[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fapsxIsB3iVzBuubjBHHSTKjY5a09jPAvsC-CewzceL4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":112,"crawl_stats":38,"alternatives":120,"analysis":230,"fingerprints":568},"invite-anyone","Invite Anyone","1.4.10","Boone Gorges","https:\u002F\u002Fprofiles.wordpress.org\u002Fboonebgorges\u002F","\u003Cp>Invite Anyone has two components:\u003C\u002Fp>\n\u003Cp>1) The ability to invite members to the site by email. The plugin creates a tab on each member’s Profile page called “Send Invites”, which contains a form where users can invite outsiders to join the site. There is a field for a custom message. Also, inviters can optionally select any number of their groups, and when the invitee accepts the invitation he or she automatically receive invitations to join those groups.\u003C\u002Fp>\n\u003Cp>The email invitation part of the plugin is customizable by the BP administrator, via Dashboard > BuddyPress > Invite Anyone.\u003C\u002Fp>\n\u003Cp>2) By default, BuddyPress only allows group admins to invite their friends to groups. In some communities, you might want members to be able to invite non-friends to groups as well. This plugin allows you to do so, by populating the invitation checklist with the entire membership of the site, rather than just a friend list.\u003C\u002Fp>\n\u003Cp>Because member lists can get very long and hard to navigate, this plugin adds a autosuggest search box to the Send Invites screen – the same one that appears on the Compose Message screen – which allows inviters to navigate directly to the members they want to invite.\u003C\u002Fp>\n\u003Cp>Invite Anyone features optional integration with CloudSponge http:\u002F\u002Fcloudsponge.com, a premium address book service, that allows your users to invite their friends to the site in a way that’s easy and fun. Enable it at Dashboard > BuddyPress > Invite Anyone.\u003C\u002Fp>\n\u003Ch3>Translation credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Belarussian: Alexander Ovsov (\u003Ca href=\"http:\u002F\u002Fwebhostinggeeks.com\u002Fscience\" rel=\"nofollow ugc\">Web Geek Science\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Brazilian Portuguese: Celso Bessa\u003C\u002Fli>\n\u003Cli>Catalan: Mònica Grau and Toni Ginard\u003C\u002Fli>\n\u003Cli>Danish: Mort3n\u003C\u002Fli>\n\u003Cli>Dutch: Jesper Popma, Tim de Hoog\u003C\u002Fli>\n\u003Cli>French: Guillaume Coulon, Nicolas Mollet\u003C\u002Fli>\n\u003Cli>German: Lars Berning, Thorsten Wollenhöfer, Matthias Lunz\u003C\u002Fli>\n\u003Cli>Greek: Lena Stergatou\u003C\u002Fli>\n\u003Cli>Italian: Luca Camellini\u003C\u002Fli>\n\u003Cli>Norwegian: Stig Ulfsby\u003C\u002Fli>\n\u003Cli>Russian: Jettochkin, Roman Leonov\u003C\u002Fli>\n\u003Cli>Serbo-Croatian: Anja Skrba\u003C\u002Fli>\n\u003Cli>Spanish: Mauricio Camayo, Gregor Gimmy\u003C\u002Fli>\n\u003Cli>Swedish: Alexander Berthelsen, Jan Anderson\u003C\u002Fli>\n\u003Cli>Ukrainian: \u003Ca href=\"http:\u002F\u002Fwww.coupofy.com\u002F\" rel=\"nofollow ugc\">Ivanka\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additional details about the plugin can be found in the following languages:\u003Cbr \u002F>\n* Serbo-Croatian: \u003Ca href=\"http:\u002F\u002Fscience.webhostinggeeks.com\u002Fteleogistic\" rel=\"nofollow ugc\">http:\u002F\u002Fscience.webhostinggeeks.com\u002Fteleogistic\u003C\u002Fa>\u003C\u002Fp>\n","Makes BuddyPress's invitation features more powerful.",1000,262018,86,26,"2024-08-19T17:09:00.000Z","6.6.5","3.2","",[20,21,22,23,24],"buddypress","friends","group","invitations","invite","http:\u002F\u002Fteleogistic.net\u002Fcode\u002Fbuddypress\u002Finvite-anyone\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finvite-anyone.1.4.10.zip",83,6,0,"2024-08-16 00:00:00","2026-03-15T15:16:48.613Z",[33,49,65,80,91,99],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2024-43327","invite-anyone-reflected-cross-site-scripting","Invite Anyone \u003C= 1.4.7 - Reflected Cross-Site Scripting","The Invite Anyone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.4.7","1.4.8","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-08-22 13:07:53",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb02613dc-8c31-4c86-b800-eb1039381e1f?source=api-prod",7,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":56,"cvss_score":57,"cvss_vector":58,"vuln_type":59,"published_date":60,"updated_date":61,"references":62,"days_to_patch":64},"WF-b77c3d65-23c0-4bda-afea-9cad00fc04d6-invite-anyone","invite-anyone-php-object-injection","Invite Anyone \u003C= 1.3.18 - PHP Object Injection","The Invite Anyone plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.3.18 via deserialization of untrusted input from the 'invite-anyone\u002Ftrunk\u002Fby-email\u002Fby-email.php' file. This allows unauthenticated attackers to inject a PHP Object.","\u003C=1.3.18","1.3.19","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Deserialization of Untrusted Data","2017-10-12 00:00:00","2024-01-22 19:56:02",[63],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb77c3d65-23c0-4bda-afea-9cad00fc04d6?source=api-prod",2294,{"id":66,"url_slug":67,"title":68,"description":69,"plugin_slug":4,"theme_slug":38,"affected_versions":70,"patched_in_version":71,"severity":72,"cvss_score":73,"cvss_vector":74,"vuln_type":75,"published_date":76,"updated_date":61,"references":77,"days_to_patch":79},"CVE-2017-18544","invite-anyone-cross-site-request-forgery","Invite Anyone \u003C 1.3.16 - Cross-Site Request Forgery","The Invite Anyone plugin before 1.3.16 for WordPress has admin-panel CSRF. The plugin’s setting pages had a vulnerability found in the nonce, which is used to prevent CSRF, but when the settings are saved there was no check to a validate if a nonce was included.","\u003C1.3.16","1.3.16","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Cross-Site Request Forgery (CSRF)","2017-03-22 00:00:00",[78],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F101edd24-3f9e-4055-8547-9cd7e2b626b5?source=api-prod",2498,{"id":81,"url_slug":82,"title":83,"description":84,"plugin_slug":4,"theme_slug":38,"affected_versions":85,"patched_in_version":71,"severity":72,"cvss_score":86,"cvss_vector":87,"vuln_type":88,"published_date":76,"updated_date":61,"references":89,"days_to_patch":79},"CVE-2017-18545","invite-anyone-improper-input-validation","Invite Anyone \u003C= 1.3.15 - Improper Input Validation","The invite-anyone plugin before 1.3.16 for WordPress has incorrect escaping of untrusted Dashboard and front-end input.","\u003C=1.3.15",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:H\u002FA:N","Improper Input Validation",[90],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6a4559f8-bd13-4a38-91c2-8569a9967700?source=api-prod",{"id":92,"url_slug":93,"title":94,"description":95,"plugin_slug":4,"theme_slug":38,"affected_versions":70,"patched_in_version":71,"severity":72,"cvss_score":86,"cvss_vector":87,"vuln_type":96,"published_date":76,"updated_date":61,"references":97,"days_to_patch":79},"CVE-2017-18543","invite-anyone-email-injection","Invite Anyone \u003C 1.3.16 - Email Injection","The Invite Anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations.","Improper Access Control",[98],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe95ecb22-7946-4830-95a4-f145f0f99d68?source=api-prod",{"id":100,"url_slug":101,"title":102,"description":103,"plugin_slug":4,"theme_slug":38,"affected_versions":104,"patched_in_version":105,"severity":41,"cvss_score":106,"cvss_vector":107,"vuln_type":88,"published_date":108,"updated_date":61,"references":109,"days_to_patch":111},"CVE-2017-6955","invite-anyone-change-of-email-invitation-content","Invite Anyone \u003C= 1.3.14 - Change of Email Invitation Content","An issue was discovered in by-email\u002Fby-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack.","\u003C1.3.15","1.3.15",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","2017-03-17 00:00:00",[110],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F80388709-77ee-4f18-9da2-b99f562a20cd?source=api-prod",2503,{"slug":113,"display_name":7,"profile_url":8,"plugin_count":114,"total_installs":115,"avg_security_score":116,"avg_patch_time_days":117,"trust_score":118,"computed_at":119},"boonebgorges",27,11620,88,1864,71,"2026-04-04T02:43:55.043Z",[121,141,161,179,206],{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":131,"num_ratings":132,"last_updated":18,"tested_up_to":16,"requires_at_least":18,"requires_php":18,"tags":133,"homepage":138,"download_link":139,"security_score":131,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":140},"bp-post-status","BP Post Status","2.0.3","Venutius","https:\u002F\u002Fprofiles.wordpress.org\u002Fvenutius\u002F","\u003Cp>New: Allows hidden and Private groups to have public and site members only posts without compromising the group privacy.\u003C\u002Fp>\n\u003Cp>A feature I’ve always thought was missing from BuddyPress was integration with WordPresses biggest asset – blog posts. This plugin is my attempt to do just that. First of all it implements BuddyPress Post Statuses, so a post can be shared just to friends, site members followers or those the user follows. In addition groups can have their own posts and these can be made public, site members only or only available to group members regardless of the group status.\u003C\u002Fp>\n\u003Cp>Once you have posts linked to groups an immediate thought is to use a group based post as the groups home-page – this plugin enables that with group admin able to easily choose from the groups list of posts which one is to be used as the homepage.\u003C\u002Fp>\n\u003Cp>Groups and users get a dedicated page for their posts, this page is intended not only to display these blogs to other users but also to help the user manage their posts from the front-end, so posts can be made sticky, deleted and if BP Site Post is installed, created and edited, all from the front end.\u003C\u002Fp>\n\u003Cp>Simply install the plugin, edit your post and select Members or Friends Only, or choose to publish into a group you are a member of. In addition you can turn on notifications for these new post types and control exactly who can post or send notifications.\u003C\u002Fp>\n\u003Cp>Note that users will need to have WordPress edit_posts as a capability to create new pending posts and publish_posts capability in order to select the publish statuses.\u003C\u002Fp>\n\u003Cp>If you have groups that would like to assign posts to the group, and share either publicly, only to site members or only to group membes then this plugin should interest you.\u003Cbr \u002F>\nAlso you may have a need to allow site members the opportunity to create posts only to share amongst friends, or only to logged in site members, then this plugin adds that functionality.\u003C\u002Fp>\n\u003Cp>Groups can also choose to use a group post as a homepage, using this option group activity is moved to an activity tab and the home tab is used for the selected post. This means group managers have full flexibility as to the content they choose to display in the homepage; shortcodes can be used to display summaries of group forums and activity for example.\u003C\u002Fp>\n\u003Cp>It’s integrated with BuddyPress Activity and Notifications and supports BP Follow.\u003C\u002Fp>\n\u003Cp>If you want to allow front end posting I’ve also created \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbp-site-post\u002F\" rel=\"ugc\">BP Site Post\u003C\u002Fa> which works with BP Post Status and allows users to create and edit their posts from the front-end.\u003C\u002Fp>\n\u003Cp>The activity posts try to be appropriate to the security level assigned to the post – private group posts only post their activity into the group the post is assigned to.\u003Cbr \u002F>\nSite and group managers can choose to enable the ability to trigger a notification to the target group with the posts publication.\u003C\u002Fp>\n\u003Cp>Groups with group posts enabled have an optional “Group Posts” tab showing all posts assigned to the group. If a private or hidden group chooses to publish public posts then this directory will be visible to non group members, but it will only display posts that have been made public. Similarly if a private group makes their homepage public then the landing page will be displayed for visiting non-members.\u003C\u002Fp>\n\u003Cp>There’s extensive manageability:\u003C\u002Fp>\n\u003Cp>Group managers can choose what membership level to allow group post creation, and also the membership level required to be able to trigger post notifications. These options are available in the groups management pages in the settings tab. They can also choose to display a “Group Posts” tab in the group.\u003C\u002Fp>\n\u003Cp>In addition, the site admin has a settings page at Dashboard>>Settings>>BP Post Status. Here the five different status types can be disabled site-wide, and the site-wide controls for the minimum user role required to create posts and trigger notifications is set.\u003C\u002Fp>\n\u003Cp>There is also an option to have post revisions create activity updates, as opposed to the activity only being updated when the post is first created. When it is enabled you can set the minimum time allowed between posting updates.\u003C\u002Fp>\n\u003Cp>A new My Posts menu option has been added to users profiles, this displays their posts and enabled posts to be made sticky ( in My Posts ) or deleted. If BP Site Post is loaded then an edit link can also be added to this view. For guests viewing My Posts only published posts will be displayed but for the user all posts (including pending) will be displayed.\u003C\u002Fp>\n\u003Cp>Editors ( members with the ‘edit_others_posts’ capability ) get a Moderation page in their profile ( if there are pending posts to approve ) for easy access to the approvals queue. This page shows the full content of the post to be approved and have links to delete, publish or edit the post.\u003C\u002Fp>\n\u003Cp>Members with pending posts and with the ‘edit_posts’ capability get a Pending Posts page in their profile ( if they have pending posts ) so that pending posts can be reviewed and edited.\u003C\u002Fp>\n\u003Cp>Note regarding group_only_pending posts\u003C\u002Fp>\n\u003Cp>When a group_post_pending post is selected, a notification email is sent to the admin of the site so they can authorize the post. However, I felt that this was a less than optimal solution since ideally the group creator should have a say in if a post gets published to their group. One of the issues is that it’s not possible to give group creators the ability to manage only posts in their group – they either edit_others_posts for all posts on the site or they simply do not have this capability.\u003C\u002Fp>\n\u003Cp>I found a solution to this using Automattics Co-Authors Plus plugin, since this allows multiple authors to be assigned to posts. I’ve therefore added a check to see if Co-Authors Plus is active and if so the group creator will be automatically added as an author of all posts set for their group. This being the case they will be send a notification email and they will be able to edit the post content and if they have publish_posts capability they will be able to publish the post to their group. However, if they only have edit_posts, they will need to contact the site admin to have the post published. However, at the time of writng this causes an error when viewing the profile my-posts page (10\u002F03\u002F2019), this has been reported and is being worked on.\u003C\u002Fp>\n\u003Cp>The template pages can be overloaded by copying them to themes\u002Fyour-child-theme\u002Fbpps\u002F and editing them as suits.\u003C\u002Fp>\n\u003Cp>There is a shortcode – [bppss_group_posts group_id=”34″ ] which allows the group posts list to be displayed on any page.\u003C\u002Fp>\n\u003Cp>The only downside of this plugin is with regards to Gutenberg – the new text editor in WordPress, sadly Gutenberg does not support custom post statuses so if you want to use this you will have to install the Classic Editor plugin and stick with the classic for now, hopefully this situation will be rectified soon.\u003C\u002Fp>\n\u003Ch3>Props\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>This plugin was created by merging some features from three other plugins – Peter Shaw’s LH Logged in Post Status, BuddyDev’s Blog Categories for Groups and Imath’s WP Statuses. This made the creation of this plugin a lot easier than it would have been if built from scratch. Props to these great developers!\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds BuddyPress status options for posts - Group posts (public, site members only and group only, Members Only, Followers, Following and Friends only  &hellip;",10,6012,100,2,[20,134,135,136,137],"friends-only-posts","group-posts","groups","members-only-posts","https:\u002F\u002Fbuddyuser.com\u002Fplugin-bp-post-status","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-post-status.zip","2026-03-15T10:48:56.248Z",{"slug":142,"name":143,"version":144,"author":145,"author_profile":146,"description":147,"short_description":148,"active_installs":11,"downloaded":149,"rating":116,"num_ratings":150,"last_updated":151,"tested_up_to":152,"requires_at_least":153,"requires_php":154,"tags":155,"homepage":18,"download_link":159,"security_score":160,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"bp-registration-options","Registration Options for BuddyPress","4.4.5","Brian Messenlehner","https:\u002F\u002Fprofiles.wordpress.org\u002Fmessenlehner\u002F","\u003Cp>Prevent users and bots from accessing the BuddyPress or bbPress areas of your website(s) until they are approved.\u003C\u002Fp>\n\u003Cp>This BuddyPress extension allows you to enable user moderation for new members, as well as help create a private network for your users. If moderation is enabled, any new members will be denied access to your BuddyPress and bbPress areas on your site, with the exception of their own user profile. They will be allowed to edit and configure that much. They will also not be listed in the members lists on the frontend until approved. Custom messages are available so you can tailor them to the tone of your website and community. When an admin approves or denies a user, email notifications will be sent to let them know of the decision.\u003C\u002Fp>\n\u003Cp>Requires BuddyPress version 1.7 or higher and bbPress 2.0 or higher.\u003C\u002Fp>\n\u003Ch3>General Data Protection Regulation\u003C\u002Fh3>\n\u003Cp>BuddyPress Registration Options temporarily stores user IP addresses as user meta to help validate and vet pending users. Saved IP values are deleted upon both approval and denial of pending user. No other personal data is recorded.\u003C\u002Fp>\n","Moderate new BuddyPress members and fight BuddyPress spam.",175480,33,"2023-03-05T15:26:00.000Z","6.0.11","5.2","5.6",[156,20,136,157,158],"admin","moderation","registration","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-registration-options.zip",85,{"slug":162,"name":163,"version":164,"author":7,"author_profile":8,"description":165,"short_description":166,"active_installs":11,"downloaded":167,"rating":168,"num_ratings":169,"last_updated":170,"tested_up_to":16,"requires_at_least":17,"requires_php":171,"tags":172,"homepage":176,"download_link":177,"security_score":178,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"buddypress-group-email-subscription","BuddyPress Group Email Subscription","4.2.4","\u003Cp>This powerful plugin allows users to receive email notifications of group activity. Weekly or daily digests are available. Each user can choose how they want to subscribe to their groups.\u003C\u002Fp>\n\u003Cp>Please note that this plugin requires BuddyPress, as well as the BuddyPress Groups and Activity components.\u003C\u002Fp>\n\u003Cp>EMAIL SUBSCRIPTION LEVELS\u003Cbr \u002F>\nThere are 5 levels of email subscription options:\u003C\u002Fp>\n\u003Col>\n\u003Cli>No Email – Read this group on the web\u003C\u002Fli>\n\u003Cli>Weekly Summary Email – A summary of new topics each week\u003C\u002Fli>\n\u003Cli>Daily Digest Email – All the day’s activity bundled into a single email\u003C\u002Fli>\n\u003Cli>New Topics Email – Send new topics as they arrive (but don’t send replies)\u003C\u002Fli>\n\u003Cli>All Email – Send all group activity as it arrives\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>DEFAULT SUBSCRIPTION STATUS\u003Cbr \u002F>\nGroup admins can choose one of the 5 subscription levels as a default that gets applied when new members join.\u003C\u002Fp>\n\u003Cp>DIGEST AND SUMMARY EMAILS\u003Cbr \u002F>\nThe daily digest email is sent every morning and contains all the emails from all the groups a user is subscribed to. The digest begins with a helpful topic summary. The weekly summary email contains the topic titles from the past week by default. Summary and digest timing can be configured in the back end. (The admin can view a sample of the digests and summaries in the queue by going adding this to your url: mydomain.com\u002Fsum=1. This won’t send emails just show what will be sent)\u003C\u002Fp>\n\u003Cp>HTML EMAILS\u003Cbr \u002F>\nThe digest and summary emails are sent out in multipart HTML and plain text email format. This makes the digest much more readable with better links. The email is multipart so users who need only plain text will get plain text.\u003C\u002Fp>\n\u003Cp>EMAILS FOR TOPICS I’VE STARTED OR COMMENTED ON (only available with BuddyPress legacy discussion forums)\u003Cbr \u002F>\nUsers receive email notifications when someone replies to a topic they create or comment on (similar to Facebook). This happens whether they are subscribed or not. Users can control this behaviour in their notifications page.\u003C\u002Fp>\n\u003Cp>TOPIC FOLLOW AND MUTE (only available with BuddyPress legacy discussion forums)\u003Cbr \u002F>\nUsers who are not fully subscribed to a group (ie. maybe they are on digest) can choose to get immediate email updates for specific topic threads. Any subsequent replies to that thread will be emailed to them. In an opposite way, users who are fully subscribed to a group but want to stop getting emails from a specific (perhaps annoying) thread can choose to mute that topic.  bbPress plugin users can utilize the “Subscribe” \u002F “Notify me of follow-up replies via email” option.\u003C\u002Fp>\n\u003Cp>ADMIN NOTIFICATION\u003Cbr \u002F>\nGroup admins can send out an email to all group members from the group’s admin section. This feature is helpful to quickly communicate to the whole group, but it should be used with caution.\u003C\u002Fp>\n\u003Cp>GROUP ADMINS CAN SET SUBSCRIPTION LEVEL\u003Cbr \u002F>\nGroup admins can set the subscription level for existing users on the group’s “Admin > Manage Members” page – either one by one or all at once.\u003C\u002Fp>\n\u003Cp>SPAM PROTECTION\u003Cbr \u002F>\nTo protect against spam, you can set a minimum number of days users need to be registered before their group activity will be emailed to other users. This feature is off by default, but can be enabled in the admin.\u003C\u002Fp>\n\u003Cp>TRANSLATORS\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brazilian Portuguese – www.about.me\u002Fdennisaltermann (or www.congregacao.net)\u003C\u002Fli>\n\u003Cli>Catalan – Sara Arjona Téllez\u003C\u002Fli>\n\u003Cli>Danish – Morten Nalholm\u003C\u002Fli>\n\u003Cli>Dutch – Anja werkgroepen.net\u002Fwordpress, Tim de Hoog\u003C\u002Fli>\n\u003Cli>Farsi – Vahid Masoomi http:\u002F\u002Fwww.AzUni.ir\u003C\u002Fli>\n\u003Cli>French – http:\u002F\u002Fwww.claudegagne-photo.com, Sylvain Ghysens\u003C\u002Fli>\n\u003Cli>German – Peter Peterson, Thorsten Wollenhöfer, Jörg Lohrer\u003C\u002Fli>\n\u003Cli>Hebrew – Iggy Pritzker\u003C\u002Fli>\n\u003Cli>Italian – Stefano Russo\u003C\u002Fli>\n\u003Cli>Japanese – https:\u002F\u002Fbuddypress.org\u002Fcommunity\u002Fmembers\u002Fchestnut_jp\u002F\u003C\u002Fli>\n\u003Cli>Lithuanian – Vincent G http:\u002F\u002Fwww.Host1Free.com\u003C\u002Fli>\n\u003Cli>Russian – http:\u002F\u002Fwww.viaestvita.net\u002Fgroups\u002F\u003C\u002Fli>\n\u003Cli>Spanish – Williams Castillo, Gregor Gimmy\u003C\u002Fli>\n\u003Cli>Swedish – Thomas Schneider, Joakim Hising\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>NOTE TO PLUGIN AUTHORS\u003Cbr \u002F>\nIf your plugin posts updates to the standard BuddyPress activity stream, then group members who are subscribed via 3. Daily Digest and 5. All Email will get your updates automatically. However people subscribed as 2. Weekly Summary and 4. New Topic will not. If you feel some of your plugin’s updates are very important and want to make sure all subscribed members receive them, you can filter ‘ass_this_activity_is_important’ and return TRUE when $type matches your activity. See the ass_this_activity_is_important() function in bp-activity-subscription-functions.phpfor more info.\u003C\u002Fp>\n\u003Cp>PLUGIN SUPPORTERS:\u003Cbr \u002F>\nMajor supporters: shambhalanetwork.org & commons.gc.cuny.edu\u003Cbr \u002F>\nOther supporters: bluedotproductions.com\u003C\u002Fp>\n\u003Cp>PLUGIN DEVELOPMENT\u003Cbr \u002F>\nFor bug reports or to add patches or translation files, please visit the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fboonebgorges\u002Fbuddypress-group-email-subscription\u002F\" rel=\"nofollow ugc\">GES Github page\u003C\u002Fa>.  Contributions are definitely welcome!\u003C\u002Fp>\n","This powerful plugin allows users to receive email notifications of group activity. Weekly or daily digests are available.",230356,80,32,"2024-10-04T14:35:00.000Z","5.3",[173,174,175,20,136],"activities","activity","bp","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fbuddypress-group-email-subscription\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-group-email-subscription.4.2.4.zip",92,{"slug":180,"name":181,"version":182,"author":183,"author_profile":184,"description":185,"short_description":186,"active_installs":187,"downloaded":188,"rating":189,"num_ratings":190,"last_updated":191,"tested_up_to":192,"requires_at_least":193,"requires_php":194,"tags":195,"homepage":201,"download_link":202,"security_score":203,"vuln_count":204,"unpatched_count":29,"last_vuln_date":205,"fetched_at":31},"rumbletalk-chat-a-chat-with-themes","RumbleTalk Live Group Chat – HTML5","6.3.9","RumbleTalk","https:\u002F\u002Fprofiles.wordpress.org\u002Frumbletalk\u002F","\u003Ch4>WordPress Group Chat Plugin\u003C\u002Fh4>\n\u003Cp>Live group chat plugin for WordPress. Integrate it into your website in minutes. Create one or multiple rooms effortlessly.\u003C\u002Fp>\n\u003Cp>We support 4 chat types:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Members-only group chat – Integrated with your user base.\u003C\u002Fli>\n\u003Cli>Queued chat – Admins approve every message.\u003C\u002Fli>\n\u003Cli>Social chat – Open chat room for online discussions.\u003C\u002Fli>\n\u003Cli>Experts chat – One-on-one chats (private chats).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>797,100 websites and online events are already using the \u003Ca href=\"https:\u002F\u002Frumbletalk.com\u002F\" rel=\"nofollow ugc\">RumbleTalk HTML Chat Platform\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The chat platform is a hosted professional \u003Cstrong>chat room plugin\u003C\u002Fstrong> with a quick integration to your WordPress members’ user base.\u003Cbr \u002F>\nYou may add it to any type of website, blog, or real-time event.\u003C\u002Fp>\n\u003Cp>Unique features that can be set in the admin panel:\u003C\u002Fp>\n\u003Cp>1) Integrate your users base with one click – your website members will then auto-login to the chat.\u003Cbr \u002F>\n2) Moderated chat mode for live events – approve every message before showing it to all.\u003Cbr \u002F>\n3) Private video and audio calls for private one-on-one video discussions\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F70_zc1fvUtM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>The ideal plugin for members chat, live online events, Group chats, live community, radio shows, fans clubs, stocks & forex trading, hobbies, sports, group discussions…and much more\u003C\u002Fp>\n\u003Ch3>Plug-in Name\u003C\u002Fh3>\n\u003Cp>rumbletalk-chat-a-chat-with-themes\u003C\u002Fp>\n\u003Ch3>WHAT IS A LIVE GROUP CHAT FOR WORDPRESS?\u003C\u002Fh3>\n\u003Cp>RumbleTalk platform is easy to set group chat plugin for WordPress, buddypress and bbpress\u003Cbr \u002F>\n1) Members-only website\u003Cbr \u002F>\n2) Social website\u003Cbr \u002F>\n3) Live online event website\u003Cbr \u002F>\n4) Integrated into any platform using our REST API.\u003C\u002Fp>\n\u003Cp>Adding one or many rooms is a no-brainer with the RumbleTalk plugin. Add a chat widget to your website in two minutes.\u003C\u002Fp>\n\u003Ch4>BuddyPress & BBpress Integration\u003C\u002Fh4>\n\u003Cp>This group chat plugin supports automatic user base integration with WordPress, BuddyPress and BBpress.\u003C\u002Fp>\n\u003Ch3>Chat Features\u003C\u002Fh3>\n\u003Cpre>\n\nNEW - Pin messages, files and videos\n\n* Poll options in the chat\n* Bio Description can be added in the username (ex: display name+bio)\n* Admin count in plan summary added\n* Admin button is added for easy access\n\n* support for avatar integration with different members' plugins.\n* Integration with WordPress users base avatar\n* Mark text as bold, italic, strike and code.\n* Admin mode - mute all users.\n* New lines - now you can add more lines in each message\n* Font size - increase\u002Fdecrease the web-based font size\n* Private chat - prevents automatic private chat window popup   \n\n* support for more currencies\n* Paid access, bug fixes\n* Experts chat, allows you to advice in a private conversation (with or without payment)\n* Control what username will show in the chat\n* Keywords feature - automatic text highlights\n* login type: Register before logging in\n\n* Better Sound Control\n* History search options\n* Export chat history to CSV or HTML\n* Video chat messages, record 30-second video messages.\n* Mobile video calls (android)\n* Set Private chats with registered users\n* Spam Filter applied also for users name\n* Create additional rooms directly from the plugin\n* Open settings from the WordPress admin\n* Delete Archive messages directly from the chat\n* Increase Font Size in mobile\n\n* Full Screen In mobile mode\n* Admin user avatar\n* BuddyPress integration\n* Export Chat Transcript from the chat interface\n* Auto login with your own users-base users name (API)\n* IP info\n\n* Upload Images from your mobile device\n* Take photos from your mobile version\n* One on One VIDEO and Audio calls\n* Upload Docs, Excel, PowerPoint, PDF files\n* Upload Images from your own PC\n\n* Take pictures from your PC camera\n* Easily Embed a group chat in your site.\n* Chatroom Theme Library\n* Talk from Mobile and Tablet.\n* Login, Share and Invite\n* Private chat\n\n* SSL - new secure channel TLS1.2\n* Design your own chat theme.\n* Design your chat with css (for advanced users)\n* Manage more than one chat.\n* Spam filter (create a black listed words).\n* Disconnect Trolls.\n\n* Ban users by IP.\n* Define moderators and rolls.\n* Archive your chat, Save log of your chat history.\n* Chat in 30 languages.\n* Offline Mode\n* Delete single messages\n* Flood control\n* Control the side of the floating icon\n* Advanced dashboard for managing your chat rooms\n* Send audio and video messages\n* Set your own sound for different types of actions\n* In-Chat payment options\n\n\u003C\u002Fpre>\n\u003Cp>BuddyPress Chat Room Integration\u003Cbr \u002F>\nThese members chat plugin supports automatic integration with BuddyPress plugin.\u003C\u002Fp>\n\u003Ch3>Languages\u003C\u002Fh3>\n\u003Cpre>\nEnglish, Español, Bahasa Indonesia, Català, Czech, Dansk sprog\nDeutsch, Français, Italiano, Magyar, فارسی, Nederlands, Dutch, Polski\nPortuguês, Română, ภาษาไทย, Slovenčina, Suomi, Svenska, Tiếng Việt\nTürkçe, ελληνικά, Български, Македонски, Русский язык\nСрбски, Українська, עברית , عربي\n\u003C\u002Fpre>\n","Live group chat plugin for WordPress. Integrate it into your website in minutes. Create one or multiple rooms effortlessly.",800,206700,68,21,"2026-02-04T13:53:00.000Z","6.9.4","3.6","5.2.0",[196,197,198,199,200],"buddypress-chat","chat-room","community-chat","group-chat","members-chat","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frumbletalk-chat-a-chat-with-themes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frumbletalk-chat-a-chat-with-themes.6.3.9.zip",96,3,"2025-09-03 00:00:00",{"slug":207,"name":208,"version":209,"author":210,"author_profile":211,"description":212,"short_description":213,"active_installs":214,"downloaded":215,"rating":131,"num_ratings":216,"last_updated":217,"tested_up_to":218,"requires_at_least":219,"requires_php":18,"tags":220,"homepage":225,"download_link":226,"security_score":227,"vuln_count":228,"unpatched_count":29,"last_vuln_date":229,"fetched_at":31},"bp-group-documents","BP Group Documents","2.1","lenasterg","https:\u002F\u002Fprofiles.wordpress.org\u002Flenasterg\u002F","\u003Cp>BP Group Documents creates a page within each BuddyPress group to upload and any type of file or document. This allows members of BuddyPress groups to upload and store files and documents that are relevant to the group.\u003C\u002Fp>\n\u003Cp>Documents can be edited and deleted either by the document owner or by the group administrator.\u003Cbr \u002F>\nCategories can be used to organize documents.\u003Cbr \u002F>\nActivity is logged in the main activity stream, and is also tied to the user and group activity streams.\u003Cbr \u002F>\nThe site administrator can set filters on file extensions, set display options.\u003Cbr \u002F>\nGroup members and moderators can receive email notifications at their option.\u003Cbr \u002F>\nThe group administrator can decide if all members or only admins\u002Fmoderators can upload documents (Since v0.5)\u003Cbr \u002F>\nUser verification for Downloads: when a document is downloaded, a redirect page checks is the user is member of the group (in case of a private  or hidden groups) and only then the user can download the file.(Since v0.5)\u003Cbr \u002F>\nFor private networks, see the FAQ “I have a members only network. How to disable file download for non members?” .\u003C\u002Fp>\n\u003Cp>4 Widgets: “User’s groups documents”, “Recent Uploads” , “Popular Downloads”, can be used to show activity at a glance. If the theme support different sidebars for group pages, the  BP_Group_Documents_CurrentGroup_Widget can be used to show current group’s documents.\u003C\u002Fp>\n\u003Cp>Contributions by Lena Stergatou, with additional bug fixes and improvements by Keeble Smith (http:\u002F\u002Fkeeblesmith.com) and Anton Andreasson work for BP 1.7.\u003C\u002Fp>\n\u003Cp>Original plugin author was Peter Anselmo.\u003C\u002Fp>\n\u003Cp>PLEASE: If you have any issues or it doesn’t work for you, please report in support forum.  It doesn’t help anyone to mark “broken” without asking around.  Thanks!\u003C\u002Fp>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>Roadmap.txt – contains ideas proposed and the (approximate) order of implementation\u003C\u002Fp>\n\u003Cp>History.txt – contains all the changes since version .1\u003C\u002Fp>\n\u003Cp>License.txt – contains the licensing details for this component.\u003C\u002Fp>\n","BP Group Documents creates a page within each BuddyPress group to upload and any type of file or document.",700,63555,15,"2025-07-10T12:53:00.000Z","6.7.5","4.6",[20,221,222,223,224],"file","group-documents","storage","widget","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbp-group-documents\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-group-documents.2.1.zip",98,4,"2013-10-04 00:00:00",{"attackSurface":231,"codeSignals":429,"taintFlows":475,"riskAssessment":551,"analyzedAt":567},{"hooks":232,"ajaxHandlers":415,"restRoutes":426,"shortcodes":427,"cronEvents":428,"entryPointCount":132,"unprotectedCount":259},[233,239,243,248,251,256,262,265,269,273,277,281,286,290,294,298,302,306,310,314,318,323,327,330,334,337,341,344,347,351,355,359,364,368,372,374,377,381,385,388,392,396,401,406,410],{"type":234,"name":235,"callback":236,"file":237,"line":238},"action","admin_init","invite_anyone_update","admin\\admin-panel.php",39,{"type":234,"name":240,"callback":241,"file":237,"line":242},"admin_menu","invite_anyone_mirror_settings_menu_item",112,{"type":244,"name":245,"callback":246,"priority":129,"file":237,"line":247},"filter","plugin_action_links","invite_anyone_admin_add_action_link",127,{"type":234,"name":235,"callback":249,"file":237,"line":250},"invite_anyone_settings_setup",316,{"type":244,"name":252,"callback":253,"file":254,"line":255},"posts_where_paged","where_filter","admin\\admin-stats.php",107,{"type":234,"name":257,"callback":258,"priority":259,"file":260,"line":261},"init","register_post_type",1,"by-email\\by-email-db.php",51,{"type":234,"name":235,"callback":263,"file":260,"line":264},"upgrade_0_9",216,{"type":234,"name":266,"callback":267,"file":260,"line":268},"wp_loaded","upgrade_1_4_0",220,{"type":244,"name":270,"callback":271,"priority":129,"file":260,"line":272},"posts_fields","filter_fields_emails",499,{"type":244,"name":274,"callback":275,"priority":129,"file":260,"line":276},"posts_join_paged","filter_join_emails",500,{"type":244,"name":278,"callback":279,"priority":129,"file":260,"line":280},"posts_orderby","filter_orderby_emails",501,{"type":234,"name":282,"callback":283,"file":284,"line":285},"wp_print_styles","invite_anyone_add_by_email_css","by-email\\by-email.php",40,{"type":234,"name":287,"callback":288,"file":284,"line":289},"wp_print_scripts","invite_anyone_add_by_email_js",61,{"type":234,"name":291,"callback":292,"priority":132,"file":284,"line":293},"bp_setup_globals","invite_anyone_setup_globals",78,{"type":234,"name":295,"callback":296,"priority":259,"file":284,"line":297},"wp","invite_anyone_opt_out_screen",177,{"type":234,"name":299,"callback":300,"file":284,"line":301},"bp_before_register_page","invite_anyone_register_screen_message",252,{"type":234,"name":303,"callback":304,"priority":129,"file":284,"line":305},"bp_core_activated_user","invite_anyone_activate_user",331,{"type":234,"name":307,"callback":308,"file":284,"line":309},"bp_setup_nav","invite_anyone_setup_nav",382,{"type":234,"name":311,"callback":312,"file":284,"line":313},"wp_head","invite_anyone_access_test",469,{"type":234,"name":315,"callback":316,"file":284,"line":317},"bp_actions","invite_anyone_catch_send",510,{"type":234,"name":319,"callback":320,"priority":321,"file":284,"line":322},"bp_template_redirect","invite_anyone_catch_clear",5,573,{"type":234,"name":324,"callback":325,"file":284,"line":326},"bp_template_content","invite_anyone_screen_one_content",583,{"type":234,"name":324,"callback":328,"file":284,"line":329},"invite_anyone_screen_two_content",860,{"type":244,"name":331,"callback":332,"priority":129,"file":284,"line":333},"bp_email_get_salutation","invite_anyone_replace_bp_email_salutation",1614,{"type":234,"name":315,"callback":335,"priority":29,"file":284,"line":336},"invite_anyone_accept_invitation_backward_compatibility",1718,{"type":244,"name":338,"callback":339,"file":284,"line":340},"bp_get_signup_allowed","__return_true",1776,{"type":244,"name":342,"callback":339,"file":284,"line":343},"option_users_can_register",1778,{"type":234,"name":295,"callback":345,"priority":259,"file":284,"line":346},"invite_anyone_bypass_registration_lock",1781,{"type":244,"name":348,"callback":349,"file":284,"line":350},"bp_core_validate_user_signup","invite_anyone_check_invitation",1807,{"type":244,"name":352,"callback":353,"file":284,"line":354},"bp_loggedin_register_page_redirect_to","invite_anyone_already_accepted_redirect",1891,{"type":234,"name":356,"callback":357,"file":284,"line":358},"bp_core_install_emails","invite_anyone_install_emails",1954,{"type":234,"name":360,"callback":361,"file":362,"line":363},"invite_anyone_after_addresses","import_markup","by-email\\cloudsponge-integration.php",66,{"type":234,"name":365,"callback":366,"file":362,"line":367},"wp_enqueue_scripts","enqueue_script",67,{"type":234,"name":311,"callback":369,"priority":259,"file":370,"line":371},"invite_anyone_add_js","group-invites\\group-invites.php",49,{"type":234,"name":282,"callback":373,"file":370,"line":189},"invite_anyone_add_group_invite_css",{"type":234,"name":295,"callback":375,"priority":259,"file":370,"line":376},"invite_anyone_catch_group_invites",254,{"type":234,"name":378,"callback":379,"file":370,"line":380},"pre_user_query","filter_registered_users_only",369,{"type":244,"name":382,"callback":383,"priority":259,"file":370,"line":384},"groups_create_group_steps","invite_anyone_remove_group_creation_invites",562,{"type":234,"name":307,"callback":386,"priority":216,"file":370,"line":387},"invite_anyone_remove_invite_subnav",563,{"type":234,"name":389,"callback":390,"priority":129,"file":370,"line":391},"groups_notification_group_invites_message","invite_anyone_group_invite_email_message",679,{"type":244,"name":393,"callback":394,"file":370,"line":395},"groups_notification_group_invites_to","invite_anyone_group_invite_maybe_filter_invite_message",684,{"type":234,"name":397,"callback":398,"file":399,"line":400},"wp_footer","invite_anyone_add_old_css","group-invites\\templates\\invite-anyone.php",14,{"type":234,"name":402,"callback":403,"file":404,"line":405},"bp_include","invite_anyone_init","invite-anyone.php",50,{"type":234,"name":407,"callback":408,"file":404,"line":409},"plugins_loaded","invite_anyone_locale_init",58,{"type":234,"name":411,"callback":412,"file":413,"line":414},"widgets_init","invite_anyone_register_widget","widgets\\widgets.php",161,[416,422],{"action":417,"nopriv":418,"callback":419,"hasNonce":420,"hasCapCheck":418,"file":370,"line":421},"invite_anyone_groups_invite_user",false,"invite_anyone_ajax_invite_user",true,505,{"action":423,"nopriv":418,"callback":424,"hasNonce":418,"hasCapCheck":418,"file":370,"line":425},"invite_anyone_autocomplete_ajax_handler","invite_anyone_ajax_autocomplete_results",534,[],[],[],{"dangerousFunctions":430,"sqlUsage":431,"outputEscaping":440,"fileOperations":259,"externalRequests":29,"nonceChecks":129,"capabilityChecks":129,"bundledLibraries":470},[],{"prepared":228,"raw":204,"locations":432},[433,436,438],{"file":260,"line":434,"context":435},967,"$wpdb->get_var() with variable interpolation",{"file":260,"line":437,"context":435},1020,{"file":370,"line":439,"context":435},738,{"escaped":441,"rawEcho":400,"locations":442},255,[443,446,447,449,451,453,455,457,459,461,463,465,466,468],{"file":237,"line":444,"context":445},377,"raw output",{"file":237,"line":309,"context":445},{"file":237,"line":448,"context":445},389,{"file":284,"line":450,"context":445},1050,{"file":284,"line":452,"context":445},1055,{"file":362,"line":454,"context":445},162,{"file":370,"line":456,"context":445},132,{"file":370,"line":458,"context":445},269,{"file":370,"line":460,"context":445},488,{"file":370,"line":462,"context":445},491,{"file":370,"line":464,"context":445},494,{"file":413,"line":118,"context":445},{"file":413,"line":467,"context":445},75,{"file":413,"line":469,"context":445},110,[471],{"name":472,"version":473,"knownCves":474},"jQuery","1.3.2",[],[476,494,502,513,523,534],{"entryPoint":477,"graph":478,"unsanitizedCount":29,"severity":493},"invite_anyone_admin_panel (admin\\admin-panel.php:148)",{"nodes":479,"edges":491},[480,485],{"id":481,"type":482,"label":483,"file":237,"line":484},"n0","source","$_GET (x2)",152,{"id":486,"type":487,"label":488,"file":237,"line":489,"wp_function":490},"n1","sink","echo() [XSS]",238,"echo",[492],{"from":481,"to":486,"sanitized":420},"low",{"entryPoint":495,"graph":496,"unsanitizedCount":29,"severity":493},"\u003Cadmin-panel> (admin\\admin-panel.php:0)",{"nodes":497,"edges":500},[498,499],{"id":481,"type":482,"label":483,"file":237,"line":484},{"id":486,"type":487,"label":488,"file":237,"line":489,"wp_function":490},[501],{"from":481,"to":486,"sanitized":420},{"entryPoint":503,"graph":504,"unsanitizedCount":29,"severity":493},"invite_anyone_opt_out_screen (by-email\\by-email.php:81)",{"nodes":505,"edges":511},[506,509],{"id":481,"type":482,"label":507,"file":284,"line":508},"$_GET",142,{"id":486,"type":487,"label":488,"file":284,"line":510,"wp_function":490},146,[512],{"from":481,"to":486,"sanitized":420},{"entryPoint":514,"graph":515,"unsanitizedCount":29,"severity":493},"invite_anyone_register_screen_message (by-email\\by-email.php:180)",{"nodes":516,"edges":521},[517,519],{"id":481,"type":482,"label":507,"file":284,"line":518},189,{"id":486,"type":487,"label":488,"file":284,"line":520,"wp_function":490},206,[522],{"from":481,"to":486,"sanitized":420},{"entryPoint":524,"graph":525,"unsanitizedCount":29,"severity":493},"invite_anyone_screen_two_content (by-email\\by-email.php:865)",{"nodes":526,"edges":532},[527,530],{"id":481,"type":482,"label":528,"file":284,"line":529},"$_GET (x6)",886,{"id":486,"type":487,"label":488,"file":284,"line":531,"wp_function":490},968,[533],{"from":481,"to":486,"sanitized":420},{"entryPoint":535,"graph":536,"unsanitizedCount":29,"severity":493},"\u003Cby-email> (by-email\\by-email.php:0)",{"nodes":537,"edges":548},[538,540,541,545],{"id":481,"type":482,"label":539,"file":284,"line":508},"$_GET (x9)",{"id":486,"type":487,"label":488,"file":284,"line":510,"wp_function":490},{"id":542,"type":482,"label":543,"file":284,"line":544},"n2","$_COOKIE",516,{"id":546,"type":487,"label":488,"file":284,"line":547,"wp_function":490},"n3",729,[549,550],{"from":481,"to":486,"sanitized":420},{"from":542,"to":546,"sanitized":420},{"summary":552,"deductions":553},"The \"invite-anyone\" plugin v1.4.10 presents a mixed security posture. On the positive side, the static analysis shows a high percentage of properly escaped outputs (95%), a good usage of prepared statements for SQL queries (57%), and a significant number of nonce and capability checks (10 each). The taint analysis also reported no critical or high severity issues with unsanitized paths, which is encouraging.  However, the presence of one AJAX handler without authentication checks represents a significant attack vector that could be exploited by unauthenticated users. The plugin also bundles a very outdated version of jQuery (v1.3.2), which is a known risk for potential vulnerabilities. The vulnerability history is a major concern, with a total of 6 known CVEs, including 1 critical and 3 high severity issues. While currently unpatched, this history indicates a pattern of recurring security weaknesses, including cross-site scripting, deserialization vulnerabilities, CSRF, improper input validation, and access control flaws. This suggests that even with some good security practices in place, there are fundamental issues in the plugin's development that have led to persistent vulnerabilities.",[554,557,559,561,563,565],{"reason":555,"points":556},"Unprotected AJAX handler",8,{"reason":558,"points":228},"Bundled outdated jQuery library",{"reason":560,"points":216},"1 critical CVE history",{"reason":562,"points":216},"3 high CVE history",{"reason":564,"points":28},"2 medium CVE history",{"reason":566,"points":204},"SQL queries partially not prepared","2026-03-16T18:57:02.584Z",{"wat":569,"direct":579},{"assetPaths":570,"generatorPatterns":573,"scriptPaths":574,"versionParams":576},[571,572],"\u002Fwp-content\u002Fplugins\u002Finvite-anyone\u002Fadmin\u002Fadmin-css.css","\u002Fwp-content\u002Fplugins\u002Finvite-anyone\u002Fadmin\u002Fadmin-js.js",[],[575],"\u002Fwp-content\u002Fplugins\u002Finvite-anyone\u002Fvendor\u002Fharding-group\u002Fbuddypress-120-url-polyfills\u002Fjs\u002Fbp-120-url-polyfills.js",[577,578],"invite-anyone\u002Fadmin\u002Fadmin-js.js?ver=","invite-anyone\u002Fadmin\u002Fadmin-css.css?ver=",{"cssClasses":580,"htmlComments":582,"htmlAttributes":583,"restEndpoints":586,"jsGlobals":588,"shortcodeOutput":590},[581],"bp-invite-anyone",[],[584,585],"data-invite-anyone-form","data-invite-anyone-id",[587],"\u002Fwp-json\u002Finvite-anyone\u002Fv1\u002Finvite",[589],"invite_anyone_admin_params",[591,592,593],"[invite_form]","[invite_friends]","[invite_anyone]"]