[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZQFPDYnLk8vzDKDcGV6unCWME6M7tHphd8CPC2BDYHA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":134,"fingerprints":186},"simple-crm-buddypress-xprofile","Simple CRM BuddyPress Addon","0.1","S","https:\u002F\u002Fprofiles.wordpress.org\u002Fsushkov\u002F","\u003Cp>Simple CRM is a WordPress plugin that lets you define custom fields to extend user profiles and it is also a framework for integration with all kind of CRM API webservices. BuddyPress addon can export and import XProfile data to it.\u003C\u002Fp>\n\u003Cp>Plugin sponsored by \u003Ca href=\"http:\u002F\u002Fvivanista.com\" rel=\"nofollow ugc\">Vivanista.com\u003C\u002Fa>\u003C\u002Fp>\n","Imports BuddyPress XProfile data to Simple CRM...",10,2872,0,"2011-04-12T20:51:00.000Z","3.1.4","3.0","",[19,20,21,22,23],"buddypress","crm","fields","profile","users","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fsimple-crm-buddypress-users","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-crm-buddypress-xprofile.0.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"sushkov",8,490,30,84,"2026-04-04T17:04:34.005Z",[38,57,69,92,113],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":17,"tags":53,"homepage":55,"download_link":56,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"bp2wp-full-sync","BuddyPress to WordPress Full Sync","0.3.7","Sergio De Falco","https:\u002F\u002Fprofiles.wordpress.org\u002Fsgr33n\u002F","\u003Cp>BuddyPress to WordPress Full Sync lets BuddyPress xProfile fields to synchronize with WordPress user fields with a user interface completely fused inside the BuddyPress profile fields management.\u003C\u002Fp>\n\u003Ch4>Let us know you care about this plugin\u003C\u002Fh4>\n\u003Cp>Please let us know how much you care about BuddyPress to WordPress Full Sync Plugin development rating it (5 stars).\u003C\u002Fp>\n","BuddyPress to WordPress Full Sync lets BuddyPress xProfile fields to synchronize with WordPress user fields",200,16106,96,12,"2021-06-16T08:01:00.000Z","5.7.15","4.0",[19,21,22,23,54],"xprofile","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbp2wp-full-sync\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp2wp-full-sync.0.3.7.zip",{"slug":58,"name":59,"version":60,"author":7,"author_profile":8,"description":61,"short_description":62,"active_installs":11,"downloaded":63,"rating":13,"num_ratings":13,"last_updated":64,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":65,"homepage":67,"download_link":68,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"simple-crm-profile-page","Simple CRM Profile Page Addon","0.2","\u003Cp>Simple CRM is a WordPress plugin that lets you define custom fields to extend user profiles and it is also a framework for integration with all kind of CRM API webservices.\u003Cbr \u002F>\nProfile Page Addon adds shortcode support to integrate user profile page with your theme. Integrates also with Simple CRM fields.\u003C\u002Fp>\n\u003Cp>Plugin sponsored by \u003Ca href=\"http:\u002F\u002Fvivanista.com\" rel=\"nofollow ugc\">Vivanista.com\u003C\u002Fa>\u003C\u002Fp>\n","Adds public profile page support to Simple CRM",3320,"2011-06-21T00:37:00.000Z",[20,21,22,66,23],"public-profile","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fsimple-crm-profile-page\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-crm-profile-page.0.2.zip",{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":77,"downloaded":78,"rating":79,"num_ratings":80,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":84,"tags":85,"homepage":87,"download_link":88,"security_score":89,"vuln_count":90,"unpatched_count":13,"last_vuln_date":91,"fetched_at":28},"bp-xprofile-custom-field-types","BuddyPress Xprofile Custom Field Types","1.3.0","BuddyDev","https:\u002F\u002Fprofiles.wordpress.org\u002Fbuddydev\u002F","\u003Cp>BuddyPress Xprofile Custom Field Types plugin adds some essential field types to BuddyPress Profile.\u003C\u002Fp>\n\u003Cp>The newly added BuddyPress field types are:-\u003Cbr \u002F>\n* Birthdate.\u003Cbr \u002F>\n* Image.\u003Cbr \u002F>\n* File.\u003Cbr \u002F>\n* Checkbox acceptance.\u003Cbr \u002F>\n* Country field.\u003Cbr \u002F>\n* From\u002FTo field(can be used to show 2 numbers or text strings).\u003Cbr \u002F>\n* Token (can be used to set a list of predefined approved codes for registration etc).\u003Cbr \u002F>\n* oEmbed ( allow your users to use youtube\u002Ffacebook, vimeo and other oembed supporting urls to embed in their profile).\u003Cbr \u002F>\n* \u003Ca href=\"http:\u002F\u002Fwww.w3.org\u002FTR\u002Fhtml-markup\u002Finput.email.html\" title=\"Input type email - HTML5\" rel=\"nofollow ugc\">Email\u003C\u002Fa>.\u003Cbr \u002F>\n* \u003Ca href=\"http:\u002F\u002Fwww.w3.org\u002FTR\u002Fhtml-markup\u002Finput.url.html\" title=\"Input type url - HTML5\" rel=\"nofollow ugc\">Web\u003C\u002Fa>.\u003Cbr \u002F>\n* \u003Ca href=\"http:\u002F\u002Fwww.w3.org\u002FTR\u002F2013\u002FNOTE-html-markup-20130528\u002Finput.date.html\" title=\"Input type date - HTML5\" rel=\"nofollow ugc\">Datepicker\u003C\u002Fa>.\u003Cbr \u002F>\n* Custom post type selector.\u003Cbr \u002F>\n* Custom post type multiselector.\u003Cbr \u002F>\n* \u003Ca href=\"http:\u002F\u002Fwww.w3.org\u002FTR\u002F2013\u002FNOTE-html-markup-20130528\u002Finput.color.html\" title=\"Input type color - HTML5\" rel=\"nofollow ugc\">Colorpicker\u003C\u002Fa>.\u003Cbr \u002F>\n* Decimal number.\u003Cbr \u002F>\n* Number within min\u002Fmax values.\u003Cbr \u002F>\n* Custom taxonomy selector.\u003Cbr \u002F>\n* Custom taxonomy multiselector.\u003Cbr \u002F>\n* Range input (slider)\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fselect2.github.io\u002F\" rel=\"nofollow ugc\">Select2 javascript plugin\u003C\u002Fa> for select boxes.\u003C\u002Fp>\n\u003Cp>BuddyPress Xprofile Custom Field Types is 100% compatible with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbp-profile-search\u002F\" rel=\"ugc\">BP Profile Search plugin\u003C\u002Fa>.\u003Cbr \u002F>\nAt the moment, following fields are searchable using BP Profile Search:-\u003Cbr \u002F>\n* Birthdate\u003Cbr \u002F>\n* Datepicker\u003Cbr \u002F>\n* Color\u003Cbr \u002F>\n* Email\u003Cbr \u002F>\n* Web\u003Cbr \u002F>\n* Number Min\u002FMax\u003Cbr \u002F>\n* Range Input\u003Cbr \u002F>\n* Decimal Number\u003Cbr \u002F>\n* Country\u003Cbr \u002F>\nOther fields such as post type, taxonomy etc., are not searchable as they are stored in serialized format( due to back compatibility).\u003C\u002Fp>\n\u003Cp>The plugin is opensource and currently developed on github. We welcome you to be part of its future development at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbuddydev\u002Fbp-xprofile-custom-field-types\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fbuddydev\u002Fbp-xprofile-custom-field-types\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Discuss the plugin on our \u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002Fadd-extra-buddypress-profile-fields-with-buddypress-xprofile-custom-field-types-plugin\u002F\" rel=\"nofollow ugc\">release post\u003C\u002Fa> or view the plugin’s \u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002Fplugins\u002Fbp-xprofile-custom-field-types\u002F\" rel=\"nofollow ugc\">detailed documentation here\u003C\u002Fa>.\u003Cbr \u002F>\nThe idea is based on @donmik’s plugin. This plugin is a complete rewrite. Some field type do share code with the original plugin. My guess, we are using 20-30% of the code for field types from the original.\u003C\u002Fp>\n\u003Cp>In the future, we hope to add more fields.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note: This plugin is not 100% backward compatible\u003C\u002Fstrong>\u003Cbr \u002F>\nIt is very easy to migrate. Should take less than 5 minute. If you are looking to move from the older plugin to this one, please read our \u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002Fplugins\u002Fbp-xprofile-custom-field-types\u002F#migrate\" rel=\"nofollow ugc\">migration guide\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note 2: The Custom taxonomy field does not allow you to categorize users. They allow you to let users select some terms and display the terms on their profile.\u003Cbr \u002F>\n           It is not intended for classifying user\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Credit\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fdonmik.com\" rel=\"nofollow ugc\">@donmik\u003C\u002Fa> for the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdonmik\u002Fbuddypress-xprofile-custom-fields-type\" rel=\"nofollow ugc\">BuddyPress Xprofile Custom Fields Type\u003C\u002Fa> from where we adopted the field types in our first version.\u003Cbr \u002F>\n In the first version, te plugin brought all the profile fields offered by the currently abandoned The \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdonmik\u002Fbuddypress-xprofile-custom-fields-type\" rel=\"nofollow ugc\">“BuddyPress Xprofile Custom Fields Type”\u003C\u002Fa> plugin.\u003C\u002Fp>\n\u003Ch4>More Plugins\u003C\u002Fh4>\n\u003Cp>We love BuddyPress, and we have created 100+ BuddyPress plugins.\u003Cbr \u002F>\nPlease take a look at our\u003Cbr \u002F>\n 1. \u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002Fplugins\u002F\" title=\"Best BuddyPress Plugins\" rel=\"nofollow ugc\">Free BuddyPress Plugins\u003C\u002Fa>\u003Cbr \u002F>\n 1. \u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002Fplugins\u002Fcategory\u002Fbuddypress-premium-plugins\u002F\" title=\"Best BuddyPress Premium Plugins\" rel=\"nofollow ugc\">Premium BuddyPress plugins\u003C\u002Fa>\u003Cbr \u002F>\n We hope that it will help you take your BuddyPress network to the next level.\u003C\u002Fp>\n\u003Ch4>BuddyPress Custom development & Maintenance Service\u003C\u002Fh4>\n\u003Cp>If you need any assistance with setting up or adding new features to BuddyPress or this plugin, Our team is available for hire.\u003Cbr \u002F>\nPlease use our \u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002Fbuddypress-custom-plugin-development-service\u002F\" rel=\"nofollow ugc\">BuddyPress Development Services\u003C\u002Fa> for any custom development needs.\u003C\u002Fp>\n","Buddypress Xprofile Custom Field Types adds extra custom profile fields to BuddyPress. Field types are: Birthdate, Email, Url etc.",4000,145742,98,16,"2026-01-01T14:23:00.000Z","6.9.4","5.0","5.3",[19,86,21,54],"buddypress-profile-field-types","https:\u002F\u002Fbuddydev.com\u002Fplugins\u002Fbuddypress-xprofile-custom-field-types\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-xprofile-custom-field-types.1.3.0.zip",97,1,"2026-01-05 16:27:40",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":100,"downloaded":101,"rating":102,"num_ratings":103,"last_updated":104,"tested_up_to":82,"requires_at_least":105,"requires_php":106,"tags":107,"homepage":111,"download_link":112,"security_score":102,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"jsm-show-user-meta","JSM Show User Metadata","4.8.0","JS Morisset","https:\u002F\u002Fprofiles.wordpress.org\u002Fjsmoriss\u002F","\u003Cp>The JSM Show User Metadata plugin displays user profile meta keys and unserialized values in a metabox at the bottom of the user profile editing page.\u003C\u002Fp>\n\u003Cp>There are no plugin settings – simply install and activate the plugin.\u003C\u002Fp>\n\u003Ch4>Available Filters for Developers\u003C\u002Fh4>\n\u003Cp>Filter the user meta shown in the metabox:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmsum_metabox_table_metadata' ( array $metadata, $user_obj )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Array of regular expressions to exclude meta keys:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmsum_metabox_table_exclude_keys' ( array $exclude_keys, $user_obj )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Capability required to show user meta:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmsum_show_metabox_capability' ( 'manage_options', $user_obj )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Show user meta for a screen base (defaults to true):\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmsum_show_metabox_screen_base' ( true, $screen_base )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Capability required to delete user meta:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmsum_delete_meta_capability' ( 'manage_options', $user_obj )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Icon for the delete user meta button:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmsum_delete_meta_icon_class' ( 'dashicons dashicons-table-row-delete' )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Related Plugins\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-comment-meta\u002F\" rel=\"ugc\">JSM Show Comment Metadata\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-order-meta\u002F\" rel=\"ugc\">JSM Show Order Metadata for WooCommerce HPOS\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-post-meta\u002F\" rel=\"ugc\">JSM Show Post Metadata\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-term-meta\u002F\" rel=\"ugc\">JSM Show Term Metadata\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-user-meta\u002F\" rel=\"ugc\">JSM Show User Metadata\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-registered-shortcodes\u002F\" rel=\"ugc\">JSM Show Registered Shortcodes\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Show user metadata in a metabox when editing users - a great tool for debugging issues with user metadata.",3000,95927,100,2,"2026-03-11T18:12:00.000Z","6.0","7.4.33",[108,109,110,22,23],"custom-fields","inspector","metadata","https:\u002F\u002Fsurniaulula.com\u002Fextend\u002Fplugins\u002Fjsm-show-user-meta\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjsm-show-user-meta.4.8.0.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":102,"num_ratings":123,"last_updated":124,"tested_up_to":125,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":132,"download_link":133,"security_score":102,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"civicrm-wp-profile-sync","CiviCRM Profile Sync","0.7.3","Christian Wach","https:\u002F\u002Fprofiles.wordpress.org\u002Fneedle\u002F","\u003Ch3>WordPress Integration\u003C\u002Fh3>\n\u003Cp>At its simplest, the CiviCRM Profile Sync plugin keeps the “First Name”, “Last Name”, “Nickname”, “Email Address” and “Website” fields of a WordPress User Profile in sync with their corresponding fields in a CiviCRM Contact. The synchronisation takes place regardless of whether the changes are made in WordPress or CiviCRM.\u003C\u002Fp>\n\u003Ch3>BuddyPress Integration\u003C\u002Fh3>\n\u003Cp>The plugin also supports syncing the “First Name” and “Last Name” fields of the WordPress User and CiviCRM Contact with BuddyPress when using the BP xProfile WordPress User Sync plugin. Further integration with BuddyPress is in the pipeline.\u003C\u002Fp>\n\u003Ch3>ACF Integration\u003C\u002Fh3>\n\u003Cp>CiviCRM Profile Sync enables integration between CiviCRM Entities and WordPress Entities with data synced via Advanced Custom Fields.\u003C\u002Fp>\n\u003Cp>Whilst ACF integration is not complete in its coverage of the CiviCRM Entities that can be linked, it is fairly comprehensive in its mapping of the built-in CiviCRM Custom Field Types with their corresponding ACF Field Types.\u003C\u002Fp>\n\u003Cp>So if, for example, you want to display (or create) a Contact Type on your WordPress site with ACF Fields that contain synced CiviCRM data, this feature could work for you.\u003C\u002Fp>\n\u003Cp>Please refer to the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fchristianwach\u002Fcivicrm-wp-profile-sync\u002Fblob\u002Fmaster\u002Fdocs\u002FACF.md\" rel=\"nofollow ugc\">ACF Integration Documentation\u003C\u002Fa> for details.\u003C\u002Fp>\n\u003Ch3>Form-building with ACF Extended\u003C\u002Fh3>\n\u003Cp>CiviCRM Profile Sync enables Forms to be built for the front-end of your website with the UI provided by the ACF Extended plugin. These Forms can send their data directly to CiviCRM in a similar (though more limited) way to Caldera Forms CiviCRM.\u003C\u002Fp>\n\u003Cp>Form building with ACF Extended is currently limited to submitting data for Contacts, Participants, Activities and Cases. This does, however, provide enough functionality to build some fairly powerful and useful Forms.\u003C\u002Fp>\n\u003Cp>Please refer to the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fchristianwach\u002Fcivicrm-wp-profile-sync\u002Fblob\u002Fmaster\u002Fdocs\u002FACFE.md\" rel=\"nofollow ugc\">ACFE Form-building Documentation\u003C\u002Fa> for details.\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cp>This plugin recommends a minimum of \u003Cem>WordPress 4.9\u003C\u002Fem> and \u003Cem>CiviCRM 5.23\u003C\u002Fem>. It also requires \u003Cem>BuddyPress 3.0\u003C\u002Fem> and the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbp-xprofile-wp-user-sync\u002F\" rel=\"ugc\">BP XProfile WordPress User Sync\u003C\u002Fa> plugin for syncing “First Name” and “Last Name” with BuddyPress profiles.\u003C\u002Fp>\n\u003Ch3>Plugin Development\u003C\u002Fh3>\n\u003Cp>This plugin is in active development. For feature requests and bug reports (or if you’re a plugin author and want to contribute) please visit the plugin’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fchristianwach\u002Fcivicrm-wp-profile-sync\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n","Keeps a WordPress User profile in sync with a CiviCRM Contact and integrates WordPress and CiviCRM Entities when using Advanced Custom Fields.",500,20423,3,"2025-11-13T16:09:00.000Z","6.8.5","5.7","7.4",[129,19,130,22,131],"acf","civicrm","sync","https:\u002F\u002Fgithub.com\u002Fchristianwach\u002Fcivicrm-wp-profile-sync","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcivicrm-wp-profile-sync.0.7.3.zip",{"attackSurface":135,"codeSignals":162,"taintFlows":175,"riskAssessment":176,"analyzedAt":185},{"hooks":136,"ajaxHandlers":158,"restRoutes":159,"shortcodes":160,"cronEvents":161,"entryPointCount":13,"unprotectedCount":13},[137,143,148,151,153],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","scrm_options_screen_updated","screen_update","includes\\crm_bp.class.php",13,{"type":138,"name":144,"callback":145,"priority":146,"file":141,"line":147},"scrm_options_screen","screen",11,14,{"type":138,"name":149,"callback":140,"file":141,"line":150},"bp_core_admin_screen",17,{"type":138,"name":149,"callback":145,"file":141,"line":152},18,{"type":138,"name":154,"callback":155,"file":156,"line":157},"init","scrm_bp_textdomain","simple-crm-buddypress-users.php",22,[],[],[],[],{"dangerousFunctions":163,"sqlUsage":164,"outputEscaping":166,"fileOperations":173,"externalRequests":13,"nonceChecks":90,"capabilityChecks":13,"bundledLibraries":174},[],{"prepared":90,"raw":13,"locations":165},[],{"escaped":103,"rawEcho":103,"locations":167},[168,171],{"file":141,"line":169,"context":170},171,"raw output",{"file":172,"line":152,"context":170},"includes\\templates\\bp_options.php",4,[],[],{"summary":177,"deductions":178},"The \"simple-crm-buddypress-xprofile\" plugin v0.1 exhibits a generally positive security posture based on the static analysis. The complete absence of exposed AJAX handlers, REST API routes, shortcodes, and cron events with open attack vectors is a significant strength. Furthermore, the plugin utilizes prepared statements for its single SQL query and includes a nonce check, indicating an awareness of common web security practices.  The lack of critical or high-severity taint flows is also reassuring.\n\nHowever, there are areas for improvement. The fact that only 50% of the identified output operations are properly escaped is a concern, as this could lead to cross-site scripting (XSS) vulnerabilities if sensitive data is displayed to users without adequate sanitization. The plugin also performs file operations, which, while not explicitly flagged as problematic, can be a source of vulnerabilities if not handled with extreme care. The absence of capability checks is another potential weakness, as it implies that some operations might be accessible to users who shouldn't have them, although the limited attack surface mitigates this risk for now.\n\nThe plugin's vulnerability history, showing zero known CVEs, is excellent and suggests a history of secure development. This, combined with the current static analysis findings, indicates a low immediate risk. Nevertheless, the unescaped output presents a tangible, albeit potentially low-impact, risk that should be addressed to achieve a more robust security profile.",[179,182],{"reason":180,"points":181},"50% of output operations are not properly escaped",6,{"reason":183,"points":184},"No capability checks for operations",5,"2026-03-17T01:45:01.350Z",{"wat":187,"direct":193},{"assetPaths":188,"generatorPatterns":190,"scriptPaths":191,"versionParams":192},[189],"\u002Fwp-content\u002Fplugins\u002Fsimple-crm-buddypress-xprofile\u002Fincludes\u002Ftemplates\u002Fbp_options.php",[],[],[],{"cssClasses":194,"htmlComments":195,"htmlAttributes":196,"restEndpoints":201,"jsGlobals":202,"shortcodeOutput":203},[],[],[197,198,199,200],"name=\"scrm_bp_nonce\"","name=\"scrm_bp_import_filename\"","name=\"scrm_bp_export\"","name=\"scrm_bp_delete\"",[],[],[]]