Does bbP Follow Users have any unpatched vulnerabilities?

No. All known vulnerabilities in bbP Follow Users have been patched as of the latest data update. Always keep the plugin updated to the latest version.

How often is bbP Follow Users updated?

bbP Follow Users was last updated on Jul 2, 2016. Frequent updates are generally a positive security signal.

What is bbP Follow Users's security score?

bbP Follow Users has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

bbP Follow Users Security & Risk Analysis

wordpress.org/plugins/bbp-follow-users

This simple plugin allows users to follow other members on bbPress . The users can view the latest posts and replies from their followed users in a wi …

10 active installs v1.1 PHP + WP + Updated Jul 2, 2016

bbpressbbpress-widgetsfollow-widgetsfollowersfollowing

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is bbP Follow Users Safe to Use in 2026?

Generally Safe

Score 85/100

bbP Follow Users has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "bbp-follow-users" v1.1 plugin exhibits a generally good security posture, with no recorded vulnerabilities or critical issues found in taint analysis. The plugin makes effective use of prepared statements for all SQL queries, which significantly mitigates the risk of SQL injection. It also implements nonce checks for its entry points and avoids file operations and external HTTP requests, further reducing its attack surface. However, there are some areas for improvement. The use of the `create_function` function is a significant concern, as it can be a vector for code execution if not handled with extreme care. Additionally, only 32% of output escaping is properly implemented, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is displayed without sufficient sanitization. The lack of capability checks on its entry points is also a weakness, as it means any authenticated user could potentially trigger these actions without proper authorization.

Key Concerns

Use of dangerous function (create_function)
Low percentage of properly escaped output
No capability checks on entry points

Vulnerabilities

None known

bbP Follow Users Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

bbP Follow Users Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action( 'widgets_init', create_function( '', 'return register_widget("BBPressList_Widget");' ) )includes\class-bbpress-list-widget.php:103

Output Escaping

32% escaped19 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

bbpresslist_process_follow (includes\actions.php:19)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

bbP Follow Users Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_bbpresslist_process_followincludes\actions.php:35

authwp_ajax_bbpresslist_process_unfollowincludes\actions.php:58

WordPress Hooks 3

actionwp_enqueue_scriptsbbpresslist.php:36

actionbbp_theme_after_reply_author_detailsbbpresslist.php:37

actionwidgets_initincludes\class-bbpress-list-widget.php:103

Maintenance & Trust

bbP Follow Users Maintenance & Trust

Maintenance Signals

WordPress version tested

Last updatedJul 2, 2016

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

bbP Follow Users Alternatives

BuddyPress Follow

buddypress-followers

Follow members on your BuddyPress site with this nifty plugin.

1K No CVEs

BuddyPress FollowMe

buddypress-follow-me

100

Buddypress Follow Me is fork of BuddyPress Follow plugin (http://wordpress.org/extend/plugins/buddypress-followers/). buddypress-followers is now upda …

10 No CVEs

One User Avatar | User Profile Picture

one-user-avatar

Use any image from your WordPress Media Library as a custom user avatar or user profile picture. Add your own Default Avatar.

100K 2 CVEs

Content Aware Sidebars – Fastest Widget Area Plugin

content-aware-sidebars

Display new sidebars on any post, page, category etc. Works with Classic Widgets, Block Widgets, and all themes!

30K 1 CVE

wpForo Forum

wpforo

Number one WordPress forum plugin. Full-fledged forum solution with modern and responsive forum design. Community builder WordPress forum plugin.

20K 35 CVEs

Developer Profile

bbP Follow Users Developer Profile

kcbluewave890

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect bbP Follow Users

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bbp-follow-users/js/follow.js

Script Paths