[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fiXTS4O_c3AmD_WzfxLQMXrhhclvgWaX6g9G3BLc6Pds":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":139,"fingerprints":265},"buddypress-group-folders","BuddyPress Group Folders","1.5","Ruuttu","https:\u002F\u002Fprofiles.wordpress.org\u002Fruuttu\u002F","\u003Cp>You can enable BuddyPress groups to have their own private little file repositories. Files can\u003Cbr \u002F>\nbe uploaded and downloaded and that’s it. There’s no tagging, searching or even pagination.\u003C\u002Fp>\n","Very basic and private file storage for groups.",10,4577,100,4,"2013-03-17T21:27:00.000Z","3.5.2","3.2","",[20,21,22,23],"buddypress","files","folders","groups","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-group-folders.1.5.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":25,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"ruuttu",2,20,30,84,"2026-04-04T18:18:18.849Z",[38,57,77,98,117],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":55,"download_link":56,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"buddydrive","BuddyDrive","2.1.4","Themekraft","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemekraft\u002F","\u003Cp>BuddyDrive lets BuddyPress users upload, manage, and share files and folders from profiles or groups.\u003C\u002Fp>\n\u003Ch3>** 2025 UPDATE **\u003C\u002Fh3>\n\u003Cp>BuddyDrive is now actively maintained once again, with ongoing updates for performance, compatibility, and security.\u003C\u002Fp>\n\u003Ch3>Let your members upload and share files with ease — right inside your BuddyPress or BuddyBoss community.\u003C\u002Fh3>\n\u003Cp>BuddyDrive is the simplest way to give users their own personal file storage — and the ability to share files or folders with friends or the wider community. Whether it’s documents, PDFs, images, or other uploads, BuddyDrive keeps everything organized and accessible inside each user’s profile or groups.\u003Cbr \u002F>\nThis plugin uses the BuddyPress Attachment API for seamless integration, with support for both member profiles and group pages. It’s great for sharing personal files, collaborating in groups, or offering community downloads.\u003Cbr \u002F>\nWith the free version of BuddyDrive, users can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Upload and manage their own files\u003C\u002Fli>\n\u003Cli>Share files publicly, with friends, or keep them private\u003C\u002Fli>\n\u003Cli>Organize uploads into folders\u003C\u002Fli>\n\u003Cli>Control visibility directly within the user or group interface\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>BuddyDrive is now under active development with regular updates and ongoing support — rebuilt and maintained by a new team committed to making it fast, secure, and compatible with the latest versions of WordPress, BuddyPress, and BuddyBoss.\u003C\u002Fp>\n\u003Cp>BuddyPress is available in English, French, Dutch and Brazilian Portuguese.\u003C\u002Fp>\n\u003Ch3>Need more advanced sharing options?\u003C\u002Fh3>\n\u003Cp>BuddyDrive Pro adds powerful features like:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Password-protected file access\u003C\u002Fli>\n\u003Cli>Sharing with specific members or groups\u003C\u002Fli>\n\u003Cli>More flexible content visibility settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for communities, educators, private groups, and creators who want to deliver content securely and selectively.\u003C\u002Fp>\n","BuddyDrive lets BuddyPress users upload, manage, and share files and folders from profiles or groups.",1000,240204,86,47,"2025-06-03T23:56:00.000Z","6.8.5","4.5","7.4",[20,21,22],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbuddydrive\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddydrive.2.1.4.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":46,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":18,"download_link":76,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"bp-registration-options","Registration Options for BuddyPress","4.4.5","Brian Messenlehner","https:\u002F\u002Fprofiles.wordpress.org\u002Fmessenlehner\u002F","\u003Cp>Prevent users and bots from accessing the BuddyPress or bbPress areas of your website(s) until they are approved.\u003C\u002Fp>\n\u003Cp>This BuddyPress extension allows you to enable user moderation for new members, as well as help create a private network for your users. If moderation is enabled, any new members will be denied access to your BuddyPress and bbPress areas on your site, with the exception of their own user profile. They will be allowed to edit and configure that much. They will also not be listed in the members lists on the frontend until approved. Custom messages are available so you can tailor them to the tone of your website and community. When an admin approves or denies a user, email notifications will be sent to let them know of the decision.\u003C\u002Fp>\n\u003Cp>Requires BuddyPress version 1.7 or higher and bbPress 2.0 or higher.\u003C\u002Fp>\n\u003Ch3>General Data Protection Regulation\u003C\u002Fh3>\n\u003Cp>BuddyPress Registration Options temporarily stores user IP addresses as user meta to help validate and vet pending users. Saved IP values are deleted upon both approval and denial of pending user. No other personal data is recorded.\u003C\u002Fp>\n","Moderate new BuddyPress members and fight BuddyPress spam.",175480,88,33,"2023-03-05T15:26:00.000Z","6.0.11","5.2","5.6",[73,20,23,74,75],"admin","moderation","registration","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-registration-options.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":46,"downloaded":85,"rating":86,"num_ratings":87,"last_updated":88,"tested_up_to":89,"requires_at_least":17,"requires_php":90,"tags":91,"homepage":95,"download_link":96,"security_score":97,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"buddypress-group-email-subscription","BuddyPress Group Email Subscription","4.2.4","Boone Gorges","https:\u002F\u002Fprofiles.wordpress.org\u002Fboonebgorges\u002F","\u003Cp>This powerful plugin allows users to receive email notifications of group activity. Weekly or daily digests are available. Each user can choose how they want to subscribe to their groups.\u003C\u002Fp>\n\u003Cp>Please note that this plugin requires BuddyPress, as well as the BuddyPress Groups and Activity components.\u003C\u002Fp>\n\u003Cp>EMAIL SUBSCRIPTION LEVELS\u003Cbr \u002F>\nThere are 5 levels of email subscription options:\u003C\u002Fp>\n\u003Col>\n\u003Cli>No Email – Read this group on the web\u003C\u002Fli>\n\u003Cli>Weekly Summary Email – A summary of new topics each week\u003C\u002Fli>\n\u003Cli>Daily Digest Email – All the day’s activity bundled into a single email\u003C\u002Fli>\n\u003Cli>New Topics Email – Send new topics as they arrive (but don’t send replies)\u003C\u002Fli>\n\u003Cli>All Email – Send all group activity as it arrives\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>DEFAULT SUBSCRIPTION STATUS\u003Cbr \u002F>\nGroup admins can choose one of the 5 subscription levels as a default that gets applied when new members join.\u003C\u002Fp>\n\u003Cp>DIGEST AND SUMMARY EMAILS\u003Cbr \u002F>\nThe daily digest email is sent every morning and contains all the emails from all the groups a user is subscribed to. The digest begins with a helpful topic summary. The weekly summary email contains the topic titles from the past week by default. Summary and digest timing can be configured in the back end. (The admin can view a sample of the digests and summaries in the queue by going adding this to your url: mydomain.com\u002Fsum=1. This won’t send emails just show what will be sent)\u003C\u002Fp>\n\u003Cp>HTML EMAILS\u003Cbr \u002F>\nThe digest and summary emails are sent out in multipart HTML and plain text email format. This makes the digest much more readable with better links. The email is multipart so users who need only plain text will get plain text.\u003C\u002Fp>\n\u003Cp>EMAILS FOR TOPICS I’VE STARTED OR COMMENTED ON (only available with BuddyPress legacy discussion forums)\u003Cbr \u002F>\nUsers receive email notifications when someone replies to a topic they create or comment on (similar to Facebook). This happens whether they are subscribed or not. Users can control this behaviour in their notifications page.\u003C\u002Fp>\n\u003Cp>TOPIC FOLLOW AND MUTE (only available with BuddyPress legacy discussion forums)\u003Cbr \u002F>\nUsers who are not fully subscribed to a group (ie. maybe they are on digest) can choose to get immediate email updates for specific topic threads. Any subsequent replies to that thread will be emailed to them. In an opposite way, users who are fully subscribed to a group but want to stop getting emails from a specific (perhaps annoying) thread can choose to mute that topic.  bbPress plugin users can utilize the “Subscribe” \u002F “Notify me of follow-up replies via email” option.\u003C\u002Fp>\n\u003Cp>ADMIN NOTIFICATION\u003Cbr \u002F>\nGroup admins can send out an email to all group members from the group’s admin section. This feature is helpful to quickly communicate to the whole group, but it should be used with caution.\u003C\u002Fp>\n\u003Cp>GROUP ADMINS CAN SET SUBSCRIPTION LEVEL\u003Cbr \u002F>\nGroup admins can set the subscription level for existing users on the group’s “Admin > Manage Members” page – either one by one or all at once.\u003C\u002Fp>\n\u003Cp>SPAM PROTECTION\u003Cbr \u002F>\nTo protect against spam, you can set a minimum number of days users need to be registered before their group activity will be emailed to other users. This feature is off by default, but can be enabled in the admin.\u003C\u002Fp>\n\u003Cp>TRANSLATORS\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brazilian Portuguese – www.about.me\u002Fdennisaltermann (or www.congregacao.net)\u003C\u002Fli>\n\u003Cli>Catalan – Sara Arjona Téllez\u003C\u002Fli>\n\u003Cli>Danish – Morten Nalholm\u003C\u002Fli>\n\u003Cli>Dutch – Anja werkgroepen.net\u002Fwordpress, Tim de Hoog\u003C\u002Fli>\n\u003Cli>Farsi – Vahid Masoomi http:\u002F\u002Fwww.AzUni.ir\u003C\u002Fli>\n\u003Cli>French – http:\u002F\u002Fwww.claudegagne-photo.com, Sylvain Ghysens\u003C\u002Fli>\n\u003Cli>German – Peter Peterson, Thorsten Wollenhöfer, Jörg Lohrer\u003C\u002Fli>\n\u003Cli>Hebrew – Iggy Pritzker\u003C\u002Fli>\n\u003Cli>Italian – Stefano Russo\u003C\u002Fli>\n\u003Cli>Japanese – https:\u002F\u002Fbuddypress.org\u002Fcommunity\u002Fmembers\u002Fchestnut_jp\u002F\u003C\u002Fli>\n\u003Cli>Lithuanian – Vincent G http:\u002F\u002Fwww.Host1Free.com\u003C\u002Fli>\n\u003Cli>Russian – http:\u002F\u002Fwww.viaestvita.net\u002Fgroups\u002F\u003C\u002Fli>\n\u003Cli>Spanish – Williams Castillo, Gregor Gimmy\u003C\u002Fli>\n\u003Cli>Swedish – Thomas Schneider, Joakim Hising\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>NOTE TO PLUGIN AUTHORS\u003Cbr \u002F>\nIf your plugin posts updates to the standard BuddyPress activity stream, then group members who are subscribed via 3. Daily Digest and 5. All Email will get your updates automatically. However people subscribed as 2. Weekly Summary and 4. New Topic will not. If you feel some of your plugin’s updates are very important and want to make sure all subscribed members receive them, you can filter ‘ass_this_activity_is_important’ and return TRUE when $type matches your activity. See the ass_this_activity_is_important() function in bp-activity-subscription-functions.phpfor more info.\u003C\u002Fp>\n\u003Cp>PLUGIN SUPPORTERS:\u003Cbr \u002F>\nMajor supporters: shambhalanetwork.org & commons.gc.cuny.edu\u003Cbr \u002F>\nOther supporters: bluedotproductions.com\u003C\u002Fp>\n\u003Cp>PLUGIN DEVELOPMENT\u003Cbr \u002F>\nFor bug reports or to add patches or translation files, please visit the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fboonebgorges\u002Fbuddypress-group-email-subscription\u002F\" rel=\"nofollow ugc\">GES Github page\u003C\u002Fa>.  Contributions are definitely welcome!\u003C\u002Fp>\n","This powerful plugin allows users to receive email notifications of group activity. Weekly or daily digests are available.",230356,80,32,"2024-10-04T14:35:00.000Z","6.6.5","5.3",[92,93,94,20,23],"activities","activity","bp","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fbuddypress-group-email-subscription\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-group-email-subscription.4.2.4.zip",92,{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":46,"downloaded":106,"rating":13,"num_ratings":11,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":53,"tags":110,"homepage":115,"download_link":116,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"disk-usage-insights","Disk Usage Insights","1.10","Marcel Gleis","https:\u002F\u002Fprofiles.wordpress.org\u002Fmgleis\u002F","\u003Cp>Find large files and large folders in no time. This plugin scans your whole WordPress installation, counts all files and folders, sums up the sizes and outputs useful statistics to find unwanted large objects in your system.\u003C\u002Fp>\n","Find large files and folders in no time! Hunt down the TOP 10 files and folders with the most disk usage.",7558,"2025-12-15T10:55:00.000Z","6.9.4","5.0",[111,112,113,114],"disk-usage","file-size","large-files","large-folders","https:\u002F\u002Fgithub.com\u002Fmgleis\u002Fdisk-usage-insights","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisk-usage-insights.1.10.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":46,"downloaded":125,"rating":97,"num_ratings":126,"last_updated":127,"tested_up_to":51,"requires_at_least":128,"requires_php":71,"tags":129,"homepage":135,"download_link":136,"security_score":137,"vuln_count":32,"unpatched_count":26,"last_vuln_date":138,"fetched_at":28},"prevent-file-access","Prevent files \u002F folders access","2.6.1","miniOrange","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyberlord92\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-media-restriction\" rel=\"nofollow ugc\">WordPress Prevent files\u002F folders\u003C\u002Fa> access provides the easiest way to protect WordPress files from public users so that your wordpress media library can be accessed only by \u003Cstrong>WordPress logged in\u003C\u002Fstrong> users or users with \u003Cstrong>specific roles\u002Fcapabilities\u003C\u002Fstrong>. Your \u003Cem>ebooks\u003C\u002Fem>, \u003Cem>pdfs\u003C\u002Fem>, \u003Cem>other important files\u003C\u002Fem>, etc., can be \u003Cstrong>protected from google indexing\u003C\u002Fstrong> so that data is protected from getting stolen. Control users access to media library, Control users access to the WordPress upload folder or sub folders, and restrict all the files published on your WordPress site.\u003C\u002Fp>\n\u003Cp>For restricted Content you can choose to redirect users to \u003Cstrong>403 forbidden page\u003C\u002Fstrong>, your \u003Cstrong>custom page\u003C\u002Fstrong>, \u003Cstrong>WordPress login page\u003C\u002Fstrong>, SSO login page (if you are using OAuth or SAML SSO).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No change required\u003C\u002Fstrong> or \u003Cstrong>no manual work\u003C\u002Fstrong> needed to create a private link to protect your wordpress media file. Our plugin takes care of your media library or via Media, Pages, or Posts.\u003C\u002Fp>\n\u003Cp>We support a level of security where you can choose either \u003Cem>\u003Cstrong>cookie-based\u003C\u002Fstrong>\u003C\u002Fem> restriction or \u003Cem>\u003Cstrong>session-based\u003C\u002Fstrong>\u003C\u002Fem> restriction.\u003Cbr \u002F>\nAlso, we support Apache and Nginx servers to prevent direct access to the WordPress media library and therefore protect the media library for public or restricted users.\u003C\u002Fp>\n\u003Cp>It prevents private download of the media files from public access and only the logged-in users or specific user roles can access and download the wordpress media files.\u003C\u002Fp>\n\u003Cp>We also support media\u002Ffiles\u002Ffolders Restriction based on NFT holding in the user crypto wallet. We support any level of customization according to your requirement.\u003C\u002Fp>\n\u003Ch3>File-Based Protection\u003C\u002Fh3>\n\u003Cp>WordPress Prevent file\u002Ffolder access is developed to allow you to protect wordpress media file in your customized way. It will prevent direct access from media library \u003Cstrong>based on their extension\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>You can protect file types below:\n\n* Images - Every type of image files can be protected. eg: jpeg, jpg, gif, png, bmp, webp, pfg, ico, psd, etc.\n* Videos - Every type of video files can be protected. eg: mp4, m4a, m4v, f4v, f4a, m4b, m4r, f4b, mov, 3gp, avi etc.\n* Documents - Every type of document files can be protected. eg: doc, docx, html, pdf, txt, ppt, xls, xlsx, pptx, odt.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Redirect\u003C\u002Fh3>\n\u003Cp>WordPress Prevent file\u002Ffolder access provides \u003Cstrong>redirect options\u003C\u002Fstrong>. This allow you to redirect the restricted users to any WordPress page of your website.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>403 forbidden page\u003C\u002Fstrong> \u003Cem>(DEFAULT)\u003C\u002Fem> – \u003Cem>Users will be shown 403 forbidden pages with a restricted access message.\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Display custom page\u003C\u002Fstrong> – \u003Cem>We can redirect users to any WordPress custom page when they try to access restricted files or folders.\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress login\u003C\u002Fstrong> – \u003Cem>Users will be redirected to the WordPress default login page.\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IDP login\u003C\u002Fstrong> – \u003Cem>Users will redirect to the selected IDP (SAML\u002FOAuth) login page and after IdP authentication they can see the restricted content.\u003C\u002Fem>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Private Directory\u002FProtected folder\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Our plugin also gives you a \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-media-restriction#mediarestriction\" rel=\"nofollow ugc\">Private Directory\u003C\u002Fa> where you can add files of all extension types and restrictions will be applied to all files inside the private directory.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Membership Based Media Restriction.\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress Prevent files\u002F folder allows you to secure media library and control wp-content\u002Fuploads access based on the membership purchased by the user.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Folder Based Protection\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress Prevent files\u002F folders access allows you to protect your folders too, the \u003Cstrong>wp-content or uploads\u003C\u002Fstrong> folder where all the wordpress media files like images, videos, and document files are stored will also be protected.\u003C\u002Fli>\n\u003Cli>Users have the option to \u003Cstrong>protect a particular month’s media files or sub folder in uploads directory.\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Based Restriction\u003C\u002Fstrong> – A particular user can access only a particular folder. (Admin would be able to access all the folders)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role Base folder access\u003C\u002Fstrong> – Uploads folder or subfolders can be restricted for public access and allowed folder access to users with specific role. (Admin would be able to access all the folders)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>We support \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.learndash.com\u002F\" rel=\"nofollow ugc\">LearnDash\u003C\u002Fa>\u003C\u002Fstrong> and other LMS to restrict files and folders according to different groups and specific user roles.\u003C\u002Fp>\n\u003Cp>You can customize the restriction rules and use them as per your needs.\u003C\u002Fp>\n\u003Cp>This functionality operates at the server level, thus if the Apache server rules don’t work, or also the WP Engine, Siteground, and other servers like this run on an Nginx server, which requires the use of Nginx configuration rules. If you face any issues please email us at \u003Cem>info@xecurify.com\u003C\u002Fem> or \u003Cem>oauthsupport@xecurify.com\u003C\u002Fem>. We would recommend you to please ensure your PHP server and rules first which will work on your server before purchasing it or else \u003Cstrong>contact us we will help you to set up the plugin according to your requirements on your site.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>FREE VERSION FEATURES\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress Prevent Files\u002FFolder Access allows you to protect your wordpress media files, libraries and folders from public access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Extensions Restricted\u003C\u002Fstrong> – Can restrict five standard extensions (.png, .jpg, .gif, .pdf, .doc).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirection of non-logged-in users\u003C\u002Fstrong>: Can redirect non-logged-in users to any page of your WordPress site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protected Folder\u003C\u002Fstrong>: Can keep selected files in a protected folder and they will be restricted from the public users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supported Servers\u003C\u002Fstrong>: You can configure the plugin on the Apache server easily.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Level Base\u003C\u002Fstrong>: Plugin will check if a user is logged in or not through Cookie.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>PREMIUM VERSION FEATURES\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress Prevent Files\u002FFolder Access allows you to protect your media files and folders from public access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Extensions Restricted\u003C\u002Fstrong> – Media restricton to unlimited extensions is supported.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirection of non-logged-in users\u003C\u002Fstrong>: You can redirect the non-logged-in users to any page of your WordPress site or to the WordPress login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Folder Restriction\u003C\u002Fstrong>: Can restrict access to wordpress media library from non-logged-in users. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protected Folder\u003C\u002Fstrong>: Can store unlimited files in a private directory\u002Fprotected folder and they will be restricted from the public users and indexing on search engine.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supported Servers\u003C\u002Fstrong>: You can configure plugins on Apache and NGINX servers easily.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Level Base\u003C\u002Fstrong>: Plugin will check if a user is logged in or not through Cookie.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>ENTERPRISE VERSION FEATURES\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress Prevent Files\u002FFolder Access allows you to protect your WordPress media files and folders from public access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Extensions Restricted\u003C\u002Fstrong> – Media restriction to unlimited extensions is supported.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirection of non-logged-in users\u003C\u002Fstrong>: You can redirect non-logged-in users to any page of your WordPress site or to the WordPress login page or to SAML\u002FOAuth login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Folder Restriction\u003C\u002Fstrong>: Can restrict access to the WordPress uploads folder or any other folder in your WordPress instance from non-logged-in users by enabling user access restrictions. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protected Folder\u003C\u002Fstrong>: Can keep unlimited files in a protected folder and they will be restricted from the public users to prevent direct access to specific user roles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supported Servers\u003C\u002Fstrong>: You can configure plugins on Apache and NGINX servers easily.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Level Base\u003C\u002Fstrong>: Plugin will check if a user is logged in or not through Cookie or Session.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>ALL INCLUSIVE VERSION FEATURES\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress Prevent Files\u002FFolder Access allows you to protect your WordPress media files and folders from public access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Extensions Restricted\u003C\u002Fstrong> – Media restricton to unlimited extensions is supported.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirection of non-logged-in users\u003C\u002Fstrong>: You can redirect non-logged-in users to any page of your WordPress site or to the WordPress login page or to SAML\u002FOAuth login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Folder Restriction\u003C\u002Fstrong>: Can restrict access to the WordPress uploads folder or any other folder in your WordPress instance from non-logged-in users by enabling user access restrictions. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protected Folder\u003C\u002Fstrong>: Can keep unlimited files in a protected folder and they will be restricted from the public users to prevent direct access to specific user roles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supported Servers\u003C\u002Fstrong>: You can configure plugins on Apache and NGINX servers easily.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Level Base\u003C\u002Fstrong>: Plugin will check if a user is logged in or not through Cookie or Session.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Media Management\u003C\u002Fstrong>: You can create custom folders and subfolders to organize your media library and control access of the created folders and subfolders.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Download Logs\u003C\u002Fstrong>: You can view logs for uploading, downloading, and deleting files.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Membership Based Media Restriction\u003C\u002Fstrong>: Compatible with Paid Memberships Pro, ARMember Membership, WordPress Membership, and WooCommerce Subscriptions.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>DOCUMENTATION AND SUPPORT\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For documentation go to our \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-media-restriction#mediarestriction\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>If you have any questions or want to request new features, contact us via email at \u003Ca href=\"mailto:oauthsupport@xecurify.com\" rel=\"nofollow ugc\">oauthsupport@xecurify.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Prevent public access to WordPress files and folders. Protect downloads from public access, Role-based folder access, and User base folder access.",34694,35,"2025-06-24T06:01:00.000Z","3.0.1",[130,131,132,133,134],"content-restriction","media-restriction","protect-uploads","protect-folders","secure-files","http:\u002F\u002Fminiorange.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprevent-file-access.2.6.1.zip",97,"2025-08-06 00:00:00",{"attackSurface":140,"codeSignals":166,"taintFlows":211,"riskAssessment":253,"analyzedAt":264},{"hooks":141,"ajaxHandlers":162,"restRoutes":163,"shortcodes":164,"cronEvents":165,"entryPointCount":26,"unprotectedCount":26},[142,148,152,157],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","admin_menu","bp_gfold_admin_menu","bp-gfold-admin.php",7,{"type":143,"name":149,"callback":150,"file":146,"line":151},"admin_init","bp_gfold_admin_init",8,{"type":143,"name":153,"callback":154,"file":155,"line":156},"wp_enqueue_scripts","bp_gfold_assets","bp-gfold-extension.php",22,{"type":143,"name":158,"callback":159,"file":160,"line":161},"bp_init","bp_gfold_init","bp-gfold.php",466,[],[],[],[],{"dangerousFunctions":167,"sqlUsage":168,"outputEscaping":170,"fileOperations":147,"externalRequests":26,"nonceChecks":209,"capabilityChecks":26,"bundledLibraries":210},[],{"prepared":26,"raw":26,"locations":169},[],{"escaped":171,"rawEcho":172,"locations":173},15,18,[174,177,179,180,181,183,185,187,189,191,193,195,197,199,201,203,205,207],{"file":146,"line":175,"context":176},79,"raw output",{"file":146,"line":178,"context":176},83,{"file":146,"line":35,"context":176},{"file":146,"line":25,"context":176},{"file":146,"line":182,"context":176},89,{"file":146,"line":184,"context":176},90,{"file":146,"line":186,"context":176},91,{"file":146,"line":188,"context":176},93,{"file":146,"line":190,"context":176},98,{"file":155,"line":192,"context":176},45,{"file":155,"line":194,"context":176},49,{"file":155,"line":196,"context":176},52,{"file":155,"line":198,"context":176},55,{"file":155,"line":200,"context":176},72,{"file":160,"line":202,"context":176},215,{"file":160,"line":204,"context":176},216,{"file":160,"line":206,"context":176},217,{"file":160,"line":208,"context":176},218,1,[],[212,232,245],{"entryPoint":213,"graph":214,"unsanitizedCount":32,"severity":231},"\u003Cbp-gfold-download> (bp-gfold-download.php:0)",{"nodes":215,"edges":228},[216,222],{"id":217,"type":218,"label":219,"file":220,"line":221},"n0","source","$_SERVER (x2)","bp-gfold-download.php",3,{"id":223,"type":224,"label":225,"file":220,"line":226,"wp_function":227},"n1","sink","header() [Header Injection]",38,"header",[229],{"from":217,"to":223,"sanitized":230},false,"medium",{"entryPoint":233,"graph":234,"unsanitizedCount":209,"severity":231},"repo_make (bp-gfold.php:223)",{"nodes":235,"edges":243},[236,239],{"id":217,"type":218,"label":237,"file":160,"line":238},"$_SERVER",251,{"id":223,"type":224,"label":240,"file":160,"line":241,"wp_function":242},"file_put_contents() [File Write]",264,"file_put_contents",[244],{"from":217,"to":223,"sanitized":230},{"entryPoint":246,"graph":247,"unsanitizedCount":209,"severity":231},"\u003Cbp-gfold> (bp-gfold.php:0)",{"nodes":248,"edges":251},[249,250],{"id":217,"type":218,"label":237,"file":160,"line":238},{"id":223,"type":224,"label":240,"file":160,"line":241,"wp_function":242},[252],{"from":217,"to":223,"sanitized":230},{"summary":254,"deductions":255},"The \"buddypress-group-folders\" v1.5 plugin exhibits a generally positive security posture based on the provided static analysis. The absence of direct attack surface elements like AJAX handlers, REST API routes, shortcodes, and cron events is a significant strength. Furthermore, the complete reliance on prepared statements for SQL queries indicates a robust defense against SQL injection vulnerabilities. The plugin also demonstrates a good understanding of file operation security with all file operations being logged and accounted for. The presence of nonce checks, though only one, is a good practice. However, a significant concern arises from the taint analysis, which reveals three flows with unsanitized paths. While these did not escalate to critical or high severity vulnerabilities, the presence of unsanitized paths, especially involving file operations, warrants attention and potential for exploitation if not handled carefully by the application logic. The plugin's vulnerability history is clean, with no recorded CVEs, which is highly encouraging and suggests a history of secure development. Despite the clean history, the taint analysis findings are a clear signal that even with good practices, there are potential areas for improvement regarding input sanitization, particularly for file-related operations. Overall, the plugin is well-coded with strong foundations, but the identified taint flows require further investigation and remediation to ensure complete security.",[256,259,262],{"reason":257,"points":258},"Flows with unsanitized paths found",12,{"reason":260,"points":261},"Low percentage of properly escaped output",5,{"reason":263,"points":221},"Only one nonce check detected","2026-03-17T01:22:46.196Z",{"wat":266,"direct":275},{"assetPaths":267,"generatorPatterns":270,"scriptPaths":271,"versionParams":272},[268,269],"\u002Fwp-content\u002Fplugins\u002Fbuddypress-gfold\u002Fcss\u002Fbpgfold.css","\u002Fwp-content\u002Fplugins\u002Fbuddypress-gfold\u002Fjs\u002Fbpgfold.js",[],[269],[273,274],"buddypress-gfold\u002Fcss\u002Fbpgfold.css?ver=","buddypress-gfold\u002Fjs\u002Fbpgfold.js?ver=",{"cssClasses":276,"htmlComments":278,"htmlAttributes":285,"restEndpoints":287,"jsGlobals":288,"shortcodeOutput":291},[277],"stripe",[279,280,281,282,283,284]," repository doesn't exists; return empty array "," ensure repository folder exists "," ensure gfold root has download script "," and dummy index "," ensure group repository has dummy index "," doesn't matter what the key is, just has to be something random ",[286],"data-fn",[],[289,290],"bpgfoldrn","bpgfoldd",[]]