[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fEQAUGBBjkCwbLxuw1suLW6ga5Nwk5txMM_HvZ6IDk5A":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":134,"fingerprints":466},"buddypress-like","BuddyPress Like","0.3.0","darrenmeehan","https:\u002F\u002Fprofiles.wordpress.org\u002Fdarrenmeehan\u002F","\u003Cp>Gives users the ability to ‘like’ content across your BuddyPress enabled site.\u003C\u002Fp>\n","Gives users the ability to 'like' content across your BuddyPress enabled site.",100,76443,70,26,"2015-12-06T20:41:00.000Z","4.4.34","3.8","",[20,21,22,23,24],"buddypress","like","post","rate","thumbs","http:\u002F\u002Fdarrenmeehan.me\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-like.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},1,30,84,"2026-04-03T20:00:18.590Z",[38,62,81,97,117],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":57,"download_link":58,"security_score":59,"vuln_count":60,"unpatched_count":28,"last_vuln_date":61,"fetched_at":30},"i-recommend-this","I Recommend This – Love\u002FLike Button for WordPress Posts","4.0.1","Harish Chouhan","https:\u002F\u002Fprofiles.wordpress.org\u002Fhchouhan\u002F","\u003Cp>“I Recommend This” allows your visitors to effortlessly like or recommend your posts with a single click, making it easier for them to show their appreciation without leaving a comment. Enhance your site’s engagement by providing a simple, user-friendly way for readers to interact with your content.\u003C\u002Fp>\n\u003Ch3>Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Display a counter for likes\u002Frecommendations.\u003C\u002Fli>\n\u003Cli>Widget and shortcode to display the most liked posts.\u003C\u002Fli>\n\u003Cli>Choose between a “Thumbs Up” or “Heart” icon.\u003C\u002Fli>\n\u003Cli>Prevents multiple votes from the same user via cookies and IP address tracking.\u003C\u002Fli>\n\u003Cli>View and sort posts by likes in the post edit page.\u003C\u002Fli>\n\u003Cli>Better GDPR compliance with anonymized IPs\u003C\u002Fli>\n\u003Cli>Built-in query block compatibility\u003C\u002Fli>\n\u003Cli>Extensive action and filter hooks for developers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Advanced Options:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Hide the counter if the count is zero.\u003C\u002Fli>\n\u003Cli>Customize messages for zero, one, or multiple likes.\u003C\u002Fli>\n\u003Cli>Disable plugin CSS for custom styling.\u003C\u002Fli>\n\u003Cli>Option to disable IP address saving to comply with GDPR.\u003C\u002Fli>\n\u003Cli>Enhanced cookie management\u003C\u002Fli>\n\u003Cli>IP address anonymization for stronger GDPR compliance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Shortcodes:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ccode>[irecommendthis]\u003C\u002Fcode> – Add the voting link to any page.\u003C\u002Fli>\n\u003Cli>\u003Ccode>[irecommendthis_top_posts post_type='post' container='div' number='10' year='2023' monthnum='7']\u003C\u002Fcode> – Display most recommended posts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is based exactly on Benoit “LeBen” Burgener’s “I Like This” Plugin and has been modified after getting requests for the changes I had made on my website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>If you love the plugin, please consider rating it and clicking on “it works” button.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Example Sites Using the Plugin:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fflattrendz.com\" rel=\"nofollow ugc\">Flat UI Design Gallery\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>For Developers:\u003C\u002Fh3>\n\u003Cp>This plugin is being developed on GitHub.. If you want to collaborate, please look at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwebtions\u002FI-Recommend-This\" rel=\"nofollow ugc\">I Recommend This plugin on GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>You can \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fi-recommend-this\u002Fstable\u002F\" rel=\"nofollow ugc\">help translate this plugin into your language\u003C\u002Fa> using your WordPress.org account.\u003C\u002Fp>\n","Enable your visitors to easily like or recommend your posts with a single click, enhancing engagement without the need for comments.",5000,390544,94,37,"2025-07-25T12:44:00.000Z","6.8.5","6.1","7.4",[21,55,22,23,56],"love","recommend","https:\u002F\u002Fthemeist.com\u002Fplugins\u002Fwordpress\u002Fi-recommend-this\u002F#utm_source=wp-plugin&utm_medium=i-recommend-this&utm_campaign=plugins-page","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fi-recommend-this.4.0.1.zip",96,5,"2023-04-19 00:00:00",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":72,"num_ratings":60,"last_updated":18,"tested_up_to":73,"requires_at_least":74,"requires_php":18,"tags":75,"homepage":18,"download_link":79,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":80},"zaki-like-dislike-comments","Zaki Like Dislike Comments","1.2","Riccardo Conte","https:\u002F\u002Fprofiles.wordpress.org\u002Frconte-1\u002F","\u003Cp>This plugin implements a “like\u002Fdislike” rating system for comments. In the setting page you can choose a “compact \u002F splitted” mode that show ratings like sum or separately.\u003C\u002Fp>\n","This plugin implements a \"like\u002Fdislike\" rating system for comments",40,5565,80,"4.1.42","3.3",[76,21,77,23,78],"comments","posts","vote","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzaki-like-dislike-comments.zip","2026-03-15T10:48:56.248Z",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":11,"num_ratings":33,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":18,"tags":94,"homepage":18,"download_link":96,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"like-and-who-likes","Like And Who Likes","1.3.1","atonyk","https:\u002F\u002Fprofiles.wordpress.org\u002Fatonyk\u002F","\u003Cp>This plugin adds the ‘Like’ button and ‘Who Likes’ list to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress posts and comments\u003C\u002Fli>\n\u003Cli>BuddyPress activities and comments\u003C\u002Fli>\n\u003Cli>BBPress posts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It allows for registered users to like the items. And it shows for both registered and unregistered users the existing likes.\u003C\u002Fp>\n\u003Cp>The components to show the likes to can be configured on the settings page. For example, the likes can be disabled for WordPress comments.\u003C\u002Fp>\n\u003Cp>Likes are saved in the internal WordPress and BuddyPress meta tables. No separate tables are created.\u003C\u002Fp>\n\u003Cp>The plugin cleans all its data on uninstallation (but not on deactivation).\u003C\u002Fp>\n\u003Cp>You can contribute on – \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fansnap\u002Flike-and-who-likes\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fansnap\u002Flike-and-who-likes\u003C\u002Fa>\u003C\u002Fp>\n","Adds the 'Like' button and 'Who Likes' list for WordPress, BuddyPress and BBPress.",10,3084,"2017-05-10T08:11:00.000Z","4.7.32","4.6",[20,21,23,95,78],"social","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flike-and-who-likes.1.3.1.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":89,"downloaded":105,"rating":28,"num_ratings":28,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":109,"tags":110,"homepage":18,"download_link":116,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"managed-posts-rating-like-button","Managed posts rating ★ Like button","2.0.2","Daria Levchenko","https:\u002F\u002Fprofiles.wordpress.org\u002Flevenyatko\u002F","\u003Cp>The Managed posts rating ★ Like button plugin is a rating system for your WordPress site with a simple “like” button and advanced admin panel.\u003Cbr \u002F>\nThis lightweight plugin empowers you to enhance user engagement by enabling rating functionality for your posts, pages, or any custom post type. You can automatically integrate the like button or use shortcodes to customize its placement.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Lightweight.\u003C\u002Fli>\n\u003Cli>Integrate the like button automatically or use shortcodes for custom placement.\u003C\u002Fli>\n\u003Cli>Access a detailed logs page to track user interactions and ratings.\u003C\u002Fli>\n\u003Cli>The chart page displays users’ voting activity.\u003C\u002Fli>\n\u003Cli>Ability to allow only logged-in users to vote.\u003C\u002Fli>\n\u003Cli>Ability to customize the maximum number of votes per post from one user.\u003C\u002Fli>\n\u003Cli>Easy voting management.\u003C\u002Fli>\n\u003Cli>Ability to rewrite the voting button template in your theme.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>To automatically add the “like” button to your posts in the admin panel\u003Cbr \u002F>\n– Go to the “MPRating” -> “Settings” page\u003Cbr \u002F>\n– Change the “Display” select value to “Before Content” or “After Content”\u003Cbr \u002F>\n– Save settings\u003C\u002Fp>\n\u003Cp>For more advanced control, select the “Manually” value for the “Display” select and use the provided shortcodes in your post content or templates:\u003Cbr \u002F>\n– \u003Ccode>[mpr-button]\u003C\u002Fcode> – Display the like button.\u003Cbr \u002F>\n– \u003Ccode>[mpr-button id=\"XX\" disabled=\"false\"]\u003C\u002Fcode> – Display the like button for a specific post (replace “XX” with the post ID). Use the “disabled” attribute if you want to show the “like” button but disallow voting.\u003C\u002Fp>\n\u003Cp>You can also display the voting button using the mpr_button function. The function parameters are similar to the shortcode.\u003Cbr \u002F>\n    mpr_button([‘id’ => 1, ‘disabled’ => false, ‘return’ => false ]);\u003C\u002Fp>\n\u003Ch3>Admin Panel\u003C\u002Fh3>\n\u003Cp>Visit the “MPRating” section in your WordPress admin dashboard to access the admin panel. From here, you can:\u003Cbr \u002F>\n– View and manage user ratings.\u003Cbr \u002F>\n– Customize the plugin settings to match your preferences.\u003C\u002Fp>\n","Rating system for your WordPress site with a simple \"like\" button and advanced admin panel.",980,"2026-01-02T15:35:00.000Z","6.9.4","4.9","8.2",[111,112,113,114,115],"like-button","rate-post","rating","rating-system","voting","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmanaged-posts-rating-like-button.2.0.2.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":89,"downloaded":125,"rating":11,"num_ratings":33,"last_updated":18,"tested_up_to":126,"requires_at_least":127,"requires_php":18,"tags":128,"homepage":132,"download_link":133,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":80},"mif-bp-customizer","MIF BP Customizer","1.0.0","asergeev34","https:\u002F\u002Fprofiles.wordpress.org\u002Fasergeev34\u002F","\u003Cp>Buddypress features extension plugin for creation of social network site.\u003Cbr \u002F>\nIt is oriented on work with social networking plugin BuddyPress.\u003C\u002Fp>\n\u003Cp>Adds features:\u003C\u002Fp>\n\u003Cp>Activity feed\u003C\u002Fp>\n\u003Cp>Special activity feed. Changes the appearance and behavior of the activity feed on users’ pages (on personal page – “Whole feed”, on other users’ pages – only their activity). Allows to use content blocking tools.\u003C\u002Fp>\n\u003Cp>Post types of activity feed. Allows to specify activity types, which should be displayed in user’s feed (“Special activity feed” option is required).\u003C\u002Fp>\n\u003Cp>User blocking. Allows to maintain a list of users, whose information is blocked in your activity feed (“Special activity feed” option is required).\u003C\u002Fp>\n\u003Cp>Site behavior\u003C\u002Fp>\n\u003Cp>Profile as a homepage. Set user profile as his home page.\u003C\u002Fp>\n\u003Cp>Profile privacy. Allow users to limit access to their profiles.\u003C\u002Fp>\n\u003Cp>Subscribers. Enable subscription option for user updates (subscription = one-way friendship).\u003C\u002Fp>\n\u003Cp>Notifications. Advanced notification mode.\u003C\u002Fp>\n\u003Cp>Pop-up messages. Mechanism of pop-up messages (echo-server configuration is required).\u003C\u002Fp>\n\u003Cp>Documents. Creation of files and documents collections on users’ and groups’ pages. Files and documents publication in the activity feed.\u003C\u002Fp>\n\u003Cp>Dialogues (experimentally\u002Fis in a test mode). Simple and convenient dialogues instead of the standard system of private messages (experimentally\u002Fis in a test mode; echo-server configuration is required).\u003C\u002Fp>\n\u003Cp>Background image. Allow to use custom image as a background for user profile or group.\u003C\u002Fp>\n\u003Cp>Group address. Allow to change the group address in its settings and at creation.\u003C\u002Fp>\n\u003Cp>«Like» button. «Like» button for posts in the activity feed.\u003C\u002Fp>\n\u003Cp>«Repost» button. Second publication (repost) of posts in the activity feed.\u003C\u002Fp>\n\u003Cp>«Favorite», «Delete» buttons. Special «Favorite», «Delete» buttons (as «Like» and «Repost» button)\u003C\u002Fp>\n\u003Cp>Visual elements\u003C\u002Fp>\n\u003Cp>Site member widget. Fast and simple widget of site members avatars.\u003C\u002Fp>\n\u003Cp>Group widget. Fast and simple widget of group avatars.\u003C\u002Fp>\n","Buddypress features extension plugin for creation of social network site.",1691,"4.9.29","4.8",[20,21,129,130,131],"private-profile","repost","social-network","https:\u002F\u002Fgithub.com\u002Falexey-sergeev\u002Fmif-bp-customizer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmif-bp-customizer.zip",{"attackSurface":135,"codeSignals":261,"taintFlows":354,"riskAssessment":453,"analyzedAt":465},{"hooks":136,"ajaxHandlers":245,"restRoutes":257,"shortcodes":258,"cronEvents":259,"entryPointCount":260,"unprotectedCount":260},[137,143,147,152,157,159,162,164,166,171,175,180,184,188,193,196,199,202,207,211,215,219,223,227,231,235,238,241],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","admin_menu","bp_like_add_admin_page_menu","admin\\admin.php",18,{"type":138,"name":144,"callback":145,"file":141,"line":146},"init","bp_like_admin_page_verify_nonce",34,{"type":138,"name":148,"callback":149,"file":150,"line":151},"bp_include","bplike_init","bp-like-loader.php",28,{"type":138,"name":153,"callback":154,"file":155,"line":156},"bp_activity_filter_options","bp_like_activity_filter","includes\\activity-functions.php",17,{"type":138,"name":158,"callback":154,"file":155,"line":142},"bp_member_activity_filter_options",{"type":138,"name":160,"callback":154,"file":155,"line":161},"bp_group_activity_filter_options",19,{"type":138,"name":139,"callback":140,"file":163,"line":161},"includes\\admin.php",{"type":138,"name":144,"callback":145,"file":163,"line":165},36,{"type":138,"name":167,"callback":168,"file":169,"line":170},"view_who_likes","bp_like_get_some_likes","includes\\ajax-functions.php",20,{"type":138,"name":172,"callback":173,"file":174,"line":156},"plugins_loaded","bp_like_load_textdomain","includes\\bplike.php",{"type":138,"name":176,"callback":177,"file":178,"line":179},"bp_activity_entry_meta","bplike_activity_update_button","includes\\button-functions.php",43,{"type":138,"name":181,"callback":182,"file":178,"line":183},"bp_before_blog_single_post","bplike_blog_post_button",44,{"type":138,"name":185,"callback":186,"file":178,"line":187},"bp_activity_comment_options","bplike_activity_comment_button",45,{"type":138,"name":189,"callback":190,"file":191,"line":192},"admin_notices","bp_like_updated_notice","includes\\install-functions.php",201,{"type":138,"name":139,"callback":194,"file":191,"line":195},"bp_like_check_installed",228,{"type":138,"name":189,"callback":190,"file":197,"line":198},"includes\\install.php",189,{"type":138,"name":167,"callback":168,"priority":89,"file":200,"line":201},"includes\\like-functions.php",503,{"type":138,"name":203,"callback":204,"priority":89,"file":205,"line":206},"bp_activity_comment_posted","bp_activity_new_comment_notification_helper","includes\\notifications.php",412,{"type":138,"name":208,"callback":209,"priority":89,"file":205,"line":210},"bp_activity_sent_mention_email","bp_activity_at_mention_add_notification",540,{"type":138,"name":212,"callback":213,"file":205,"line":214},"bp_activity_screen_mentions","bp_activity_remove_screen_notifications",561,{"type":138,"name":216,"callback":217,"file":205,"line":218},"bp_activity_screen_single_activity_permalink","bp_activity_remove_screen_notifications_single_activity_permalink",582,{"type":138,"name":220,"callback":221,"priority":89,"file":205,"line":222},"bp_activity_deleted_activities","bp_activity_at_mention_delete_notification",600,{"type":138,"name":224,"callback":225,"file":226,"line":34},"wp_enqueue_scripts","bp_like_enqueue_scripts","includes\\scripts.php",{"type":138,"name":144,"callback":228,"file":229,"line":230},"bp_like_remove_favourites","includes\\settings.php",23,{"type":232,"name":233,"callback":234,"priority":33,"file":229,"line":151},"filter","bp_activity_can_favorite","__return_false",{"type":232,"name":236,"callback":234,"priority":33,"file":229,"line":237},"bp_get_total_favorite_count_for_user",29,{"type":138,"name":239,"callback":240,"file":229,"line":165},"wp_before_admin_bar_render","bp_like_admin_bar_render_remove_favorites",{"type":232,"name":242,"callback":182,"file":243,"line":244},"the_content","includes\\templates\\blog-post.php",61,[246,251,253],{"action":247,"nopriv":248,"callback":249,"hasNonce":248,"hasCapCheck":248,"file":169,"line":250},"activity_like",false,"bp_like_process_ajax",54,{"action":247,"nopriv":248,"callback":249,"hasNonce":248,"hasCapCheck":248,"file":252,"line":183},"includes\\ajax.php",{"action":254,"nopriv":248,"callback":255,"hasNonce":248,"hasCapCheck":248,"file":252,"line":256},"bplike_get_likes","bp_like_ajax_get_likes",59,[],[],[],3,{"dangerousFunctions":262,"sqlUsage":263,"outputEscaping":265,"fileOperations":28,"externalRequests":28,"nonceChecks":352,"capabilityChecks":28,"bundledLibraries":353},[],{"prepared":28,"raw":28,"locations":264},[],{"escaped":266,"rawEcho":250,"locations":267},7,[268,271,273,275,277,278,280,281,282,284,286,288,290,292,293,295,296,297,299,300,302,303,305,306,308,310,312,314,316,318,320,322,323,325,326,327,328,330,331,333,334,335,336,338,339,341,342,343,344,345,346,348,349,350],{"file":141,"line":269,"context":270},111,"raw output",{"file":141,"line":272,"context":270},116,{"file":141,"line":274,"context":270},134,{"file":141,"line":276,"context":270},194,{"file":141,"line":276,"context":270},{"file":141,"line":279,"context":270},195,{"file":141,"line":279,"context":270},{"file":141,"line":279,"context":270},{"file":155,"line":283,"context":270},13,{"file":163,"line":285,"context":270},113,{"file":163,"line":287,"context":270},118,{"file":163,"line":289,"context":270},136,{"file":163,"line":291,"context":270},198,{"file":163,"line":291,"context":270},{"file":163,"line":294,"context":270},199,{"file":163,"line":294,"context":270},{"file":163,"line":294,"context":270},{"file":298,"line":230,"context":270},"includes\\blogpost.php",{"file":298,"line":230,"context":270},{"file":298,"line":301,"context":270},24,{"file":298,"line":14,"context":270},{"file":298,"line":304,"context":270},32,{"file":298,"line":304,"context":270},{"file":298,"line":307,"context":270},33,{"file":298,"line":309,"context":270},35,{"file":200,"line":311,"context":270},156,{"file":200,"line":313,"context":270},159,{"file":200,"line":315,"context":270},324,{"file":200,"line":317,"context":270},327,{"file":200,"line":319,"context":270},365,{"file":321,"line":34,"context":270},"includes\\templates\\activity-comment.php",{"file":321,"line":34,"context":270},{"file":321,"line":324,"context":270},31,{"file":321,"line":307,"context":270},{"file":321,"line":49,"context":270},{"file":321,"line":49,"context":270},{"file":321,"line":329,"context":270},38,{"file":321,"line":70,"context":270},{"file":332,"line":34,"context":270},"includes\\templates\\activity-update.php",{"file":332,"line":34,"context":270},{"file":332,"line":304,"context":270},{"file":332,"line":146,"context":270},{"file":332,"line":337,"context":270},39,{"file":332,"line":337,"context":270},{"file":332,"line":340,"context":270},41,{"file":332,"line":179,"context":270},{"file":243,"line":307,"context":270},{"file":243,"line":307,"context":270},{"file":243,"line":309,"context":270},{"file":243,"line":49,"context":270},{"file":243,"line":347,"context":270},42,{"file":243,"line":347,"context":270},{"file":243,"line":183,"context":270},{"file":243,"line":351,"context":270},46,2,[],[355,386,401,417,430],{"entryPoint":356,"graph":357,"unsanitizedCount":384,"severity":385},"bp_like_process_ajax (includes\\ajax-functions.php:13)",{"nodes":358,"edges":379},[359,363,367,372,374,377],{"id":360,"type":361,"label":362,"file":169,"line":161},"n0","source","$_POST (x3)",{"id":364,"type":365,"label":366,"file":169,"line":161},"n1","transform","→ bp_like_add_user_like()",{"id":368,"type":369,"label":370,"file":200,"line":313,"wp_function":371},"n2","sink","echo() [XSS]","echo",{"id":373,"type":361,"label":362,"file":169,"line":301},"n3",{"id":375,"type":365,"label":376,"file":169,"line":301},"n4","→ bp_like_remove_user_like()",{"id":378,"type":369,"label":370,"file":200,"line":317,"wp_function":371},"n5",[380,381,382,383],{"from":360,"to":364,"sanitized":248},{"from":364,"to":368,"sanitized":248},{"from":373,"to":375,"sanitized":248},{"from":375,"to":378,"sanitized":248},6,"medium",{"entryPoint":387,"graph":388,"unsanitizedCount":384,"severity":385},"\u003Cajax-functions> (includes\\ajax-functions.php:0)",{"nodes":389,"edges":396},[390,391,392,393,394,395],{"id":360,"type":361,"label":362,"file":169,"line":161},{"id":364,"type":365,"label":366,"file":169,"line":161},{"id":368,"type":369,"label":370,"file":200,"line":313,"wp_function":371},{"id":373,"type":361,"label":362,"file":169,"line":301},{"id":375,"type":365,"label":376,"file":169,"line":301},{"id":378,"type":369,"label":370,"file":200,"line":317,"wp_function":371},[397,398,399,400],{"from":360,"to":364,"sanitized":248},{"from":364,"to":368,"sanitized":248},{"from":373,"to":375,"sanitized":248},{"from":375,"to":378,"sanitized":248},{"entryPoint":402,"graph":403,"unsanitizedCount":384,"severity":385},"bp_like_process_ajax (includes\\ajax.php:11)",{"nodes":404,"edges":412},[405,406,407,408,410,411],{"id":360,"type":361,"label":362,"file":252,"line":156},{"id":364,"type":365,"label":366,"file":252,"line":156},{"id":368,"type":369,"label":370,"file":200,"line":313,"wp_function":371},{"id":373,"type":361,"label":362,"file":252,"line":409},21,{"id":375,"type":365,"label":376,"file":252,"line":409},{"id":378,"type":369,"label":370,"file":200,"line":317,"wp_function":371},[413,414,415,416],{"from":360,"to":364,"sanitized":248},{"from":364,"to":368,"sanitized":248},{"from":373,"to":375,"sanitized":248},{"from":375,"to":378,"sanitized":248},{"entryPoint":418,"graph":419,"unsanitizedCount":33,"severity":385},"bp_like_ajax_get_likes (includes\\ajax.php:50)",{"nodes":420,"edges":427},[421,424,426],{"id":360,"type":361,"label":422,"file":252,"line":423},"$_POST",55,{"id":364,"type":365,"label":425,"file":252,"line":423},"→ bp_like_get_some_likes()",{"id":368,"type":369,"label":370,"file":200,"line":319,"wp_function":371},[428,429],{"from":360,"to":364,"sanitized":248},{"from":364,"to":368,"sanitized":248},{"entryPoint":431,"graph":432,"unsanitizedCount":266,"severity":385},"\u003Cajax> (includes\\ajax.php:0)",{"nodes":433,"edges":446},[434,435,436,437,438,439,440,442,444],{"id":360,"type":361,"label":362,"file":252,"line":156},{"id":364,"type":365,"label":366,"file":252,"line":156},{"id":368,"type":369,"label":370,"file":200,"line":313,"wp_function":371},{"id":373,"type":361,"label":362,"file":252,"line":409},{"id":375,"type":365,"label":376,"file":252,"line":409},{"id":378,"type":369,"label":370,"file":200,"line":317,"wp_function":371},{"id":441,"type":361,"label":422,"file":252,"line":423},"n6",{"id":443,"type":365,"label":425,"file":252,"line":423},"n7",{"id":445,"type":369,"label":370,"file":200,"line":319,"wp_function":371},"n8",[447,448,449,450,451,452],{"from":360,"to":364,"sanitized":248},{"from":364,"to":368,"sanitized":248},{"from":373,"to":375,"sanitized":248},{"from":375,"to":378,"sanitized":248},{"from":441,"to":443,"sanitized":248},{"from":443,"to":445,"sanitized":248},{"summary":454,"deductions":455},"The \"buddypress-like\" v0.3.0 plugin exhibits a concerning security posture primarily due to a significant number of unprotected AJAX handlers. While the plugin demonstrates good practices by not using dangerous functions, performing all SQL queries with prepared statements, and not making external HTTP requests, the lack of authentication checks on its entry points is a critical weakness.\n\nThe static analysis reveals three AJAX handlers, all of which lack proper authentication. This means any unauthenticated user could potentially interact with these endpoints, leading to unintended actions or information disclosure. Although taint analysis shows no critical or high severity unsanitized paths, the presence of unsanitized paths in all analyzed flows combined with the unprotected AJAX handlers creates a substantial risk.\n\nThe plugin's vulnerability history is clean, with no known CVEs. This is a positive indicator, suggesting that past development may have been diligent or that the plugin has not been a target. However, the absence of vulnerabilities does not negate the risks identified in the current code analysis. The lack of capability checks and a low percentage of properly escaped output are further weaknesses that, while not leading to immediate critical vulnerabilities in this specific version, represent potential vectors for future issues if not addressed.",[456,459,461,463],{"reason":457,"points":458},"Unprotected AJAX handlers",15,{"reason":460,"points":384},"Low percentage of properly escaped output",{"reason":462,"points":60},"No capability checks on entry points",{"reason":464,"points":89},"Unsanitized paths in taint analysis","2026-03-16T21:06:01.723Z",{"wat":467,"direct":473},{"assetPaths":468,"generatorPatterns":470,"scriptPaths":471,"versionParams":472},[469],"\u002Fwp-content\u002Fplugins\u002Fbuddypress-like\u002Fassets\u002Fjs\u002Fbp-like.js",[],[469],[],{"cssClasses":474,"htmlComments":478,"htmlAttributes":479,"restEndpoints":480,"jsGlobals":481,"shortcodeOutput":483},[475,476,477],"like-box","like_blogpost","unlike_blogpost",[],[],[],[482],"bplikeTerms",[]]