[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fjW9a0QC_3yd3XYK3eiKVPJwYv-uFQzlA8fx-nTmpe74":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":136,"fingerprints":345},"plugin-grouper","Plugin Manager","6.0.3","sujin2f","https:\u002F\u002Fprofiles.wordpress.org\u002Fsujin2f\u002F","\u003Cp>If your plugin admin page had so many items, you would be struggle to manage them. Make them categorized with this plugin 😀\u003C\u002Fp>\n","Too many plugins bother you? Put them into a group!",80,16373,94,23,"2018-05-29T20:15:00.000Z","4.9.29","4.2.2","",[20,21,22],"admin","category-manage","group","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplugin-grouper\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-grouper.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},5,140,88,30,86,"2026-04-04T19:00:25.065Z",[38,59,81,101,119],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":33,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":18,"download_link":58,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"bp-registration-options","Registration Options for BuddyPress","4.4.5","Brian Messenlehner","https:\u002F\u002Fprofiles.wordpress.org\u002Fmessenlehner\u002F","\u003Cp>Prevent users and bots from accessing the BuddyPress or bbPress areas of your website(s) until they are approved.\u003C\u002Fp>\n\u003Cp>This BuddyPress extension allows you to enable user moderation for new members, as well as help create a private network for your users. If moderation is enabled, any new members will be denied access to your BuddyPress and bbPress areas on your site, with the exception of their own user profile. They will be allowed to edit and configure that much. They will also not be listed in the members lists on the frontend until approved. Custom messages are available so you can tailor them to the tone of your website and community. When an admin approves or denies a user, email notifications will be sent to let them know of the decision.\u003C\u002Fp>\n\u003Cp>Requires BuddyPress version 1.7 or higher and bbPress 2.0 or higher.\u003C\u002Fp>\n\u003Ch3>General Data Protection Regulation\u003C\u002Fh3>\n\u003Cp>BuddyPress Registration Options temporarily stores user IP addresses as user meta to help validate and vet pending users. Saved IP values are deleted upon both approval and denial of pending user. No other personal data is recorded.\u003C\u002Fp>\n","Moderate new BuddyPress members and fight BuddyPress spam.",1000,175480,33,"2023-03-05T15:26:00.000Z","6.0.11","5.2","5.6",[20,54,55,56,57],"buddypress","groups","moderation","registration","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-registration-options.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":51,"requires_php":73,"tags":74,"homepage":18,"download_link":79,"security_score":80,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"menu-organizer","Menu Organizer","1.0.1","iamraymund","https:\u002F\u002Fprofiles.wordpress.org\u002Fiamraymund\u002F","\u003Cp>Menu Organizer empowers you to efficiently organize your WordPress admin menus by grouping related items together, hiding unused options, and adding separators for better navigation.\u003C\u002Fp>\n\u003Ch4>Key Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Create Groups\u003C\u002Fstrong>: Organize your admin menu items into custom groups for easy access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide Unused Items\u003C\u002Fstrong>: Streamline your admin interface by hiding menu items you don’t need.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Add Separators\u003C\u002Fstrong>: Enhance menu readability by adding separators between different sections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reset Options\u003C\u002Fstrong>: Soft reset to clear unsaved changes or hard reset to restore default settings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Libraries Used\u003C\u002Fh4>\n\u003Cp>This plugin uses the following libraries:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>pickr\u003C\u002Fstrong> by simonwep – Flat, Simple, Hackable Color-Picker. Here is the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FSimonwep\u002Fpickr\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dashicons Picker\u003C\u002Fstrong> by bradvin – A jQuery plugin to make picking Dashicons in WordPress a breeze. Here is the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbradvin\u002Fdashicons-picker\u002F\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>jQuery UI\u003C\u002Fstrong> – jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library. Here is the \u003Ca href=\"https:\u002F\u002Fjqueryui.com\u002F\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n","A simple plugin to organize your admin menus",60,1220,100,1,"2025-03-05T07:54:00.000Z","6.7.5","7.2",[75,76,77,78,60],"admin-menu","customize-menu","dashboard-customization","group-menu","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmenu-organizer.1.0.1.zip",92,{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":34,"downloaded":89,"rating":69,"num_ratings":70,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":18,"tags":93,"homepage":99,"download_link":100,"security_score":69,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"muzodo","Muzodo Events","1.1.2","chrismuz","https:\u002F\u002Fprofiles.wordpress.org\u002Fchrismuz\u002F","\u003Cp>Muzodo is an online music group member scheduling system. This plugin enables you to display your music group events on your website.\u003C\u002Fp>\n\u003Cp>You’ll need your Muzodo Group API key.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n","Muzodo is an online music group member scheduling system. This plugin enables you to display your music group events on your website.",9269,"2025-07-21T23:13:00.000Z","6.8.5","5.8.1",[94,95,96,97,98],"administrators","band-manager","choir-manager","music-groups","orchestra","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmuzodo\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmuzodo.2.2.5.zip",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":26,"num_ratings":26,"last_updated":111,"tested_up_to":112,"requires_at_least":18,"requires_php":18,"tags":113,"homepage":117,"download_link":118,"security_score":80,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"bp-devolved-authority","BP Devolved Authority","1.2.0","Venutius","https:\u002F\u002Fprofiles.wordpress.org\u002Fvenutius\u002F","\u003Cp>BP Devolved Authority allows site administrators to devolve the ability to manage Groups, Activity, Members and Emails to other site members. For Xprofile information, you can also give specific individuals the ability to edit the xprofile fields for one or more named individuals.\u003C\u002Fp>\n\u003Cp>BuddyPress has not traditionally allowed site administrators to grant authority to manage aspect of BuddyPress to users without ‘manage_options’ capability. This plugin changes that and allows each of the BP Components to be managed by site members so long as they have the ‘edit_posts’ capability.\u003C\u002Fp>\n\u003Cp>Note that roles allowed to manage members should also have the ‘list_users’ capability, this allows the users list menu item to be displayed in the dashboard for that member.\u003C\u002Fp>\n\u003Cp>The  new feature – individual xprofile management delegation, creates a simple, secure delegation system whereby a privileged user (such as an administrator) can assign other registered BuddyPress members to be “delegates” for a given user. A delegate has the capability to view and edit Extended Profile (XProfile) fields for the delegated user. This is useful on sites where certain relationships exist between one user and another, such as legal guardianship by an adult over a child. Using delegation reduces the need to share passwords or log in to shared accounts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Roles and capabilities for the delegated xprofile feature\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin uses the built-in capabilities system as part of WordPress core, along with core BuddyPress hooks (\u003Ccode>bp_current_user_can\u003C\u002Fcode>) to check for appropriate permissions, making it both simple to customize and as secure as WP and BP core code. The custom capabilities are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>edit_user_delegates\u003C\u002Fcode> – Users with this capability can assign delegates for users they can edit (determined by \u003Ccode>edit_users\u003C\u002Fcode>).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additionally, the following core capabilities are required:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>list_users\u003C\u002Fcode> – The delegation options implicitly enumerate all registered users, so a user must also have the \u003Ccode>list_users\u003C\u002Fcode> capability to be granted access to the Delegation user interface.\u003C\u002Fli>\n\u003Cli>\u003Ccode>edit_users\u003C\u002Fcode> – If you cannot \u003Ccode>edit_users\u003C\u002Fcode>, you cannot \u003Ccode>edit_user_delegates\u003C\u002Fcode>, either.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When this option is enabled, the admin can go to the users extended profile tab from the Dashboard>>Users list and choose to delegate authority over the xprofile data to another site member. That site member will then find in their Dashboard>>Users menu and option to see a list of “Devolved Profiles”.\u003C\u002Fp>\n\u003Cp>Once the plugin is activated, visit the Settings>>BP Devolved Authority page to choose which roles can manage your BP Components.\u003C\u002Fp>\n\u003Cp>This plugin needs BuddyPress to work.\u003C\u002Fp>\n","This plugin allows key aspects of BuddyPress administration to be devolved to non admin users.",20,2937,"2024-07-29T05:05:00.000Z","6.6.5",[114,115,54,116,55],"administrator","bp_moderate","devolved-authority","https:\u002F\u002Fbuddyuser.com\u002Fplugin-bp-devolved-authority","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-devolved-authority.1.2.0.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":26,"num_ratings":26,"last_updated":129,"tested_up_to":18,"requires_at_least":18,"requires_php":18,"tags":130,"homepage":134,"download_link":135,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"bp-fadmin","BuddyPress Frontend Admin","0.3","D Cartwright","https:\u002F\u002Fprofiles.wordpress.org\u002Faekeron\u002F","\u003Cp>Included component allows group admins to easily promote\u002Fdemote\u002Fban members from all their groups.\u003C\u002Fp>\n\u003Cp>It can be further extended using the standard buddypress profile subnav registration functions (for example, the bp-wiki plugin hooks into this to enable movement of wiki pages between groups).\u003C\u002Fp>\n","This plugin brings site-wide-like administration options to the frontend, allowing group admins simpler management of all of their groups.",10,5752,"2010-12-10T12:41:00.000Z",[131,54,132,55,133],"administration","frontend","members","http:\u002F\u002Fnamoo.co.uk","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-fadmin.zip",{"attackSurface":137,"codeSignals":248,"taintFlows":304,"riskAssessment":330,"analyzedAt":344},{"hooks":138,"ajaxHandlers":217,"restRoutes":244,"shortcodes":245,"cronEvents":246,"entryPointCount":247,"unprotectedCount":247},[139,145,151,156,160,164,168,171,174,178,181,184,188,193,197,200,203,207,210,213],{"type":140,"name":141,"callback":142,"priority":109,"file":143,"line":144},"filter","all_plugins","modify_all_plugins","classes\\class-all-plugins.php",34,{"type":140,"name":146,"callback":147,"priority":148,"file":149,"line":150},"plugin_row_meta","add_plugin_manager_meta",15,"classes\\class-bootstrap.php",38,{"type":152,"name":153,"callback":154,"file":149,"line":155},"action","admin_init","activate_plugin",39,{"type":140,"name":157,"callback":158,"file":149,"line":159},"wp_get_update_data","set_update_data",40,{"type":152,"name":161,"callback":162,"file":149,"line":163},"plugins_loaded","load_text_domain",81,{"type":152,"name":165,"callback":166,"file":149,"line":167},"admin_enqueue_scripts","enqueue_scripts",82,{"type":140,"name":169,"callback":169,"file":149,"line":170},"wp_redirect",83,{"type":152,"name":172,"callback":173,"file":149,"line":35},"admin_xml_ns","add_angular_app",{"type":152,"name":175,"callback":176,"file":149,"line":177},"admin_head","add_angular_controller",87,{"type":152,"name":179,"callback":180,"file":149,"line":33},"admin_footer","close_angular_controller",{"type":152,"name":179,"callback":182,"file":149,"line":183},"print_colour_style",89,{"type":152,"name":179,"callback":185,"priority":109,"file":186,"line":187},"print_modal","classes\\class-modal.php",32,{"type":152,"name":189,"callback":190,"file":191,"line":192},"in_admin_header","change_admin_title","classes\\class-table.php",46,{"type":152,"name":194,"callback":195,"file":191,"line":196},"pre_current_active_plugins","print_settings_icons",47,{"type":140,"name":198,"callback":199,"priority":148,"file":191,"line":67},"network_admin_plugin_action_links","print_buttons",{"type":140,"name":201,"callback":199,"priority":148,"file":191,"line":202},"plugin_action_links",61,{"type":140,"name":204,"callback":205,"file":191,"line":206},"views_plugins","modify_subsubsub",64,{"type":140,"name":208,"callback":205,"file":191,"line":209},"views_plugins-network",65,{"type":140,"name":146,"callback":211,"priority":148,"file":191,"line":212},"print_groups_on_description",68,{"type":152,"name":214,"callback":215,"file":216,"line":187},"admin_notices","__show_messages","classes\\traits\\class-config.php",[218,223,226,229,231,234,237,240],{"action":219,"nopriv":220,"callback":221,"hasNonce":220,"hasCapCheck":220,"file":222,"line":144},"Plugin Manager Pro : Create Group",false,"exercute_ajax_reauest","classes\\class-ajax.php",{"action":224,"nopriv":220,"callback":221,"hasNonce":220,"hasCapCheck":220,"file":222,"line":225},"Plugin Manager Pro : Lock Plugin",36,{"action":227,"nopriv":220,"callback":221,"hasNonce":220,"hasCapCheck":220,"file":222,"line":228},"Plugin Manager Pro : Hide Plugin",37,{"action":230,"nopriv":220,"callback":221,"hasNonce":220,"hasCapCheck":220,"file":222,"line":155},"Plugin Manager Pro : Toggle Group-Plugin Link",{"action":232,"nopriv":220,"callback":221,"hasNonce":220,"hasCapCheck":220,"file":222,"line":233},"Plugin Manager Pro : Delete Group",41,{"action":235,"nopriv":220,"callback":221,"hasNonce":220,"hasCapCheck":220,"file":222,"line":236},"Plugin Manager Pro : Edit Group",42,{"action":238,"nopriv":220,"callback":221,"hasNonce":220,"hasCapCheck":220,"file":222,"line":239},"Plugin Manager Pro : Set Order",43,{"action":241,"nopriv":220,"callback":242,"hasNonce":220,"hasCapCheck":220,"file":222,"line":243},"Plugin Manager Pro : Update Settings","set",45,[],[],[],8,{"dangerousFunctions":249,"sqlUsage":254,"outputEscaping":267,"fileOperations":26,"externalRequests":26,"nonceChecks":70,"capabilityChecks":26,"bundledLibraries":303},[250],{"fn":251,"file":143,"line":252,"context":253},"create_function",74,"$locked = array_map( create_function( '$a', 'return $a[ \"file_name\" ];' ), $locked );",{"prepared":34,"raw":255,"locations":256},4,[257,261,263,265],{"file":258,"line":259,"context":260},"classes\\class-database.php",830,"$wpdb->query() with variable interpolation",{"file":258,"line":262,"context":260},831,{"file":258,"line":264,"context":260},832,{"file":258,"line":266,"context":260},955,{"escaped":268,"rawEcho":269,"locations":270},3,16,[271,273,275,277,279,281,283,285,287,289,291,293,295,297,299,301],{"file":222,"line":177,"context":272},"raw output",{"file":149,"line":274,"context":272},200,{"file":149,"line":276,"context":272},201,{"file":149,"line":278,"context":272},202,{"file":149,"line":280,"context":272},203,{"file":149,"line":282,"context":272},206,{"file":149,"line":284,"context":272},207,{"file":149,"line":286,"context":272},208,{"file":149,"line":288,"context":272},211,{"file":149,"line":290,"context":272},212,{"file":149,"line":292,"context":272},213,{"file":294,"line":177,"context":272},"classes\\class-option.php",{"file":191,"line":296,"context":272},223,{"file":191,"line":298,"context":272},229,{"file":191,"line":300,"context":272},236,{"file":191,"line":302,"context":272},293,[],[305,321],{"entryPoint":306,"graph":307,"unsanitizedCount":70,"severity":320},"exercute_ajax_reauest (classes\\class-ajax.php:56)",{"nodes":308,"edges":318},[309,313],{"id":310,"type":311,"label":312,"file":222,"line":177},"n0","source","$_REQUEST['plugin_group']",{"id":314,"type":315,"label":316,"file":222,"line":177,"wp_function":317},"n1","sink","echo() [XSS]","echo",[319],{"from":310,"to":314,"sanitized":220},"medium",{"entryPoint":322,"graph":323,"unsanitizedCount":70,"severity":329},"\u003Cclass-ajax> (classes\\class-ajax.php:0)",{"nodes":324,"edges":327},[325,326],{"id":310,"type":311,"label":312,"file":222,"line":177},{"id":314,"type":315,"label":316,"file":222,"line":177,"wp_function":317},[328],{"from":310,"to":314,"sanitized":220},"low",{"summary":331,"deductions":332},"The \"plugin-grouper\" v6.0.3 plugin exhibits a concerning security posture primarily due to a large number of unprotected AJAX endpoints. While the plugin does not have a known vulnerability history, suggesting recent stability, the static analysis reveals significant weaknesses that could be exploited. The presence of 8 AJAX handlers without any authentication checks presents a wide attack surface. Any user, regardless of their logged-in status or permissions, could potentially trigger these functions, leading to unintended actions or data manipulation.  Additionally, the plugin uses the dangerous `create_function` which is deprecated and can lead to security vulnerabilities if not handled with extreme care. The low percentage of properly escaped output is also a significant concern, as it indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities where user-supplied data could be injected and executed within the browser. While the plugin shows good practices in using prepared statements for SQL queries, this is overshadowed by the lack of security controls on its entry points and inadequate output sanitization.",[333,335,337,340,342],{"reason":334,"points":127},"AJAX handlers without auth checks",{"reason":336,"points":247},"Dangerous function create_function used",{"reason":338,"points":339},"Low percentage of output properly escaped",7,{"reason":341,"points":31},"No capability checks on entry points",{"reason":343,"points":255},"Flows with unsanitized paths","2026-03-16T21:29:06.373Z",{"wat":346,"direct":358},{"assetPaths":347,"generatorPatterns":353,"scriptPaths":354,"versionParams":355},[348,349,350,351,352],"\u002Fwp-content\u002Fplugins\u002Fplugin-grouper\u002Fassets\u002Fdist\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fplugin-grouper\u002Fassets\u002Fangular\u002Fangular.min.js","\u002Fwp-content\u002Fplugins\u002Fplugin-grouper\u002Fassets\u002Fangular\u002Fangular-drag-and-drop-lists.js","\u002Fwp-content\u002Fplugins\u002Fplugin-grouper\u002Fassets\u002Fangular\u002Fangular-indeterminate.min.js","\u002Fwp-content\u002Fplugins\u002Fplugin-grouper\u002Fassets\u002Fdist\u002Fscripts\u002Fapp.js",[],[349,350,351,352],[356,357],"plugin-grouper\u002Fassets\u002Fdist\u002Fscripts\u002Fapp.js?ver=","plugin-grouper\u002Fassets\u002Fdist\u002Fcss\u002Fstyle.css?ver=",{"cssClasses":359,"htmlComments":363,"htmlAttributes":366,"restEndpoints":370,"jsGlobals":371,"shortcodeOutput":378},[360,361,362],"ng-hide","count","button",[364,365],"\u003C!-- Use objectL10n.{key} in your javascript file. -->","\u003C!-- Localization \u002F\u002F objectL10n.delete_group -->",[367,368,369],"ng-app=\"PluginManager\"","ng-controller=\"PluginManagerController\"","ng-show=\"ng_loaded\"",[],[372,373,374,375,376,377],"PluginManager","PluginManagerController","objectL10n","SUJIN_PLUGIN_MGR_SLUG","SUJIN_PLUGIN_MGR_URL","SUJIN_PLUGIN_MGR_VERSION",[]]