[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f5MEL3S1H2U2rdCeYgYrRIloU6fn3A2zm7wlcODqoxuY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":121,"fingerprints":209},"external-group-blogs","BP External Group Blogs","1.2.3","Andy Peatling","https:\u002F\u002Fprofiles.wordpress.org\u002Fapeatling\u002F","\u003Cp>Give group creators and administrators on your BuddyPress install the ability to attach\u003Cbr \u002F>\nexternal blog RSS feeds to groups.\u003C\u002Fp>\n\u003Cp>Blog posts will appear within the activity stream for the group.\u003C\u002Fp>\n\u003Cp>New posts will automatically be pulled every hour, or every 30 minutes if someone specifically visits a group page.\u003C\u002Fp>\n","Give group creators and administrators on your BuddyPress install the ability to attach",10,12073,60,2,"2013-06-21T17:20:00.000Z","",[18,19,20,21,22],"blogs","buddypress","feeds","groups","rss","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fexternal-group-blogs\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexternal-group-blogs.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":25,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"apeatling",3,1020,30,84,"2026-04-04T15:13:23.275Z",[38,57,69,82,100],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":16,"tags":53,"homepage":55,"download_link":56,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"bp-groupblog","BuddyPress Groupblog","1.9.3","Boone Gorges","https:\u002F\u002Fprofiles.wordpress.org\u002Fboonebgorges\u002F","\u003Cp>Requires BuddyPress 1.7+ and PHP 5.3+.\u003C\u002Fp>\n\u003Cp>The BuddyPress Groupblog plugin extends the group functionality by enabling each group to have a single blog associated with it. Group members are automatically added to the blog and will have blog roles as set by the groupblog admin settings.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>P2 integration and frontend posting.\u003C\u002Fli>\n\u003Cli>Admin can set Template specific groupblogs.\u003C\u002Fli>\n\u003Cli>Allow group admins choose the desired template page themselves.\u003C\u002Fli>\n\u003Cli>Full blog theme integration. The included bp-groupblog theme mimics the group pages.\u003C\u002Fli>\n\u003Cli>Automated blog registration at group creation stage.\u003C\u002Fli>\n\u003Cli>Bypass default blog validation to allow dashes, underscores, numeral only and minimum character count.\u003C\u002Fli>\n\u003Cli>Blog privacy settings are initially inherited from group privacy settings.\u003C\u002Fli>\n\u003Cli>Group members are automatically added to the blog.\u003C\u002Fli>\n\u003Cli>Blog roles match group roles as set by the group admin.\u003C\u002Fli>\n\u003Cli>Solid error checking that the blog follows validation.\u003C\u002Fli>\n\u003Cli>Group admin tab to access the group-blog settings.\u003C\u002Fli>\n\u003Cli>Blog themes will have the ability to pull in group info and create a theme that could resemble the group exactly.\u003C\u002Fli>\n\u003Cli>Leaving the group will downgrade the member role to ‘subscriber’.\u003C\u002Fli>\n\u003Cli>Allow the group admin to select one of his\u002Fher existing blogs.\u003C\u002Fli>\n\u003Cli>A new ajax backend.\u003C\u002Fli>\n\u003C\u002Ful>\n","BuddyPress Groupblog extends the group functionality by enabling the group to have a single blog associated with it.",50,66996,66,11,"2023-07-30T16:14:00.000Z","6.2.9","3.6",[18,19,54,21],"content","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbp-groupblog\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-groupblog.1.9.3.zip",{"slug":58,"name":59,"version":60,"author":42,"author_profile":43,"description":61,"short_description":62,"active_installs":11,"downloaded":63,"rating":26,"num_ratings":26,"last_updated":64,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":65,"homepage":16,"download_link":68,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"bp-lotsa-feeds","BP Lotsa Feeds","1.0","\u003Cp>BP Lotsa Feeds adds a whole bunch of RSS feeds to your installation of BuddyPress. The following feeds are included with BP Lotsa Feeds (followed by the URL pattern where the feeds can be found):\u003C\u002Fp>\n\u003Cp>INDIVIDUAL MEMBERS\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Networkwide comments by an individual member (\u002Fmembers\u002Fusername\u002Factivity\u002Fcomments\u002Ffeed)\u003C\u002Fli>\n\u003Cli>Networkwide blog posts by an individual member (\u002Fmembers\u002Fusername\u002Factivity\u002Fblogposts\u002Ffeed)\u003C\u002Fli>\n\u003Cli>Activity updates by an individual member (\u002Fmembers\u002Fusername\u002Factivity\u002Fupdates\u002Ffeed)\u003C\u002Fli>\n\u003Cli>An individual member’s friendship connections (\u002Fmembers\u002Fusername\u002Factivity\u002Ffriendships\u002Ffeed)\u003C\u002Fli>\n\u003Cli>Forum topics started by an individual member (\u002Fmembers\u002Fusername\u002Factivity\u002Fforumtopics\u002Ffeed)\u003C\u002Fli>\n\u003Cli>Forum replies by an individual member (\u002Fmembers\u002Fusername\u002Factivity\u002Fforumreplies\u002Ffeed)\u003C\u002Fli>\n\u003Cli>All forum activity by a member (a combination of the previous two feeds) (\u002Fmembers\u002Fusername\u002Factivity\u002Fforums\u002Ffeed)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>INDIVIDUAL GROUPS\u003C\u002Fp>\n\u003Cul>\n\u003Cli>A group’s activity updates (\u002Fgroups\u002Fgroupname\u002Fupdates\u002Ffeed)\u003C\u002Fli>\n\u003Cli>New forum topics in a given group (\u002Fgroups\u002Fgroupname\u002Fforumtopics\u002Ffeed)\u003C\u002Fli>\n\u003Cli>Forum replies in a given group (\u002Fgroups\u002Fgroupname\u002Fforumreplies\u002Ffeed)\u003C\u002Fli>\n\u003Cli>All forum activity in a given group (a combination of the previous two feeds) (\u002Fgroups\u002Fgroupname\u002Fforums\u002Ffeed)\u003C\u002Fli>\n\u003Cli>A group’s new members (\u002Fgroups\u002Fgroupname\u002Fmembership\u002Ffeed)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>FORUMS\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Individual forum topic posts (\u002Fgroups\u002Fgroupname\u002Fforum\u002Ftopic\u002Ftopicslug\u002Ffeed)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can make any of these feeds inaccessible by defining the corresponding DISABLE constant in plugins\u002Fbp-custom.php or wp-config.php, e.g.\u003Cbr \u002F>\n    define( ‘BPLF_DISABLE_GROUP_UPDATES_FEED’, true )\u003Cbr \u002F>\nSee \u003Ccode>bp-lotsa-feeds.php\u003C\u002Fcode> for the proper constant names.\u003C\u002Fp>\n\u003Cp>Hooks and filters are in place so that you can add custom feeds and feed templates.\u003C\u002Fp>\n\u003Cp>Follow the plugin’s development at http:\u002F\u002Fgithub.com\u002Fboonebgorges\u002Fbp-lotsa-feeds\u003C\u002Fp>\n","Gives your BuddyPress installation lotsa feeds.",6716,"2010-09-28T14:44:00.000Z",[66,19,67,20,22],"activity","feed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-lotsa-feeds.1.0.zip",{"slug":70,"name":71,"version":72,"author":7,"author_profile":8,"description":73,"short_description":74,"active_installs":11,"downloaded":75,"rating":26,"num_ratings":26,"last_updated":76,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":77,"homepage":80,"download_link":81,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"buddypress-group-twitter","BuddyPress Group Twitter","1.2","\u003Cp>Attach Twitter accounts to a BuddyPress group then aggregate and track tweets within that group.\u003C\u002Fp>\n\u003Cp>Group tweets will be pulled automatically every hour, or every 30 minutes if someone visits a group home page.\u003C\u002Fp>\n","Attach Twitter accounts to a BuddyPress group then aggregate and track tweets within that group.",5710,"2010-02-24T14:12:00.000Z",[78,19,20,21,79],"aggregation","twitter","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fbuddypress-group-twitter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-group-twitter.1.2.zip",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":11,"downloaded":90,"rating":91,"num_ratings":92,"last_updated":16,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":93,"homepage":97,"download_link":98,"security_score":91,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":99},"external-group-rss-tab-extension","External Group RSS tab extension","2.0","lenasterg","https:\u002F\u002Fprofiles.wordpress.org\u002Flenasterg\u002F","\u003Cp>Adds tab in group for external blog RSS feeds posts of group activity. Requires External Group Blogs plugin (https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fexternal-group-blogs\u002F) to by installed.\u003C\u002Fp>\n","Adds tab in the Buddypress groups for external blog RSS feeds posts of group activity",2149,100,1,[66,19,94,95,96],"external-blogs-tab","external-rss-tab","tabs","http:\u002F\u002Flenasterg.wordpress.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexternal-group-rss-tab-extension.2.0.zip","2026-03-15T10:48:56.248Z",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":110,"num_ratings":111,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":16,"tags":115,"homepage":119,"download_link":120,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"disable-feeds","Disable Feeds","1.4.4","WPDeveloper","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdevteam\u002F","\u003Cp>This plugin disables all RSS\u002FAtom\u002FRDF feeds on your site. It is useful if you use WordPress purely as a content management system (and not for blogging). All requests for feeds will be redirected to the corresponding HTML content.\u003C\u002Fp>\n\u003Cp>There are a couple of options to tweak the plugin’s behaviour – go to \u003Ccode>Settings -> Reading\u003C\u002Fcode> to see them.\u003C\u002Fp>\n\u003Cp>If you come across any bugs or have suggestions, please use the plugin support forum. I can’t fix it if I don’t know it’s broken! Please check the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fdisable-feeds\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa> for common issues.\u003C\u002Fp>\n\u003Cp>Want to contribute? Here’s the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsolarissmoke\u002Fdisable-feeds\" rel=\"nofollow ugc\">GitHub development repository\u003C\u002Fa>.\u003C\u002Fp>\n","Disables all RSS\u002FAtom\u002FRDF feeds on your WordPress site.",30000,216366,94,31,"2018-03-30T04:50:00.000Z","4.9.29","4.0",[116,117,20,118,22],"atom","disable","rdf","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-feeds\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-feeds.zip",{"attackSurface":122,"codeSignals":175,"taintFlows":199,"riskAssessment":200,"analyzedAt":208},{"hooks":123,"ajaxHandlers":165,"restRoutes":171,"shortcodes":172,"cronEvents":173,"entryPointCount":92,"unprotectedCount":92},[124,130,133,137,141,145,149,152,156,161],{"type":125,"name":126,"callback":127,"file":128,"line":129},"action","bp_group_activity_filter_options","bp_groupblogs_add_filter","includes\\bp-groups-externalblogs.php",256,{"type":125,"name":131,"callback":127,"file":128,"line":132},"bp_activity_filter_options",257,{"type":125,"name":134,"callback":135,"file":128,"line":136},"wp_footer","_bp_groupblogs_refetch",270,{"type":125,"name":138,"callback":139,"file":128,"line":140},"groups_screen_group_home","bp_groupblogs_refetch",273,{"type":125,"name":142,"callback":143,"file":128,"line":144},"bp_groupblogs_cron","bp_groupblogs_cron_refresh",313,{"type":125,"name":146,"callback":147,"file":128,"line":148},"bp_get_activity_avatar_object_groups","bp_groupblogs_avatar_type",327,{"type":125,"name":150,"callback":147,"file":128,"line":151},"bp_get_activity_avatar_object_activity",328,{"type":125,"name":153,"callback":154,"file":128,"line":155},"bp_get_activity_avatar_item_id","bp_groupblogs_avatar_id",341,{"type":125,"name":157,"callback":158,"file":159,"line":160},"bp_init","bp_groupblogs_init","loader.php",19,{"type":125,"name":162,"callback":163,"file":159,"line":164},"plugins_loaded","bp_groupblogs_load_translations",26,[166],{"action":167,"nopriv":168,"callback":169,"hasNonce":168,"hasCapCheck":168,"file":128,"line":170},"refetch_groupblogs",false,"bp_groupblogs_ajax_refresh",302,[],[],[174],{"hook":142,"callback":142,"file":159,"line":111},{"dangerousFunctions":176,"sqlUsage":177,"outputEscaping":179,"fileOperations":26,"externalRequests":26,"nonceChecks":14,"capabilityChecks":26,"bundledLibraries":198},[],{"prepared":14,"raw":26,"locations":178},[],{"escaped":32,"rawEcho":180,"locations":181},8,[182,185,186,188,190,192,194,196],{"file":128,"line":183,"context":184},25,"raw output",{"file":128,"line":111,"context":184},{"file":128,"line":187,"context":184},37,{"file":128,"line":189,"context":184},53,{"file":128,"line":191,"context":184},98,{"file":128,"line":193,"context":184},104,{"file":128,"line":195,"context":184},115,{"file":128,"line":197,"context":184},285,[],[],{"summary":201,"deductions":202},"The \"external-group-blogs\" plugin v1.2.3 exhibits a mixed security posture.  On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and has no recorded vulnerabilities or CVEs, suggesting a relatively stable and well-maintained codebase in the past. The absence of file operations and external HTTP requests also reduces common attack vectors.\n\nHowever, significant concerns arise from the static analysis. The plugin exposes one AJAX handler that lacks authentication checks, creating a direct entry point for unauthenticated users. Furthermore, only 27% of its output is properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities across multiple output points. The complete lack of taint analysis results might be due to the analysis tool's limitations or an indication that no complex data flows were detected, but the unescaped output still poses a tangible risk.\n\nIn conclusion, while the plugin benefits from a clean vulnerability history and secure database practices, the presence of an unprotected AJAX endpoint and widespread unescaped output are critical security weaknesses that warrant immediate attention. The potential for XSS and unauthorized actions via the AJAX handler significantly detracts from its overall security.",[203,205],{"reason":204,"points":180},"AJAX handler without authentication checks",{"reason":206,"points":207},"Low percentage of properly escaped output",7,"2026-03-17T00:01:12.072Z",{"wat":210,"direct":215},{"assetPaths":211,"generatorPatterns":212,"scriptPaths":213,"versionParams":214},[],[],[],[],{"cssClasses":216,"htmlComments":219,"htmlAttributes":220,"restEndpoints":226,"jsGlobals":227,"shortcodeOutput":228},[217,218],"desc","bp-groups-externalblogs",[],[221,222,223,224,225],"id=\"fetch-time\"","name=\"fetch-time\"","id=\"blogfeeds\"","name=\"blogfeeds\"","name=\"save\"",[],[],[]]