[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flBDwvM_Fv1RdQll6VjzJBtdcgNnFeglQzJ-BVG3rp9E":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":40,"fingerprints":168},"vibe-buddypress-woocommerce","Vibe BuddyPress WooCommerce","1.1","VibeThemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fvibethemes\u002F","\u003Cp>Vibe BuddyPress WooCommerce plugin is a free plugin developed to help users to Sync the Buddypress Profile Fields with Woocommerce billing and shipping fields and vice versa. The users do not have to worry a lot and perform various steps to sync the data, they simply needs to map the fields in the wordpress settings -> vibe bp woo sync. The rest of the work will be done by the plugin automatically whenever the buddypress profile fields are updated or woocommerce fields are updated.\u003C\u002Fp>\n\u003Cp>Tutorial On how to setup and get started : \u003Ca href=\"https:\u002F\u002Fwplms.io\u002Fsupport\u002Fknowledge-base\u002Fvibe-bp-woo-sync\u002F\" rel=\"nofollow ugc\">link\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>More Information\u003C\u002Fh4>\n\u003Cp>Visit the \u003Ca href=\"https:\u002F\u002Fwplms.io\u002F\" rel=\"nofollow ugc\">WPLMS Education WordPress LMS\u003C\u002Fa> for documentation, support, and information on getting involved in the project.\u003C\u002Fp>\n","Vibe BuddyPress WooCommerce helps users to Sync the Buddypress Profile Fields with Woocommerce billing and shipping fields.",100,11199,1,"2021-12-15T13:10:00.000Z","5.8.13","3.6","5.6",[19,20,21,22,23],"bp2wc","bpsyncwoo","buddypress-woocommerce-sync","wc2bp","woosyncbp","http:\u002F\u002Fwww.wplms.io","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvibe-buddypress-woocommerce.1.1.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"vibethemes",20,3980,88,30,86,"2026-04-04T05:42:27.986Z",[],{"attackSurface":41,"codeSignals":83,"taintFlows":127,"riskAssessment":155,"analyzedAt":167},{"hooks":42,"ajaxHandlers":79,"restRoutes":80,"shortcodes":81,"cronEvents":82,"entryPointCount":27,"unprotectedCount":27},[43,49,54,57,59,63,66,69,74],{"type":44,"name":45,"callback":46,"file":47,"line":48},"action","admin_enqueue_scripts","enqueue_admin_scripts","includes\\class.init.php",25,{"type":44,"name":50,"callback":51,"priority":52,"file":47,"line":53},"xprofile_updated_profile","bp_xprofile_sync_with_woo_account",999,28,{"type":44,"name":55,"callback":51,"priority":52,"file":47,"line":56},"bp_core_signup_user",29,{"type":44,"name":58,"callback":51,"priority":52,"file":47,"line":36},"bp_core_activated_user",{"type":44,"name":60,"callback":61,"priority":52,"file":47,"line":62},"personal_options_update","woo_account_sync_with_bp_xprofile",33,{"type":44,"name":64,"callback":61,"priority":52,"file":47,"line":65},"edit_user_profile_update",34,{"type":44,"name":67,"callback":61,"priority":52,"file":47,"line":68},"woocommerce_checkout_update_user_meta",35,{"type":44,"name":70,"callback":71,"file":72,"line":73},"admin_menu","add_vibe_buddypress_woocommerce_option","includes\\class.settings.php",24,{"type":44,"name":75,"callback":76,"file":77,"line":78},"plugins_loaded","vibe_buddypress_woocommerce_translations","loader.php",22,[],[],[],[],{"dangerousFunctions":84,"sqlUsage":85,"outputEscaping":90,"fileOperations":27,"externalRequests":27,"nonceChecks":13,"capabilityChecks":27,"bundledLibraries":126},[],{"prepared":27,"raw":13,"locations":86},[87],{"file":72,"line":88,"context":89},67,"$wpdb->get_results() with variable interpolation",{"escaped":27,"rawEcho":91,"locations":92},16,[93,96,98,100,102,104,106,108,110,112,114,116,118,120,122,124],{"file":72,"line":94,"context":95},32,"raw output",{"file":72,"line":97,"context":95},61,{"file":72,"line":99,"context":95},62,{"file":72,"line":101,"context":95},98,{"file":72,"line":103,"context":95},102,{"file":72,"line":105,"context":95},105,{"file":72,"line":107,"context":95},108,{"file":72,"line":109,"context":95},113,{"file":72,"line":111,"context":95},116,{"file":72,"line":113,"context":95},123,{"file":72,"line":115,"context":95},126,{"file":72,"line":117,"context":95},129,{"file":72,"line":119,"context":95},135,{"file":72,"line":121,"context":95},139,{"file":72,"line":123,"context":95},150,{"file":72,"line":125,"context":95},158,[],[128,147],{"entryPoint":129,"graph":130,"unsanitizedCount":27,"severity":146},"save_form_fields (includes\\class.settings.php:161)",{"nodes":131,"edges":143},[132,137],{"id":133,"type":134,"label":135,"file":72,"line":136},"n0","source","$_POST",173,{"id":138,"type":139,"label":140,"file":72,"line":141,"wp_function":142},"n1","sink","update_option() [Settings Manipulation]",175,"update_option",[144],{"from":133,"to":138,"sanitized":145},true,"low",{"entryPoint":148,"graph":149,"unsanitizedCount":27,"severity":146},"\u003Cclass.settings> (includes\\class.settings.php:0)",{"nodes":150,"edges":153},[151,152],{"id":133,"type":134,"label":135,"file":72,"line":136},{"id":138,"type":139,"label":140,"file":72,"line":141,"wp_function":142},[154],{"from":133,"to":138,"sanitized":145},{"summary":156,"deductions":157},"The vibe-buddypress-woocommerce plugin v1.1 exhibits a mixed security posture.  On one hand, the static analysis indicates a very limited attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication or capability checks.  Furthermore, the absence of dangerous functions, file operations, and external HTTP requests is positive.  However, significant concerns arise from the code analysis regarding data handling.  The plugin uses a single SQL query that is not prepared, and a substantial 100% of its 16 output operations are not properly escaped. This presents a high risk of injection vulnerabilities, specifically SQL injection through the unescaped database query and Cross-Site Scripting (XSS) through the unescaped output. The taint analysis, while showing no critical or high severity flows, does not alleviate these concerns as it may not have captured all potential scenarios given the unescaped output and raw SQL.",[158,161,164],{"reason":159,"points":160},"100% of output not properly escaped",8,{"reason":162,"points":163},"SQL query not using prepared statements",7,{"reason":165,"points":166},"No capability checks on entry points",5,"2026-03-16T21:09:33.968Z",{"wat":169,"direct":177},{"assetPaths":170,"generatorPatterns":173,"scriptPaths":174,"versionParams":175},[171,172],"\u002Fwp-content\u002Fplugins\u002Fvibe-buddypress-woocommerce\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fvibe-buddypress-woocommerce\u002Fassets\u002Fjs\u002Fadmin.js",[],[172],[176,176],"vibe_bp_woo_admin_style",{"cssClasses":178,"htmlComments":179,"htmlAttributes":180,"restEndpoints":181,"jsGlobals":182,"shortcodeOutput":183},[],[],[],[],[],[]]