[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f4YvwS-TNSk_5wkRwOVneB-UazQW87e1sNQUCZmo8mgM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":137,"fingerprints":171},"buddypress-messages-spam-blocker","Buddypress Messages Spam Blocker","2.5","quan_flo","https:\u002F\u002Fprofiles.wordpress.org\u002Fquan_flo\u002F","\u003Cp>If there is a user (or a bot) that signed up at your site this user can start to send messages to every other user.\u003Cbr \u002F>\nI had some negative experiences with this and so I wrote a module that should help to block such a spam.\u003C\u002Fp>\n\u003Cp>Buddypress Messages Spam Blocker introduces some restrictions to your users:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New users can send messages only 24h after their registration, so you’ll have time if bot registrations have to be removed manually (modify this value using filter ‘buddypress_messages_spamblocker_newMembersWaitingPeriod’)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Their are also some more restrictions for mass mailings (mails that are sent to “friends” of the contact list are not included in this calculation):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Users can send 6 messages maximum in 5 minutes (modify this value using filter ‘buddypress_messages_spamblocker_5m’)\u003C\u002Fli>\n\u003Cli>Users can send 10 messages maximum in 10 minutes (modify this value using filter ‘buddypress_messages_spamblocker_10m’)\u003C\u002Fli>\n\u003Cli>Users can send 20 messages maximum in 30 minutes (modify this value using filter ‘buddypress_messages_spamblocker_30m’)\u003C\u002Fli>\n\u003Cli>Users can send 30 messages maximum in 60 minutes (modify this value using filter ‘buddypress_messages_spamblocker_60m’)\u003C\u002Fli>\n\u003Cli>Users can send 35 messages maximum in 12 hours (modify this value using filter ‘buddypress_messages_spamblocker_12h’)\u003C\u002Fli>\n\u003Cli>Users can send 45 messages maximum in 24 hours (modify this value using filter ‘buddypress_messages_spamblocker_24h’)\u003C\u002Fli>\n\u003Cli>Users can send 50 messages maximum in 48 hours (modify this value using filter ‘buddypress_messages_spamblocker_48h’)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Users with the capability “edit_users” (admins etc.) have no restrictions for outgoing messages\u003C\u002Fp>\n\u003Cp>Install, activate, and it will work.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>More about me and my plugins\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Since the year 1999 I do administration, customizing and programming for several forums, communities and social networks. In the year 2013 I switched from another PHP framework to WordPress.\u003Cbr \u002F>\nBecause not all plugins I’d like to have exist already I wrote some own plugins and I think I’ll continue to do so.\u003C\u002Fp>\n\u003Cp>If you have the scope at forums or social networks my other modules might also be interesting for you. \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsearch.php?q=quan_flo\" title=\"ifs-net \u002F quan_flo WordPress Plugins\" rel=\"ugc\">Just take a look at my WordPress Profile to see all my Plugins.\u003C\u002Fa> Use them and if my work helps you to save time, earn money or just makes you happy feel free to donate – Thanks. The donation link can be found at the right sidebar next to this text.\u003C\u002Fp>\n","This plugin will block mass mailing for the buddypress messaging system",50,8570,100,4,"2016-04-26T18:36:00.000Z","4.5.33","3.0","",[20,21,22],"buddypress","messages","spam","http:\u002F\u002Fifs-net.de","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-messages-spam-blocker.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},5,290,30,84,"2026-04-04T13:13:24.594Z",[37,58,80,100,119],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":18,"tags":52,"homepage":56,"download_link":57,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"spam-destroyer","Spam Destroyer","2.1.6","Ryan Hellyer","https:\u002F\u002Fprofiles.wordpress.org\u002Fryanhellyer\u002F","\u003Cp>Stops automated spam while remaining as unobtrusive as possible to regular commenters. \u003Ca href=\"https:\u002F\u002Fgeek.hellyer.kiwi\u002Fproducts\u002Fspam-destroyer\u002F\" rel=\"nofollow ugc\">The Spam Destroyer plugin\u003C\u002Fa> is intended to be effortless to use. Simply install, and enjoy a spam free website 🙂\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fusers\u002Fomahoung\u002F\" rel=\"ugc\">omahoung\u003C\u002Fa> – Bug reporting\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Fstromhalm\" rel=\"ugc\">Stromhalm\u003C\u002Fa> – Bug reporting\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Focaoimh.ie\u002F\" rel=\"nofollow ugc\">Donncha O Caoimh\u003C\u002Fa> – Developer of Cookies for Comments, functionality of which is incorporated into Spam Destroyer\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Felliottback.com\u002F\" rel=\"nofollow ugc\">Elliot Back\u003C\u002Fa> – Developer of WP Hashcash, functionality of which is incorporated into Spam Destroyer\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fnettsett.no\u002F\" rel=\"nofollow ugc\">Marte Sollund and Ingvild Evje\u003C\u002Fa> – Bug reporting\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002FeHermitsInc.com\u002F\" rel=\"nofollow ugc\">Brian Layman\u003C\u002Fa> – Code advice\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fronalfy.com\u002F\" rel=\"nofollow ugc\">Ronald Huereca\u003C\u002Fa> – JS advice\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fshawngaffney\" rel=\"nofollow ugc\">Shawn Gaffney\u003C\u002Fa> – Bug reporting\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fkonstruktors.com\u002F\" rel=\"nofollow ugc\">Kaspars Dambis\u003C\u002Fa> – Bug reporting\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.wanderingjon.com\u002F\" rel=\"nofollow ugc\">Jon Brown\u003C\u002Fa> – Added error message filter\u003C\u002Fbr \u002F>\u003C\u002Fli>\n\u003C\u002Ful>\n","Kills spam dead in it's tracks. Be gone evil demon spam!",6000,98562,92,53,"2025-05-01T20:53:00.000Z","6.9.4","5.0",[53,54,20,55,22],"anti-spam","antispam","comments","https:\u002F\u002Fgeek.hellyer.kiwi\u002Fproducts\u002Fspam-destroyer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspam-destroyer.2.1.6.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":78,"download_link":79,"security_score":47,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"bp-default-data","BuddyPress Default Data","1.4.0","Slava Abakumov","https:\u002F\u002Fprofiles.wordpress.org\u002Fslaffik\u002F","\u003Cp>Plugin will create lots of users, messages, friends connections, groups, topics, activity items, profile data – useful for testing purpose.\u003C\u002Fp>\n\u003Cp>All imported users will have avatars, generated by 8biticon.com and displayed by Gravatar.\u003C\u002Fp>\n\u003Cp>Please use this plugin with caution and not on a live site! Again, USE FOR TESTING THEMES AND PLUGINGS, NOT ON A STAGING SITE WITH LIVE DATA. Plugin should not mess with your live data, but not guaranteed.\u003C\u002Fp>\n\u003Cp>Clear BuddyPress button will delete all data, that was generated by this plugin: messages, groups, notifications, friends, forum posts, xprofile. Plugin won’t reimport data if clicked twice.\u003C\u002Fp>\n\u003Cp>And turn off email notifications in profile (friendship accepted and messages received) – or you will spam yourself 🙂 Imported users have these settings already turned off.\u003C\u002Fp>\n","Plugin will create lots of users, messages, friends connections, groups, topics, activity items, profile data - useful for testing purpose.",400,72981,78,22,"2024-11-30T22:53:00.000Z","6.7.5","4.4","5.3",[20,75,76,21,77],"groups","import","users","https:\u002F\u002Fovirium.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-default-data.1.4.0.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":90,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":18,"requires_php":18,"tags":94,"homepage":98,"download_link":99,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"bp-security-check","BuddyPress Security Check","3.2.2","Shea Bunge","https:\u002F\u002Fprofiles.wordpress.org\u002Fbungeshea\u002F","\u003Cblockquote>\n\u003Cp>\u003Cstrong>Important\u003C\u002Fstrong>: Since version 2.0, this plugin now requires at least PHP 5.3. Please ensure you are running the latest available version of PHP on your server.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This plugin adds \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002F\" rel=\"nofollow ugc\">Google’s reCAPTCHA\u003C\u002Fa> to the BuddyPress registration page and WordPress login page to prevent bots from registering and keep your site free from spam registrations.\u003C\u002Fp>\n\u003Cp>reCAPTCHA is “tough on bots, easy on humans”: while it is increbianle effective on preventing bots from registering, most of the time all the user needs to do to verify themselves is simply check a box.\u003C\u002Fp>\n\u003Cp>After installing this plugin, you will need to \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fadmin\" rel=\"nofollow ugc\">register your site with Google\u003C\u002Fa> (requires a Google account) and enter the site key and secret key on the \u003Cstrong>Settings > BuddyPress > Options\u003C\u002Fstrong> admin menu. If you would prefer not to use Google’s service, there is an alternative security check method also available; see below;\u003C\u002Fp>\n\u003Cp>Prior to version 2.0, a less effective security check method was used where the user needed to answer simple math sum before registering. This method is still available, and can be turned on on the \u003Cstrong>Settings > BuddyPress > Options\u003C\u002Fstrong> menu.\u003C\u002Fp>\n\u003Cp>You can learn more at the \u003Ca href=\"https:\u002F\u002Fbungeshea.com\u002Fplugins\u002Fbp-security-check\u002F\" rel=\"nofollow ugc\">plugin’s website\u003C\u002Fa>, or on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsheabunge\u002Fbp-security-check\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Translations\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Thanks to the awesome work of the following translators, this plugin can be used in these languages:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Indonesian\u003C\u002Fstrong> thanks to \u003Ca href=\"https:\u002F\u002Fwww.chameleonjohn.com\u002F\" rel=\"nofollow ugc\">Jordan Silaen from ChameleonJohn.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Russian\u003C\u002Fstrong> thanks to \u003Ca href=\"http:\u002F\u002Fsuperbwebsitebuilders.com\u002F\" rel=\"nofollow ugc\">Howard Steele from SuperbWebsiteBuilders.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Swedish\u003C\u002Fstrong> thanks to \u003Ca href=\"http:\u002F\u002Ftdh.me\" rel=\"nofollow ugc\">Thord D. Hedengren\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>French\u003C\u002Fstrong> thanks to Frédérick Baldo\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Serbo-Croatian\u003C\u002Fstrong> thanks to \u003Ca href=\"https:\u002F\u002Fwebhostinggeeks.com\" rel=\"nofollow ugc\">Andrijana Nikolic from WebHostingGeeks\u003C\u002Fa> and \u003Ca href=\"http:\u002F\u002Ffirstsiteguide.com\u002F\" rel=\"nofollow ugc\">Ogi Djuraskovic from FirstSiteGuide.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Spanish\u003C\u002Fstrong> thanks to Renato Alves\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hungarian\u003C\u002Fstrong> thanks to Laszlo Espadas\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Brazilian Portuguese\u003C\u002Fstrong> thanks to Renato Alves\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Danish\u003C\u002Fstrong> thanks to Andreas Bjørn Hassing Nielsen\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Italian\u003C\u002Fstrong> thanks to \u003Ca href=\"http:\u002F\u002Fnicolecurioni.com\u002F\" rel=\"nofollow ugc\">Nicole Curioni\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Belarusian\u003C\u002Fstrong> thanks to \u003Ca href=\"https:\u002F\u002Fwww.ustarcash.com\" rel=\"nofollow ugc\">Natasha from uStarCash\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you have a translation to contribute, please sent it through to me \u003Ca href=\"https:\u002F\u002Fbungeshea.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">by email\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsheabunge\u002Fbp-security-check\u002Fpulls\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","Combat spam registrations for a BuddyPress-powered site using Google's reCAPTCHA",300,51104,82,14,"2018-01-25T16:53:00.000Z","4.9.29",[53,20,95,96,97],"math","registration","security","https:\u002F\u002Fbungeshea.com\u002Fplugins\u002Fbp-security-check\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-security-check.zip",{"slug":101,"name":102,"version":6,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":13,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":18,"tags":113,"homepage":114,"download_link":115,"security_score":116,"vuln_count":117,"unpatched_count":26,"last_vuln_date":118,"fetched_at":28},"bp-messages-tool","BP Messages Tool","shanebp","https:\u002F\u002Fprofiles.wordpress.org\u002Fshanebp\u002F","\u003Cp>BP Messages Tool is a BuddyPress plugin.\u003C\u002Fp>\n\u003Cp>By default, nobody can read a BuddyPress private message unless it was sent or received by the current logged-in member.\u003C\u002Fp>\n\u003Cp>Occasionally, there is a need to respond to member complaints about another member harassing them via abusive messages.\u003C\u002Fp>\n\u003Cp>This tool allows site administrators to review the messages of any member. They can also delete Message Threads.\u003C\u002Fp>\n\u003Cp>NOTE: There is no UNDO for delete operations.\u003C\u002Fp>\n\u003Cp>It provides a wp-admin screen available via Tools > BP Messages.\u003C\u002Fp>\n\u003Cp>You can allow members to block each other by using \u003Ca href=\"https:\u002F\u002Fwww.philopress.com\u002Fproducts\u002Fbuddyblock\u002F\" title=\"BuddyBlock\" rel=\"nofollow ugc\">BuddyBlock\u003C\u002Fa>\u003C\u002Fp>\n","A BuddyPress tool for viewing messages",200,14764,6,"2025-04-30T16:59:00.000Z","6.8.5","4.0",[20,21],"https:\u002F\u002Fwww.philopress.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-messages-tool.2.5.zip",99,1,"2025-04-29 00:00:00",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":107,"downloaded":127,"rating":90,"num_ratings":128,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":18,"tags":132,"homepage":135,"download_link":136,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"buddypress-captcha","BuddyPress Captcha","1.2","Hardeep Asrani","https:\u002F\u002Fprofiles.wordpress.org\u002Fhardeepasrani\u002F","\u003Cp>This plugin adds Google’s reCAPTCHA form to your BuddyPress’ registration page to keep your community spam-free! You can use out simple option panel to add reCAPTCHA credentials right from your Dashboard without editing any files.\u003C\u002Fp>\n\u003Cp>This plugin is a forked version of \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbuddypress-recaptcha\u002F\" rel=\"ugc\">BuddyPress reCAPTCHA\u003C\u002Fa> plugin, which requires you to edit plugin core files to configure reCAPTCHA.\u003C\u002Fp>\n","This plugin adds Google's reCAPTCHA form to your BuddyPress' registration page to keep your community spam-free! You can use out simple opti &hellip;",18965,12,"2015-10-23T16:04:00.000Z","4.1.42","3.2",[53,20,133,134,22],"captcha","google","http:\u002F\u002Fwww.trickspanda.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-captcha.zip",{"attackSurface":138,"codeSignals":159,"taintFlows":166,"riskAssessment":167,"analyzedAt":170},{"hooks":139,"ajaxHandlers":155,"restRoutes":156,"shortcodes":157,"cronEvents":158,"entryPointCount":26,"unprotectedCount":26},[140,146,150],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","bp_include","bps_bp_spam_stop_init","buddypress-messages-spamblocker.php",19,{"type":141,"name":147,"callback":148,"file":149,"line":109},"init","bps_load_textdomain","plugin.php",{"type":151,"name":152,"callback":153,"file":149,"line":154},"filter","messages_screen_compose","bps_bp_spam_stop",9,[],[],[],[],{"dangerousFunctions":160,"sqlUsage":161,"outputEscaping":163,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":165},[],{"prepared":117,"raw":26,"locations":162},[],{"escaped":26,"rawEcho":26,"locations":164},[],[],[],{"summary":168,"deductions":169},"The 'buddypress-messages-spam-blocker' plugin v2.5 exhibits an exceptionally strong security posture based on the provided static analysis and vulnerability history.  The absence of any identified dangerous functions, raw SQL queries, unescaped output, file operations, or external HTTP requests is highly commendable. Furthermore, the analysis indicates zero taint flows, meaning there are no identified paths where unsanitized data could lead to vulnerabilities. The complete lack of known CVEs, both historical and current, strongly suggests a well-maintained and secure codebase.  The plugin's attack surface is also zero, with no AJAX handlers, REST API routes, shortcodes, or cron events, further minimizing potential entry points for attackers. The only potential area for improvement, though not a direct vulnerability based on this data, is the complete absence of capability checks and nonce checks. While the current code may not require them due to its limited attack surface, implementing them would provide an additional layer of defense and follow best practices for future code expansions. Overall, this plugin appears to be a very secure option, with its strengths significantly outweighing any perceived weaknesses.",[],"2026-03-16T21:55:20.431Z",{"wat":172,"direct":185},{"assetPaths":173,"generatorPatterns":178,"scriptPaths":179,"versionParams":180},[174,175,176,177],"\u002Fwp-content\u002Fplugins\u002Fbuddypress-messages-spam-blocker\u002Fcss\u002Fbps-admin.css","\u002Fwp-content\u002Fplugins\u002Fbuddypress-messages-spam-blocker\u002Fcss\u002Fbps-frontend.css","\u002Fwp-content\u002Fplugins\u002Fbuddypress-messages-spam-blocker\u002Fjs\u002Fbps-admin.js","\u002Fwp-content\u002Fplugins\u002Fbuddypress-messages-spam-blocker\u002Fjs\u002Fbps-frontend.js",[],[176,177],[181,182,183,184],"\u002Fwp-content\u002Fplugins\u002Fbuddypress-messages-spam-blocker\u002Fcss\u002Fbps-admin.css?ver=","\u002Fwp-content\u002Fplugins\u002Fbuddypress-messages-spam-blocker\u002Fcss\u002Fbps-frontend.css?ver=","\u002Fwp-content\u002Fplugins\u002Fbuddypress-messages-spam-blocker\u002Fjs\u002Fbps-admin.js?ver=","\u002Fwp-content\u002Fplugins\u002Fbuddypress-messages-spam-blocker\u002Fjs\u002Fbps-frontend.js?ver=",{"cssClasses":186,"htmlComments":189,"htmlAttributes":190,"restEndpoints":192,"jsGlobals":193,"shortcodeOutput":195},[187,188],"bps-admin-page","bps-frontend-message-form",[],[191],"data-bps-nonce",[],[194],"bps_frontend_vars",[]]