[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1-eErHzx0tq8BZySBxiwq2fQHXOgIWLKsbGNWiHd_Is":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":15,"requires_php":15,"tags":16,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":34,"analysis":144,"fingerprints":244},"invitation-code-checker","Invitation Code Checker","1.0.1","Dennis","https:\u002F\u002Fprofiles.wordpress.org\u002Fgigalinux\u002F","\u003Cp>With this plugin registrations are only allowed if the user has an invitation code. This plugin is only for WordPress MU and is BuddyPress compatible.\u003C\u002Fp>\n","With this plugin registrations are only allowed if the user has an invitation code. This plugin is only for WordPress MU and is BuddyPress compatible.",10,4097,0,"2009-10-22T18:07:00.000Z","",[17,18,19,20,21],"buddypress","code","invitation","signup","wpmu","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Finvitation-code-checker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finvitation-code-checker.1.0.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"gigalinux",2,30,84,"2026-04-05T17:35:48.082Z",[35,59,84,107,127],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":15,"tags":50,"homepage":54,"download_link":55,"security_score":56,"vuln_count":57,"unpatched_count":13,"last_vuln_date":58,"fetched_at":26},"bp-activity-shortcode","BuddyPress Activity Shortcode","1.1.9","BuddyDev","https:\u002F\u002Fprofiles.wordpress.org\u002Fbuddydev\u002F","\u003Cp>BuddyPress Activity shortcode plugin allows you to insert BuddyPress activity stream on any page\u002Fpost using shortcode. It has a lot of flexibility built in the shortcode.\u003Cbr \u002F>\nYou can customize almost all aspects of the activity list, what should be listed, how many and everything using the shortcode.\u003C\u002Fp>\n\u003Cp>This plugin does not include any css and utilizes your theme’s css for displaying the activity. If you need any help, please ask on BuddyDev support forums.\u003Cbr \u002F>\nWe are helpful people looking forward to assist you.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>List all activities\u003C\u002Fli>\n\u003Cli>List activities for a user\u003C\u002Fli>\n\u003Cli>List activities for a group\u003C\u002Fli>\n\u003Cli>List activities of specific user role.\u003C\u002Fli>\n\u003Cli>Allow users to post from the page( experimental, if does not work with your theme, please let us know)\u003C\u002Fli>\n\u003Cli>All options supported by bp_has_activities are available\u003C\u002Fli>\n\u003Cli>For details, please see \u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002Fplugins\u002Fbp-activity-shortcode\u002F\" title=\"Plugin page\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003Cbr \u002F>\nThe simple way to use it is by including this shortcode\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>[activity-stream ]\u003C\u002Fp>\n\u003Cp>Please make sure to check the usage instructions on the \u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002Fplugins\u002Fbp-activity-shortcode\u002F\" title=\"Plugin page\" rel=\"nofollow ugc\">BuddyPress Activity shortcode plugin page\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Free & paid supports are available via \u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002Fsupport\u002Fforums\u002F\" title=\"BuddyDev support forums\" rel=\"nofollow ugc\">BuddyDev Support Forum\u003C\u002Fa>\u003C\u002Fp>\n","BuddyPress Activity shortcode plugin allows you to insert BuddyPress activity stream on any page\u002Fpost using shortcode.",2000,55302,100,8,"2025-12-31T16:26:00.000Z","5.9.0","4.0",[51,17,52,53],"activity-shortcode","buddypress-activity","sitewide-activity","https:\u002F\u002Fbuddydev.com\u002Fplugins\u002Fbp-activity-shortcode\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-activity-shortcode.1.1.9.zip",99,1,"2025-12-31 00:00:00",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":49,"requires_php":15,"tags":73,"homepage":79,"download_link":80,"security_score":81,"vuln_count":82,"unpatched_count":13,"last_vuln_date":83,"fetched_at":26},"bsk-gravityforms-blacklist","BSK Forms Blacklist","4.2","bannersky","https:\u002F\u002Fprofiles.wordpress.org\u002Fbannersky\u002F","\u003Cp>This plugin helps you avoid spam submissions from Gravity Forms, Formidable Forms, WPForms, Contact Form 7 and Forminator.\u003C\u002Fp>\n\u003Cp>This is the free version and you can set it up to use a blacklist. If the field value contains \u002F same as an item \u002F keyword in the applied blacklist, the form submission will be blocked. It’s easy to use, you just need to create a blacklist, enable settings for the form and apply the blacklist to the form fields. You can set one or more fields to validate. Validation messages can be customized for the form.\u003C\u002Fp>\n\u003Cp>The Pro version described here: https:\u002F\u002Fwww.bannersky.com\u002Fgravity-forms-blacklist-and-custom-validation\u002F can also be used as a whitelist, IP address, email or invitation code to validate visitor input. Support for blocking email domains, giving you the option to allow or block submissions instead of always allowing submissions. Supports blocking IP addresses by country or allowing only IP addresses from a certain country.\u003C\u002Fp>\n\u003Ch3>Short Description\u003C\u002Fh3>\n\u003Cp>This plugin helps you avoid spam submissions from Gravity Forms, Formidable Forms, WPForms, Contact Form 7 and Forminator. It checks the form field content and block submitting base on your keywords. Blocking IP, Country is only supported in the Pro version.\u003C\u002Fp>\n","Checks field content and block submitting base on your keywords. Blocking IP, Country is only supported in the Pro version.",1000,34626,86,12,"2025-09-01T07:17:00.000Z","6.8.5",[74,75,76,77,78],"blacklist","formidable-forms","gravity-form","invitation-code","ip-blacklist","https:\u002F\u002Fwww.bannersky.com\u002Fgravity-forms-blacklist-and-custom-validation\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbsk-gravityforms-blacklist.zip",96,5,"2025-01-03 00:00:00",{"slug":85,"name":86,"version":87,"author":88,"author_profile":89,"description":90,"short_description":91,"active_installs":67,"downloaded":92,"rating":69,"num_ratings":93,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":15,"tags":97,"homepage":102,"download_link":103,"security_score":104,"vuln_count":105,"unpatched_count":13,"last_vuln_date":106,"fetched_at":26},"invite-anyone","Invite Anyone","1.4.10","Boone Gorges","https:\u002F\u002Fprofiles.wordpress.org\u002Fboonebgorges\u002F","\u003Cp>Invite Anyone has two components:\u003C\u002Fp>\n\u003Cp>1) The ability to invite members to the site by email. The plugin creates a tab on each member’s Profile page called “Send Invites”, which contains a form where users can invite outsiders to join the site. There is a field for a custom message. Also, inviters can optionally select any number of their groups, and when the invitee accepts the invitation he or she automatically receive invitations to join those groups.\u003C\u002Fp>\n\u003Cp>The email invitation part of the plugin is customizable by the BP administrator, via Dashboard > BuddyPress > Invite Anyone.\u003C\u002Fp>\n\u003Cp>2) By default, BuddyPress only allows group admins to invite their friends to groups. In some communities, you might want members to be able to invite non-friends to groups as well. This plugin allows you to do so, by populating the invitation checklist with the entire membership of the site, rather than just a friend list.\u003C\u002Fp>\n\u003Cp>Because member lists can get very long and hard to navigate, this plugin adds a autosuggest search box to the Send Invites screen – the same one that appears on the Compose Message screen – which allows inviters to navigate directly to the members they want to invite.\u003C\u002Fp>\n\u003Cp>Invite Anyone features optional integration with CloudSponge http:\u002F\u002Fcloudsponge.com, a premium address book service, that allows your users to invite their friends to the site in a way that’s easy and fun. Enable it at Dashboard > BuddyPress > Invite Anyone.\u003C\u002Fp>\n\u003Ch3>Translation credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Belarussian: Alexander Ovsov (\u003Ca href=\"http:\u002F\u002Fwebhostinggeeks.com\u002Fscience\" rel=\"nofollow ugc\">Web Geek Science\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Brazilian Portuguese: Celso Bessa\u003C\u002Fli>\n\u003Cli>Catalan: Mònica Grau and Toni Ginard\u003C\u002Fli>\n\u003Cli>Danish: Mort3n\u003C\u002Fli>\n\u003Cli>Dutch: Jesper Popma, Tim de Hoog\u003C\u002Fli>\n\u003Cli>French: Guillaume Coulon, Nicolas Mollet\u003C\u002Fli>\n\u003Cli>German: Lars Berning, Thorsten Wollenhöfer, Matthias Lunz\u003C\u002Fli>\n\u003Cli>Greek: Lena Stergatou\u003C\u002Fli>\n\u003Cli>Italian: Luca Camellini\u003C\u002Fli>\n\u003Cli>Norwegian: Stig Ulfsby\u003C\u002Fli>\n\u003Cli>Russian: Jettochkin, Roman Leonov\u003C\u002Fli>\n\u003Cli>Serbo-Croatian: Anja Skrba\u003C\u002Fli>\n\u003Cli>Spanish: Mauricio Camayo, Gregor Gimmy\u003C\u002Fli>\n\u003Cli>Swedish: Alexander Berthelsen, Jan Anderson\u003C\u002Fli>\n\u003Cli>Ukrainian: \u003Ca href=\"http:\u002F\u002Fwww.coupofy.com\u002F\" rel=\"nofollow ugc\">Ivanka\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additional details about the plugin can be found in the following languages:\u003Cbr \u002F>\n* Serbo-Croatian: \u003Ca href=\"http:\u002F\u002Fscience.webhostinggeeks.com\u002Fteleogistic\" rel=\"nofollow ugc\">http:\u002F\u002Fscience.webhostinggeeks.com\u002Fteleogistic\u003C\u002Fa>\u003C\u002Fp>\n","Makes BuddyPress's invitation features more powerful.",262018,26,"2024-08-19T17:09:00.000Z","6.6.5","3.2",[17,98,99,100,101],"friends","group","invitations","invite","http:\u002F\u002Fteleogistic.net\u002Fcode\u002Fbuddypress\u002Finvite-anyone\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finvite-anyone.1.4.10.zip",83,6,"2024-08-16 00:00:00",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":45,"num_ratings":117,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":15,"tags":121,"homepage":123,"download_link":124,"security_score":125,"vuln_count":57,"unpatched_count":57,"last_vuln_date":126,"fetched_at":26},"bp-disable-activation-reloaded","BP Disable Activation Reloaded","1.2.1","Damian","https:\u002F\u002Fprofiles.wordpress.org\u002Ftimersys\u002F","\u003Cp>Based on crashutah, apeatling https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbp-disable-activation\u002F Disables the activation email and automatically activates new users in BuddyPress under a standard WP install and WPMU (multisite).  Also, automatically logs in the new user since the account is already active.\u003C\u002Fp>\n\u003Cp>Basically i updated the plugin and added some features like:\u003C\u002Fp>\n\u003Cp>-Option to turn off automatic login\u003Cbr \u002F>\n-Redirect options after account creation\u003C\u002Fp>\n\u003Cp>Known Bugs:\u003Cbr \u002F>\n-Doesn’t do the automatic login if you allow blog creation during the user creation in WPMU (multisite)\u003C\u002Fp>\n\u003Ch4>Install Multiple plugins at once with WpFavs\u003C\u002Fh4>\n\u003Cp>Bulk plugin installation tool, import WP favorites and create your own lists (\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwpfavs\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwpfavs\u002F\u003C\u002Fa>)\u003C\u002Fp>\n\u003Ch4>Increase your twitter followers\u003C\u002Fh4>\n\u003Cp>Increase your Twitter followers with Twitter likebox Plugin (\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ftwitter-like-box-reloaded\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ftwitter-like-box-reloaded\u002F\u003C\u002Fa>)\u003C\u002Fp>\n\u003Ch4>WordPress Social Invitations\u003C\u002Fh4>\n\u003Cp>Enhance your site by letting your users send Social Invitations (\u003Ca href=\"http:\u002F\u002Fwp.timersys.com\u002Fwordpress-social-invitations\u002F?utm_source=social-popup&utm_medium=readme\" rel=\"nofollow ugc\">http:\u002F\u002Fwp.timersys.com\u002Fwordpress-social-invitations\u002F\u003C\u002Fa>)\u003C\u002Fp>\n","Based on crashutah, apeatling plugin Disables the activation email and automatically activates new users in BuddyPress under a standard WP install and …",900,26606,19,"2014-08-14T15:54:00.000Z","3.9.40","3.6",[122,17,21],"activation","http:\u002F\u002Fwww.timersys.com\u002Fplugins-wordpress\u002Fbp-disable-activation-reloaded","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-disable-activation-reloaded.1.2.1.zip",63,"2025-09-22 00:00:00",{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":115,"downloaded":135,"rating":136,"num_ratings":11,"last_updated":137,"tested_up_to":72,"requires_at_least":49,"requires_php":15,"tags":138,"homepage":15,"download_link":143,"security_score":45,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"bp-xprofile-location","BP xProfile Location","4.9","shanebp","https:\u002F\u002Fprofiles.wordpress.org\u002Fshanebp\u002F","\u003Cp>This plugin works with both BuddyPress and the BuddyBoss Platform. It creates an xProfile Location field type that will use the Google Places API to populate and validate address fields on member profiles.\u003C\u002Fp>\n\u003Cp>The result will be \u003Cem>uniform\u003C\u002Fem> and \u003Cem>searchable\u003C\u002Fem> addresses with a \u003Cem>single\u003C\u002Fem> input field.\u003C\u002Fp>\n\u003Cp>In BuddyPress, you can create multiple Location fields via \u003Cem>wp-admin > Users > Profile Fields > Add New Field\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>In BuddyBoss Platform, you can create multiple Location fields via \u003Cem>wp-admin > BuddyBoss > Profiles > Profile Fields > Add New Field\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>The xprofile field for each member will be populated as a searchable string.\u003C\u002Fp>\n\u003Cp>A latitude \u002F longitude ‘geocode’ will be saved as a separate field, if that option was selected when the field was created.\u003C\u002Fp>\n\u003Cp>You can then use the geocode in your preferred Member Map solution.\u003C\u002Fp>\n\u003Cp>Or you may be interested in this \u003Cstrong>Member Map\u003C\u002Fstrong> solution: \u003Ca href=\"https:\u002F\u002Fwww.philopress.com\u002Fproducts\u002Fbp-maps-for-members\" title=\"BP Maps for Members\" rel=\"nofollow ugc\">BP Maps for Members\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>For \u003Cstrong>Group Maps\u003C\u002Fstrong>, please see: \u003Ca href=\"https:\u002F\u002Fwww.philopress.com\u002Fproducts\u002Fbp-maps-for-groups\" title=\"BP Maps for Groups\" rel=\"nofollow ugc\">BP Maps for Groups\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>For more information about this plugin, please visit \u003Ca href=\"https:\u002F\u002Fwww.philopress.com\u002Fproducts\u002Fbp-xprofile-location\u002F\" title=\"BP xProfile Location\" rel=\"nofollow ugc\">BP xProfile Location\u003C\u002Fa>\u003C\u002Fp>\n","This plugin works with both BuddyPress and the BuddyBoss Platform. It creates an xProfile Location field type that will use the Google Places API to p …",32378,88,"2025-04-19T17:35:00.000Z",[139,17,140,141,142],"address","geocode","location","map","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-xprofile-location.4.9.zip",{"attackSurface":145,"codeSignals":178,"taintFlows":196,"riskAssessment":232,"analyzedAt":243},{"hooks":146,"ajaxHandlers":174,"restRoutes":175,"shortcodes":176,"cronEvents":177,"entryPointCount":13,"unprotectedCount":13},[147,153,157,162,166,170],{"type":148,"name":149,"callback":150,"file":151,"line":152},"action","signup_extra_fields","add_code_field_to_signup","invitation-code-checker.php",32,{"type":148,"name":154,"callback":155,"file":151,"line":156},"bp_after_signup_profile_fields","add_code_field_to_signup_buddypress",33,{"type":158,"name":159,"callback":160,"file":151,"line":161},"filter","wpmu_validate_user_signup","checkup",34,{"type":158,"name":163,"callback":164,"file":151,"line":165},"bp_signup_validate","checkup_buddypress",35,{"type":148,"name":167,"callback":168,"file":151,"line":169},"update_wpmu_options","save_admin_options",36,{"type":148,"name":171,"callback":172,"file":151,"line":173},"wpmu_options","add_admin_options",37,[],[],[],[],{"dangerousFunctions":179,"sqlUsage":180,"outputEscaping":182,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":195},[],{"prepared":13,"raw":13,"locations":181},[],{"escaped":13,"rawEcho":82,"locations":183},[184,187,189,191,193],{"file":151,"line":185,"context":186},46,"raw output",{"file":151,"line":188,"context":186},48,{"file":151,"line":190,"context":186},57,{"file":151,"line":192,"context":186},59,{"file":151,"line":194,"context":186},94,[],[197,214,222],{"entryPoint":198,"graph":199,"unsanitizedCount":57,"severity":213},"add_code_field_to_signup (invitation-code-checker.php:41)",{"nodes":200,"edges":210},[201,205],{"id":202,"type":203,"label":204,"file":151,"line":188},"n0","source","$_POST['invitation_code']",{"id":206,"type":207,"label":208,"file":151,"line":188,"wp_function":209},"n1","sink","echo() [XSS]","echo",[211],{"from":202,"to":206,"sanitized":212},false,"medium",{"entryPoint":215,"graph":216,"unsanitizedCount":57,"severity":213},"add_code_field_to_signup_buddypress (invitation-code-checker.php:51)",{"nodes":217,"edges":220},[218,219],{"id":202,"type":203,"label":204,"file":151,"line":192},{"id":206,"type":207,"label":208,"file":151,"line":192,"wp_function":209},[221],{"from":202,"to":206,"sanitized":212},{"entryPoint":223,"graph":224,"unsanitizedCount":30,"severity":231},"\u003Cinvitation-code-checker> (invitation-code-checker.php:0)",{"nodes":225,"edges":229},[226,228],{"id":202,"type":203,"label":227,"file":151,"line":188},"$_POST['invitation_code'] (x2)",{"id":206,"type":207,"label":208,"file":151,"line":188,"wp_function":209},[230],{"from":202,"to":206,"sanitized":212},"low",{"summary":233,"deductions":234},"The \"invitation-code-checker\" plugin version 1.0.1 presents a concerning security posture despite a lack of recorded vulnerabilities. The static analysis reveals zero entry points (AJAX, REST API, shortcodes, cron events) which is a positive indicator of a limited attack surface.  Furthermore, all SQL queries are correctly using prepared statements, and there are no file operations or external HTTP requests detected, further reducing potential risks.  However, a significant weakness lies in the complete absence of output escaping across all identified outputs. This means that any data processed by the plugin and then displayed to users or in the admin area is vulnerable to cross-site scripting (XSS) attacks if that data originates from an untrusted source. The taint analysis highlights three flows with unsanitized paths, which, while not classified as critical or high severity, directly correlate with the unescaped output issue and represent a clear risk.",[235,237,239,241],{"reason":236,"points":46},"No output escaping detected",{"reason":238,"points":105},"Taint flows with unsanitized paths",{"reason":240,"points":82},"No nonce checks",{"reason":242,"points":82},"No capability checks","2026-03-17T00:41:28.117Z",{"wat":245,"direct":251},{"assetPaths":246,"generatorPatterns":248,"scriptPaths":249,"versionParams":250},[247],"\u002Fwp-content\u002Fplugins\u002Finvitation-code-checker\u002Finvitation-code-checker.php",[],[],[],{"cssClasses":252,"htmlComments":255,"htmlAttributes":256,"restEndpoints":261,"jsGlobals":262,"shortcodeOutput":263},[253,254],"invitation-code-section","error",[],[257,258,259,260],"id=\"invitation-code-section\"","style=\"font-size:24px; margin:5px 0px; width:100%;\"","style=\"width:50%;\"","style=\"width: 95%\"",[],[],[]]