Does bbP topic count have any unpatched vulnerabilities?

Yes — bbP topic count currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is bbP topic count compatible with WordPress 6.9.4?

According to WordPress.org data, bbP topic count 3.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is bbP topic count updated?

bbP topic count was last updated on Dec 5, 2025. Frequent updates are generally a positive security signal.

What is bbP topic count's security score?

bbP topic count has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

bbP topic count Security & Risk Analysis

wordpress.org/plugins/bbp-topic-count

For bbPress - adds any combination of topics, replies and totals under the authors avatar in topics and replies

400 active installs v3.2 PHP + WP + Updated Dec 5, 2025

bbpbbpresscountforumtopic

B · Generally Safe

CVEs total1

Unpatched1

Last CVESep 26, 2025

Plugin page Download

Safety Verdict

Is bbP topic count Safe to Use in 2026?

Mostly Safe

Score 78/100

bbP topic count is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Sep 26, 2025Updated 3mo ago

Risk Assessment

The bbp-topic-count plugin v3.2 presents a mixed security posture. While it demonstrates good practices in certain areas, such as a complete lack of file operations and external HTTP requests, and a high percentage of properly escaped outputs, significant concerns remain. The static analysis revealed two SQL queries that are not using prepared statements, which is a notable risk for potential SQL injection vulnerabilities. Furthermore, the complete absence of nonce checks and capability checks on any entry points is a major weakness, as it leaves the plugin susceptible to various attacks if any of its shortcodes could be triggered maliciously. The plugin also has a history of a medium severity vulnerability related to Cross-site Scripting, and concerningly, there is one currently unpatched medium severity CVE. This history suggests a tendency towards input sanitization and authorization issues.

Key Concerns

Unpatched CVE (Medium severity)
SQL queries not using prepared statements
Missing nonce checks on entry points
Missing capability checks on entry points
Unescaped output (12% of outputs)

Vulnerabilities

bbP topic count Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-60163medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

bbp topic count <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 26, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

bbP topic count Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

92 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared2 total queries

Output Escaping

88% escaped104 total outputs

Attack Surface

bbP topic count Attack Surface

Entry Points4

Unprotected0

Shortcodes 4

[display-topic-count] includes\shortcodes.php:3

[display-reply-count] includes\shortcodes.php:4

[display-total-count] includes\shortcodes.php:5

[display-top-users] includes\shortcodes.php:6

WordPress Hooks 4

actionbbp_theme_after_reply_author_detailsincludes\display.php:12

actionbbp_theme_before_reply_contentincludes\display.php:14

actionadmin_initincludes\settings.php:80

actionadmin_menuincludes\settings.php:89

Maintenance & Trust

bbP topic count Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 5, 2025

PHP min version

Downloads31K

Community Trust

Rating100/100

Number of ratings15

Active installs400

Alternatives

bbP topic count Alternatives

Post Comments as bbPress Topics

bbpress-post-topics

100

Replace the comments on your WordPress blog posts with topics from an integrated bbPress install

300 1 CVE

topicPolls Pro for bbPress

gd-topic-polls

100

Implement a polls system for topics in bbPress powered forums, with settings to control voting, poll closing, display of results and more.

300 No CVEs

bbPress Protected Forums

bbpress-protected-forums

Disables new topic creation in some forums for determined roles.

90 No CVEs

bbPress auto subscribe for new topics and replies

bbpress-auto-subscribe-for-new-topics-and-replies

Automatically checks the subscription checkbox for new bbpress topics or bbpress replies and saves the last state via ajax for each user and for new t …

80 No CVEs

bbPress Unread Posts v2

bbpress-unread-posts-v2

Simple Plugin which shows whether a registered user has read a Post or not.

70 No CVEs

Developer Profile

bbP topic count Developer Profile

Robin W

8 plugins · 8K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

312 days

View full developer profile

Detection Fingerprints

How We Detect bbP topic count

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bbp-topic-count/includes/settings.css/wp-content/plugins/bbp-topic-count/includes/style.css/wp-content/plugins/bbp-topic-count/includes/js/tc_script.js

Script Paths

/wp-content/plugins/bbp-topic-count/includes/settings.css/wp-content/plugins/bbp-topic-count/includes/js/tc_script.js

Version Parameters

bbp-topic-count/style.css?ver=bbp-topic-count/includes/settings.css?ver=

HTML / DOM Fingerprints

CSS Classes

tc-usertc-avatartc-wrappertc-contenttc-profile-link

Data Attributes

data-tc-settings

JS Globals

tc_options

Shortcode Output

[display-topic-count][display-reply-count][display-total-count][display-top-users]

FAQ