WP-Safety

BadgeOS Restrict Content Pro Security & Risk Analysis

wordpress.org/plugins/badgeos-restrict-content-pro-integration

BadgeOS

0 active installs v1.0.0 PHP 7.0+ WP 4.0+ Updated Unknown
badgebadgesopenbadgesrcprorcpro-badgeos
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is BadgeOS Restrict Content Pro Safe to Use in 2026?

Generally Safe

Score 100/100

BadgeOS Restrict Content Pro has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The plugin "badgeos-restrict-content-pro-integration" v1.0.0 exhibits a generally strong security posture, primarily due to the absence of known vulnerabilities and the correct implementation of prepared statements for all SQL queries. The static analysis shows no critical or high-severity issues in taint analysis, and the plugin avoids dangerous functions and file operations. However, there are areas for improvement. The significant percentage of improperly escaped output (41%) presents a potential cross-site scripting (XSS) risk if user-supplied data is not handled carefully before being displayed. Furthermore, the lack of nonce checks is a notable concern, especially as the plugin might interact with sensitive actions, leaving it vulnerable to Cross-Site Request Forgery (CSRF) attacks. The presence of capability checks, while positive, is insufficient to mitigate CSRF risks on its own. Overall, while the foundational elements like SQL sanitization are well-addressed, the plugin needs attention to its output escaping and nonce implementations to be considered truly secure.

Key Concerns

  • Unescaped output is a significant concern
  • Lack of nonce checks increases CSRF risk
Vulnerabilities
None known

BadgeOS Restrict Content Pro Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

BadgeOS Restrict Content Pro Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
21
30 escaped
Nonce Checks
0
Capability Checks
3
File Operations
0
External Requests
5
Bundled Libraries
0

SQL Query Safety

100% prepared8 total queries

Output Escaping

59% escaped51 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
activate_license (includes\BOSRCP_License_Handler.php:117)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

BadgeOS Restrict Content Pro Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 40
actionadmin_noticesbadgeos-recpro.php:74
actionplugins_loadedbadgeos-recpro.php:80
actionplugins_loadedbadgeos-recpro.php:320
filteradmin_footer_textincludes\admin-settings.php:30
actionadmin_menuincludes\admin-settings.php:31
actionadmin_post_bosrcp_admin_settingsincludes\admin-settings.php:32
actionadmin_noticesincludes\admin-settings.php:33
actioninitincludes\BOSRCP_License.php:23
actionadmin_noticesincludes\BOSRCP_License.php:24
actionadmin_initincludes\BOSRCP_License_Handler.php:83
actionadmin_initincludes\BOSRCP_License_Handler.php:86
filterpre_set_site_transient_update_pluginsincludes\BOSRCP_Plugin_Updater.php:61
filterplugins_apiincludes\BOSRCP_Plugin_Updater.php:62
actionadmin_initincludes\BOSRCP_Plugin_Updater.php:65
filterpre_set_site_transient_update_pluginsincludes\BOSRCP_Plugin_Updater.php:186
actioninitincludes\rules-engine.php:43
filteruser_deserves_achievementincludes\rules-engine.php:570
filterbadgeos_user_deserves_credit_deductincludes\rules-engine.php:745
filterbadgeos_user_deserves_credit_awardincludes\rules-engine.php:916
filterbadgeos_user_deserves_rank_stepincludes\rules-engine.php:1087
filterbadgeos_user_deserves_rank_step_countincludes\rules-engine.php:1140
filterbadgeos_trigger_get_user_idincludes\rules-engine.php:1216
filterbadgeos_get_deduct_step_requirementsincludes\steps-ui.php:29
filterbadgeos_get_rank_req_step_requirementsincludes\steps-ui.php:30
filterbadgeos_get_award_step_requirementsincludes\steps-ui.php:31
filterbadgeos_get_step_requirementsincludes\steps-ui.php:32
filterbadgeos_activity_triggersincludes\steps-ui.php:45
filterbadgeos_award_points_activity_triggersincludes\steps-ui.php:46
filterbadgeos_deduct_points_activity_triggersincludes\steps-ui.php:47
filterbadgeos_ranks_req_activity_triggersincludes\steps-ui.php:48
actionbadgeos_steps_ui_html_after_trigger_typeincludes\steps-ui.php:96
actionbadgeos_award_steps_ui_html_after_achievement_typeincludes\steps-ui.php:97
actionbadgeos_deduct_steps_ui_html_after_trigger_typeincludes\steps-ui.php:98
actionbadgeos_rank_req_steps_ui_html_after_trigger_typeincludes\steps-ui.php:99
actionbadgeos_steps_ui_html_after_trigger_typeincludes\steps-ui.php:201
actionbadgeos_award_steps_ui_html_after_achievement_typeincludes\steps-ui.php:202
actionbadgeos_deduct_steps_ui_html_after_trigger_typeincludes\steps-ui.php:203
actionbadgeos_rank_req_steps_ui_html_after_trigger_typeincludes\steps-ui.php:204
filterbadgeos_save_stepincludes\steps-ui.php:338
actionadmin_footerincludes\steps-ui.php:450
Maintenance & Trust

BadgeOS Restrict Content Pro Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedUnknown
PHP min version7.0
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

BadgeOS Restrict Content Pro Alternatives

BadgeOS Community Add-on

BadgeOS Community Add-on

badgeos-community-add-on

A
85

Adds BadgeOS features to BuddyPress and bbPress. Earn badges/points/ranks based on community activity, and display them on user profiles and activity …

300 No CVEs
BadgeOS LearnDash Add-on

BadgeOS LearnDash Add-on

badgeos-learndash-add-on

A
85

BadgeOS achievements and badges earned from a wide array of LearnDash learning management system activity.

300 No CVEs
BadgeOS BadgeStack Add-on

BadgeOS BadgeStack Add-on

badgeos-badgestack-add-on

A
85

This add-on to BadgeOS automatically creates achievement types, pages and sample content to jumpstart your own badging system.

40 No CVEs
myCred Credly

myCred Credly

mycred-credly

A
100

📢🚨 Important Notice: myCred Credly is now part of the myCred Toolkit and will no longer receive updates here. Only security fixes will be provided.

20 No CVEs
BadgeOS Invite Codes Add-on

BadgeOS Invite Codes Add-on

badgeos-invite-codes-add-on

A
85

Enhances sites running BuddyPress and BadgeOS by joining users to one or more specified groups when they use a special Invite Code to join your site.

10 No CVEs
Developer Profile

BadgeOS Restrict Content Pro Developer Profile

learningtimes

12 plugins · 720 total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect BadgeOS Restrict Content Pro

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/badgeos-restrict-content-pro-integration/assets/css/badgeos-rcp.css/wp-content/plugins/badgeos-restrict-content-pro-integration/assets/js/badgeos-rcp.js
Script Paths
/wp-content/plugins/badgeos-restrict-content-pro-integration/assets/js/badgeos-rcp.js
Version Parameters
badgeos-restrict-content-pro-integration/assets/css/badgeos-rcp.css?ver=badgeos-restrict-content-pro-integration/assets/js/badgeos-rcp.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- Deactivate our plugin -->
FAQ

Frequently Asked Questions about BadgeOS Restrict Content Pro