Does bbPress Contacts have any unpatched vulnerabilities?

No. All known vulnerabilities in bbPress Contacts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is bbPress Contacts compatible with WordPress 4.6.30?

According to WordPress.org data, bbPress Contacts 0.2.1 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

How often is bbPress Contacts updated?

bbPress Contacts was last updated on Nov 23, 2016. Frequent updates are generally a positive security signal.

What is bbPress Contacts's security score?

bbPress Contacts has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

bbPress Contacts Security & Risk Analysis

wordpress.org/plugins/bbp-contacts

Allow your bbPress users to bookmark other users easily and view/search them through their bbP profiles.

10 active installs v0.2.1 PHP + WP + Updated Nov 23, 2016

bbpressbookmarkscontactsmembersusers

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is bbPress Contacts Safe to Use in 2026?

Generally Safe

Score 85/100

bbPress Contacts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The bbp-contacts v0.2.1 plugin demonstrates a mixed security posture. On the positive side, it avoids dangerous functions, exclusively uses prepared statements for SQL queries, has no file operations or external HTTP requests, and includes a reasonable number of nonce checks. The absence of known CVEs and vulnerability history is also a strong indicator of past security diligence. However, a significant concern arises from the attack surface analysis, which reveals two AJAX handlers, with one completely lacking authentication checks. This unprotected entry point presents a direct risk, as it could potentially be exploited by unauthenticated users. Furthermore, the taint analysis indicates two flows with unsanitized paths, which, although not classified as critical or high severity in this analysis, still warrant caution as they represent potential avenues for data manipulation or unintended behavior if exploited. The limited capability checks is also a weakness, suggesting that access to certain functionalities might not be adequately restricted.

Key Concerns

Unprotected AJAX handler
Flows with unsanitized paths (taint analysis)
Missing capability checks
Output escaping is not fully proper (74%)

Vulnerabilities

None known

bbPress Contacts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

bbPress Contacts Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

74% escaped19 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

manageHeaders (Includes\Core\Loader.php:274)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

bbPress Contacts Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 2

authwp_ajax_bbp_contactsIncludes\Core\Loader.php:9

authwp_ajax_bbp_contacts_listIncludes\Core\Loader.php:11

WordPress Hooks 9

actionadmin_menuIncludes\Admin\Loader.php:11

filterplugin_row_metaIncludes\Admin\Loader.php:13

actionbbp_template_after_user_profileIncludes\Core\Loader.php:13

actionbbp_template_after_user_profileIncludes\Core\Loader.php:15

actioninitIncludes\Core\Loader.php:17

actionwp_enqueue_scriptsIncludes\Core\Loader.php:19

actionbbp_theme_after_reply_author_detailsIncludes\Core\Loader.php:21

filterbbpc_enable_ajaxIncludes\Core\Loader.php:23

filterbbpc_items_per_pageIncludes\Core\Loader.php:25

Maintenance & Trust

bbPress Contacts Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedNov 23, 2016

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

bbPress Contacts Alternatives

One User Avatar | User Profile Picture

one-user-avatar

Use any image from your WordPress Media Library as a custom user avatar or user profile picture. Add your own Default Avatar.

100K 2 CVEs

Restrict User Access – Ultimate Membership & Content Protection

restrict-user-access

Create Access Levels and restrict any post, page, category, etc. Supports bbPress, BuddyPress, WooCommerce, WPML, and more.

10K 2 CVEs

Simple Membership Custom Messages

simple-membership-custom-messages

Simple Membership Addon to customize various content protection messages.

7K 1 CVE

BP Profile Search

bp-profile-search

Member search and member directories for BuddyPress and the BuddyBoss Platform.

6K 3 CVEs

Expire User Passwords

expire-user-passwords

100

Require certain users to change their passwords on a regular basis.

3K No CVEs

Developer Profile

bbPress Contacts Developer Profile

DevriX

12 plugins · 670 total installs

trust score

Avg Security Score

87/100

Avg Patch Time

9 days

View full developer profile

Detection Fingerprints

How We Detect bbPress Contacts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bbp-contacts/assets/css/style.css/wp-content/plugins/bbp-contacts/assets/js/bbp-contacts.js

Script Paths

/wp-content/plugins/bbp-contacts/assets/js/bbp-contacts.js

Version Parameters

bbp-contacts/assets/css/style.css?ver=bbp-contacts/assets/js/bbp-contacts.js?ver=

HTML / DOM Fingerprints

CSS Classes

bbpc-contacts-list

Data Attributes

data-bbpc-nonce

JS Globals

BBPC

FAQ