WP-Safety

BadgeOS Suggested Achievements Add-on Security & Risk Analysis

wordpress.org/plugins/badgeos-suggested-achievements-add-on

Enhances sites running BuddyPress and BadgeOS by suggesting next possible incomplete achievements that a user can earn.

10 active installs v1.1.1 PHP + WP 4.0+ Updated Feb 28, 2022
badgebadgescredlyobiopenbadges
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is BadgeOS Suggested Achievements Add-on Safe to Use in 2026?

Generally Safe

Score 85/100

BadgeOS Suggested Achievements Add-on has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The 'badgeos-suggested-achievements-add-on' plugin version 1.1.1 exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query handling and the absence of dangerous functions or file operations, significant concerns arise from its attack surface. The plugin exposes four AJAX handlers, all of which lack authentication checks. This is a critical weakness that could allow unauthorized users to trigger potentially sensitive actions. Additionally, the lack of any nonce checks further exacerbates this issue, making the AJAX endpoints susceptible to Cross-Site Request Forgery (CSRF) attacks. The taint analysis and vulnerability history are clean, which is positive, but this does not mitigate the immediate risks posed by the unprotected entry points.

Key Concerns

  • AJAX handlers without auth checks
  • No nonce checks on AJAX handlers
  • Insufficient output escaping
Vulnerabilities
None known

BadgeOS Suggested Achievements Add-on Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

BadgeOS Suggested Achievements Add-on Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
35
61 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

64% escaped96 total outputs
Attack Surface
4 unprotected

BadgeOS Suggested Achievements Add-on Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

authwp_ajax_suggested_achievements_skip_ajaxincludes\functions.php:289
authwp_ajax_suggested_ranks_skip_ajaxincludes\functions.php:344
authwp_ajax_suggested_achievements_unskip_ajaxincludes\functions.php:401
authwp_ajax_suggested_ranks_unskip_ajaxincludes\functions.php:459
WordPress Hooks 7
actionadmin_noticesbadgeos-suggested-achievements.php:39
actionwidgets_initbadgeos-suggested-achievements.php:42
actioninitbadgeos-suggested-achievements.php:45
actionwp_enqueue_scriptsbadgeos-suggested-achievements.php:48
actioninitincludes\credly_assertion_page.php:35
actioninitincludes\suggested-achievements-shortcode.php:21
actioninitincludes\suggested-ranks-shortcode.php:21
Maintenance & Trust

BadgeOS Suggested Achievements Add-on Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedFeb 28, 2022
PHP min version
Downloads8K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

BadgeOS Suggested Achievements Add-on Alternatives

BadgeOS Community Add-on

BadgeOS Community Add-on

badgeos-community-add-on

A
85

Adds BadgeOS features to BuddyPress and bbPress. Earn badges/points/ranks based on community activity, and display them on user profiles and activity …

300 No CVEs
BadgeOS Invite Codes Add-on

BadgeOS Invite Codes Add-on

badgeos-invite-codes-add-on

A
85

Enhances sites running BuddyPress and BadgeOS by joining users to one or more specified groups when they use a special Invite Code to join your site.

10 No CVEs
Open Badges Issuer Add-on

Open Badges Issuer Add-on

badgeos-open-badges-issuer-add-on

A
100

Issue Mozilla Open Badges directly from your site with this add-on for BadgeOS

10 No CVEs
Credly Custom Badge Assertion Shortcode

Credly Custom Badge Assertion Shortcode

credly-pro-custom-assertion

A
85

Easily create an official Credly Badge Assertion page on your site.

10 No CVEs
Activation Add-on for GamiPress

Activation Add-on for GamiPress

activation-add-on-for-gamipress

A
85

This GamiPress add-on adds a global switch in the Backend where the awarding of badges can be enabled and disabled.

0 No CVEs
Developer Profile

BadgeOS Suggested Achievements Add-on Developer Profile

learningtimes

12 plugins · 720 total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect BadgeOS Suggested Achievements Add-on

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/badgeos-suggested-achievements-add-on/css/style.css/wp-content/plugins/badgeos-suggested-achievements-add-on/js/suggested-achievements.js
Script Paths
/wp-content/plugins/badgeos-suggested-achievements-add-on/js/suggested-achievements.js
Version Parameters
badgeos-suggested-achievements/css/style.css?ver=badgeos-suggested-achievements-add-on/js/suggested-achievements.js?ver=

HTML / DOM Fingerprints

CSS Classes
suggested_achievements_class
Data Attributes
data-text
JS Globals
BosSuggestedAcsVars
FAQ

Frequently Asked Questions about BadgeOS Suggested Achievements Add-on