>\n","A WordPress-BuddyPress plugin to set fancy custom avatars for users with no Gravatar and no profile picture.",29807,98,16,"2017-03-11T22:26:00.000Z","4.7.32","4.6",[57,21,77,78,79],"comments","custom-avatar","discussion","http:\u002F\u002Fdev49.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-first-letter-avatar.zip",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":49,"num_ratings":92,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":18,"tags":96,"homepage":99,"download_link":100,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"bp-profile-cover","BP Profile Cover","1.3","VibeThemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fvibethemes\u002F","\u003Cp>Allow users to upload Profile cover images using BuddyPress attachment API. see it live it action on \u003Ca href=\"https:\u002F\u002Fwplms.io\" rel=\"nofollow ugc\">WordPress LMS\u003C\u002Fa>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Allow users to upload Cover profile images\u003C\u002Fli>\n\u003Cli>Allow users to upload Group cover images\u003C\u002Fli>\n\u003Cli>Uses BP Attachment API \u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Requires BP v 2.3+\u003C\u002Fp>\n\u003Ch4>More Information\u003C\u002Fh4>\n\u003Cp>Visit the \u003Ca href=\"https:\u002F\u002Fvibethemes.com\u002F\" rel=\"nofollow ugc\">VibeThemes\u003C\u002Fa> for documentation, support, and information on getting involved in the project.\u003C\u002Fp>\n","Add Beautiful profile covers in BuddyPress Group and User profiles.",40,10159,1,"2018-12-28T04:23:00.000Z","5.0.25","3.6",[21,97,24,98],"cover-image","profile-image","http:\u002F\u002Fwww.VibeThemes.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-profile-cover.1.3.zip",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":28,"num_ratings":28,"last_updated":111,"tested_up_to":18,"requires_at_least":18,"requires_php":18,"tags":112,"homepage":115,"download_link":116,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"bp-webcam-avatar","BP Webcam Avatar","0.8","michaelvar","https:\u002F\u002Fprofiles.wordpress.org\u002Fmichaelvar\u002F","\u003Cp>Add a webcam snapshot option for uploading an avatar in BuddyPress.\u003C\u002Fp>\n","Add a webcam snapshot option for uploading an avatar in BuddyPress.",20,7939,"2011-12-22T13:01:00.000Z",[20,21,113,114],"camera","webcam","http:\u002F\u002Fweb-world.co.il\u002Fwp-plugins\u002Fbp-webcam-avatar","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-webcam-avatar.zip",{"slug":118,"name":119,"version":85,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":109,"downloaded":124,"rating":49,"num_ratings":92,"last_updated":125,"tested_up_to":54,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":131,"download_link":132,"security_score":49,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"jennystudio-identicons","JennyStudio Identicons","Brain1981@JennyStudio","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrain1981\u002F","\u003Cp>\u003Cstrong>JennyStudio Identicons\u003C\u002Fstrong> Is a lightweight plug-in that generates Material Design-style avatars based on user names. It automatically replaces WordPress’s default “mystery man” avatars, BuddyPress user avatars, and bbPress forum avatars without relying on Gravatar.\u003C\u002Fp>\n\u003Cp>Main functions:\u003Cbr \u002F>\n– \u003Cstrong>Material Design Styles\u003C\u002Fstrong> – Generates beautiful, consistent vector avatars.\u003Cbr \u002F>\n– \u003Cstrong>Color configurable\u003C\u002Fstrong> – Avatar colors are configurable.\u003Cbr \u002F>\n– \u003Cstrong>Seamless integration\u003C\u002Fstrong> – Compatible with WordPress Core, BuddyPress and bbPress.\u003Cbr \u002F>\n– \u003Cstrong>Disable Gravatar\u003C\u002Fstrong> – Avoid privacy issues and improve loading speed, especially for users in the mainland of China to avoid page jams caused by Gravatar loading.\u003Cbr \u002F>\n– \u003Cstrong>Base64 inline image\u003C\u002Fstrong> – Without additional HTTP requests, avatars are directly embedded in HTML.\u003C\u002Fp>\n","Replace the default Gravatar avatars on WordPress, BuddyPress, and bbPress with Material Design-style Identicons avatars.",478,"2025-07-05T07:46:00.000Z","5.2","7.2",[57,129,21,78,130],"bbpress","identicons","https:\u002F\u002Fwww.becomingjenny.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjennystudio-identicons.1.3.zip",{"attackSurface":134,"codeSignals":237,"taintFlows":303,"riskAssessment":304,"analyzedAt":310},{"hooks":135,"ajaxHandlers":221,"restRoutes":234,"shortcodes":235,"cronEvents":236,"entryPointCount":34,"unprotectedCount":28},[136,143,148,151,155,160,164,168,172,176,180,184,189,193,197,202,204,208,209,211,213,217],{"type":137,"name":138,"callback":139,"priority":140,"file":141,"line":142},"action","bp_include","sq_bp_cover_photo_init",99,"buddypress-cover-photo.php",19,{"type":144,"name":145,"callback":146,"file":141,"line":147},"filter","bp_is_profile_cover_image_active","__return_false",33,{"type":144,"name":149,"callback":146,"file":141,"line":150},"bp_is_groups_cover_image_active",36,{"type":137,"name":152,"callback":153,"file":141,"line":154},"after_setup_theme","bpcp_cover_images_no_support",42,{"type":144,"name":156,"callback":157,"priority":158,"file":141,"line":159},"bp_before_groups_cover_image_settings_parse_args","bpcp_group_compat_cover_image",10,49,{"type":144,"name":161,"callback":162,"priority":158,"file":141,"line":163},"bp_before_xprofile_cover_image_settings_parse_args","bpcp_profile_compat_cover_image",50,{"type":137,"name":165,"callback":166,"file":141,"line":167},"plugins_loaded","kleo_bpcp_load_textdomain",121,{"type":144,"name":169,"callback":170,"priority":158,"file":141,"line":171},"load_textdomain_mofile","bpcp_load_old_textdomain",126,{"type":137,"name":173,"callback":174,"file":141,"line":175},"bp_register_admin_settings","bp_plugin_admin_settings",309,{"type":137,"name":152,"callback":177,"priority":140,"file":178,"line":179},"remove_theme_group_cover_link","group-cover.php",37,{"type":137,"name":181,"callback":182,"priority":109,"file":178,"line":183},"bp_before_group_header","add_cover",38,{"type":144,"name":185,"callback":186,"priority":187,"file":178,"line":188},"body_class","get_body_class",30,41,{"type":137,"name":190,"callback":191,"file":178,"line":192},"wp_head","inject_css",44,{"type":137,"name":194,"callback":195,"file":178,"line":196},"wp_print_scripts","inject_js",45,{"type":137,"name":198,"callback":199,"file":200,"line":201},"bp_xprofile_setup_nav","setup_nav","profile-cover.php",14,{"type":137,"name":152,"callback":203,"priority":140,"file":200,"line":72},"remove_theme_profile_cover_link",{"type":137,"name":205,"callback":206,"priority":109,"file":200,"line":207},"bp_before_member_header","add_profile_cover",17,{"type":144,"name":185,"callback":186,"priority":187,"file":200,"line":109},{"type":137,"name":190,"callback":191,"file":200,"line":210},23,{"type":137,"name":194,"callback":195,"file":200,"line":212},24,{"type":137,"name":214,"callback":215,"file":200,"line":216},"bp_template_title","page_title",124,{"type":137,"name":218,"callback":219,"file":200,"line":220},"bp_template_content","page_content",125,[222,228,231],{"action":223,"nopriv":224,"callback":225,"hasNonce":226,"hasCapCheck":224,"file":141,"line":227},"bp_cover_image_delete",false,"bpcp_attachments_cover_image_ajax_delete",true,46,{"action":229,"nopriv":224,"callback":230,"hasNonce":226,"hasCapCheck":224,"file":178,"line":227},"bpcp_delete_group_cover","ajax_delete_current_cover",{"action":232,"nopriv":224,"callback":230,"hasNonce":226,"hasCapCheck":224,"file":200,"line":233},"bpcp_delete_cover",25,[],[],[],{"dangerousFunctions":238,"sqlUsage":239,"outputEscaping":241,"fileOperations":300,"externalRequests":28,"nonceChecks":301,"capabilityChecks":28,"bundledLibraries":302},[],{"prepared":28,"raw":28,"locations":240},[],{"escaped":28,"rawEcho":147,"locations":242},[243,246,248,249,250,251,253,255,257,259,261,263,265,267,269,271,272,273,275,277,278,280,281,283,284,285,287,289,290,292,294,296,298],{"file":141,"line":244,"context":245},363,"raw output",{"file":141,"line":247,"context":245},415,{"file":178,"line":49,"context":245},{"file":178,"line":220,"context":245},{"file":178,"line":171,"context":245},{"file":178,"line":252,"context":245},127,{"file":178,"line":254,"context":245},146,{"file":178,"line":256,"context":245},147,{"file":178,"line":258,"context":245},148,{"file":178,"line":260,"context":245},151,{"file":178,"line":262,"context":245},176,{"file":178,"line":264,"context":245},214,{"file":178,"line":266,"context":245},217,{"file":178,"line":268,"context":245},247,{"file":178,"line":270,"context":245},248,{"file":178,"line":270,"context":245},{"file":178,"line":270,"context":245},{"file":200,"line":274,"context":245},73,{"file":200,"line":276,"context":245},131,{"file":200,"line":254,"context":245},{"file":200,"line":279,"context":245},149,{"file":200,"line":262,"context":245},{"file":200,"line":282,"context":245},177,{"file":200,"line":282,"context":245},{"file":200,"line":282,"context":245},{"file":200,"line":286,"context":245},245,{"file":200,"line":288,"context":245},246,{"file":200,"line":268,"context":245},{"file":200,"line":291,"context":245},266,{"file":200,"line":293,"context":245},267,{"file":200,"line":295,"context":245},268,{"file":200,"line":297,"context":245},271,{"file":200,"line":299,"context":245},303,2,4,[],[],{"summary":305,"deductions":306},"The \"buddypress-cover-photo\" plugin version 1.6.0 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by not having any known CVEs, no recorded historical vulnerabilities, and no external HTTP requests. The code analysis also indicates that all SQL queries use prepared statements, and there are a reasonable number of nonce and capability checks, suggesting some awareness of security best practices. However, a significant concern arises from the lack of output escaping for all identified outputs. This means that data displayed to users could potentially be manipulated, leading to cross-site scripting (XSS) vulnerabilities if that data originates from an untrusted source or is not properly sanitized before display.\n\nDespite the absence of critical taint flows and dangerous functions, the universal lack of output escaping presents a substantial risk. While the plugin's entry points are protected by authorization checks, the output vulnerability means that even authenticated users could be targeted or that legitimate functionality could be abused to execute malicious scripts. The vulnerability history of zero known CVEs is a positive indicator, but it should not overshadow the clear weaknesses identified in the static analysis, particularly the unescaped output which is a common vector for attacks. Overall, the plugin has a solid foundation in preventing unauthorized access and direct code execution through its protected entry points, but the lack of output escaping is a critical oversight that needs immediate attention.",[307],{"reason":308,"points":309},"No output escaping",15,"2026-03-16T19:31:26.152Z",{"wat":312,"direct":325},{"assetPaths":313,"generatorPatterns":316,"scriptPaths":317,"versionParams":320},[314,315],"\u002Fwp-content\u002Fplugins\u002Fbuddypress-cover-photo\u002Fcss\u002Fprofile-cover.css","\u002Fwp-content\u002Fplugins\u002Fbuddypress-cover-photo\u002Fcss\u002Fgroup-cover.css",[],[318,319],"\u002Fwp-content\u002Fplugins\u002Fbuddypress-cover-photo\u002Fjs\u002Fprofile-cover.js","\u002Fwp-content\u002Fplugins\u002Fbuddypress-cover-photo\u002Fjs\u002Fgroup-cover.js",[321,322,323,324],"buddypress-cover-photo\u002Fcss\u002Fprofile-cover.css?ver=","buddypress-cover-photo\u002Fcss\u002Fgroup-cover.css?ver=","buddypress-cover-photo\u002Fjs\u002Fprofile-cover.js?ver=","buddypress-cover-photo\u002Fjs\u002Fgroup-cover.js?ver=",{"cssClasses":326,"htmlComments":329,"htmlAttributes":351,"restEndpoints":354,"jsGlobals":355,"shortcodeOutput":357},[327,328],"bpcp-profile-cover","bpcp-group-cover",[330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350],"Based on initial work of Brajesh Singh custom background plugin","First try to get the image for the user if is any","Ajax delete a cover image for a given object and item id.","Some Upload file utils used in the plugin","handles upload, a modified version of bp_core_avatar_handle_upload(from bp-core\u002Fbp-core-avatars.php)","I am not changing the domain of error messages as these are same as bp, so you should have a translation for this","Your setting main function","This is how you add a new section to BuddyPress settings","the id of your new section","the title of your section","the display function for your section's description","BuddyPress settings","the option name you want to use for your plugin","The title for your setting","Display function","Your plugins section id","Default Profile cover field","Replace BP 2.4 functionality","Default Profile Cover","Register Profile default field setting","the validation function you use before saving y",[352,353],"data-bpcp-profile-id","data-bpcp-group-id",[],[356],"window.bp_cover_photo_params",[]]