WP-Safety

BadgeOS Learndash Gateway Security & Risk Analysis

wordpress.org/plugins/badgeos-learndash-gateway

The BadgeOS LearnDash Gateway addon lets your user redeem their remaining BadgeOS points. These points can be used to make purchases on your LearnDash …

0 active installs v1.0 PHP + WP 4.0+ Updated Sep 7, 2020
badgebadgescredlyobiopenbadges
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is BadgeOS Learndash Gateway Safe to Use in 2026?

Generally Safe

Score 85/100

BadgeOS Learndash Gateway has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The badgeos-learndash-gateway plugin v1.0 presents a mixed security posture. On one hand, it demonstrates good practices by avoiding direct SQL queries without prepared statements, having no file operations, and making no external HTTP requests. The plugin also implements a respectable number of nonce and capability checks. However, the presence of two 'unserialize' function calls is a significant concern, as it can lead to Remote Code Execution vulnerabilities if exploited with crafted serialized data. Furthermore, 63% of output escaping is missing, potentially exposing the plugin to Cross-Site Scripting (XSS) vulnerabilities. The taint analysis reveals three flows with unsanitized paths, indicating potential data handling weaknesses that could be exploited, though no critical or high severity taint issues were found in this analysis. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive indicator. This suggests that while the code has inherent risks related to unserialization and output escaping, these have not yet been publicly exploited or discovered. Overall, the plugin has strengths in its input validation and avoidance of certain risky operations, but the identified risks related to unserialize and unescaped output warrant attention.

Key Concerns

  • Dangerous function 'unserialize' found
  • Significant unescaped output (63%)
  • Flows with unsanitized paths found
Vulnerabilities
None known

BadgeOS Learndash Gateway Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

BadgeOS Learndash Gateway Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
57
33 escaped
Nonce Checks
7
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$bosldgw_unlock_course_vals = unserialize( json_decode( $bosldgw_unlock_course_vals ) );includes\unlock-course.php:114
unserialize$bosld_contents = unserialize( json_decode( $bos_unlock_drip_content_vals ) );includes\unlock-dripped-lesson.php:254

Output Escaping

37% escaped90 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
alert_error (includes\course-buy.php:453)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

BadgeOS Learndash Gateway Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 26
actionadmin_noticesbadgeos-learndash-gateway.php:36
actioninitbadgeos-learndash-gateway.php:43
actioninitbadgeos-learndash-gateway.php:45
actionadmin_enqueue_scriptsbadgeos-learndash-gateway.php:120
actionwp_enqueue_scriptsbadgeos-learndash-gateway.php:121
actionplugins_loadedbadgeos-learndash-gateway.php:356
filteradmin_footer_textincludes\admin.php:17
actionadmin_menuincludes\admin.php:18
actionadmin_post_wblg_admin_settingsincludes\admin.php:19
actionadmin_noticesincludes\admin.php:20
actionadd_meta_boxesincludes\course-buy.php:37
actionsave_postincludes\course-buy.php:38
actionsave_postincludes\course-buy.php:39
filterlearndash_payment_buttonincludes\course-buy.php:42
actionwp_loadedincludes\course-buy.php:43
actionwp_footerincludes\course-buy.php:44
filterlearndash_templateincludes\unlock-course.php:25
actionadmin_post_bosld_unlock_courseincludes\unlock-course.php:26
actionwp_footerincludes\unlock-course.php:27
actionadd_meta_boxesincludes\unlock-dripped-lesson.php:36
actionsave_postincludes\unlock-dripped-lesson.php:37
actionsave_postincludes\unlock-dripped-lesson.php:38
filterlearndash_templateincludes\unlock-dripped-lesson.php:39
actionadmin_post_bos_unlock_dripped_lessonincludes\unlock-dripped-lesson.php:40
filterld_lesson_access_fromincludes\unlock-dripped-lesson.php:41
actionwp_footerincludes\unlock-dripped-lesson.php:42
Maintenance & Trust

BadgeOS Learndash Gateway Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedSep 7, 2020
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

BadgeOS Learndash Gateway Alternatives

BadgeOS Community Add-on

BadgeOS Community Add-on

badgeos-community-add-on

A
85

Adds BadgeOS features to BuddyPress and bbPress. Earn badges/points/ranks based on community activity, and display them on user profiles and activity …

300 No CVEs
BadgeOS Invite Codes Add-on

BadgeOS Invite Codes Add-on

badgeos-invite-codes-add-on

A
85

Enhances sites running BuddyPress and BadgeOS by joining users to one or more specified groups when they use a special Invite Code to join your site.

10 No CVEs
Open Badges Issuer Add-on

Open Badges Issuer Add-on

badgeos-open-badges-issuer-add-on

A
100

Issue Mozilla Open Badges directly from your site with this add-on for BadgeOS

10 No CVEs
BadgeOS Suggested Achievements Add-on

BadgeOS Suggested Achievements Add-on

badgeos-suggested-achievements-add-on

A
85

Enhances sites running BuddyPress and BadgeOS by suggesting next possible incomplete achievements that a user can earn.

10 No CVEs
Credly Custom Badge Assertion Shortcode

Credly Custom Badge Assertion Shortcode

credly-pro-custom-assertion

A
85

Easily create an official Credly Badge Assertion page on your site.

10 No CVEs
Developer Profile

BadgeOS Learndash Gateway Developer Profile

learningtimes

12 plugins · 720 total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect BadgeOS Learndash Gateway

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/badgeos-learndash-gateway/assets/css/admin-style.css/wp-content/plugins/badgeos-learndash-gateway/assets/js/admin-script.js/wp-content/plugins/badgeos-learndash-gateway/assets/js/sweet-alert.min.js/wp-content/plugins/badgeos-learndash-gateway/assets/js/front-script.js/wp-content/plugins/badgeos-learndash-gateway/assets/js/sweetalert2.min.js/wp-content/plugins/badgeos-learndash-gateway/assets/css/front-style.css/wp-content/plugins/badgeos-learndash-gateway/assets/css/sweetalert2.min.css
Script Paths
/wp-content/plugins/badgeos-learndash-gateway/assets/js/admin-script.js/wp-content/plugins/badgeos-learndash-gateway/assets/js/sweet-alert.min.js/wp-content/plugins/badgeos-learndash-gateway/assets/js/front-script.js/wp-content/plugins/badgeos-learndash-gateway/assets/js/sweetalert2.min.js
Version Parameters
badgeos-learndash-gateway/assets/css/admin-style.css?ver=badgeos-learndash-gateway/assets/js/admin-script.js?ver=badgeos-learndash-gateway/assets/js/sweet-alert.min.js?ver=badgeos-learndash-gateway/assets/js/front-script.js?ver=badgeos-learndash-gateway/assets/js/sweetalert2.min.js?ver=badgeos-learndash-gateway/assets/css/front-style.css?ver=badgeos-learndash-gateway/assets/css/sweetalert2.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
bosldgw-admin-stylebosldgw-gw-sweetalertbosldgw-gw-front-scriptbosldgw-sweetalert2-style
JS Globals
swal2
FAQ

Frequently Asked Questions about BadgeOS Learndash Gateway