Does bbPress Voting have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is bbPress Voting compatible with WordPress 6.9.4?

According to WordPress.org data, bbPress Voting 2.1.13.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is bbPress Voting compatible with PHP 5.6+?

bbPress Voting requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is bbPress Voting updated?

bbPress Voting was last updated on Dec 4, 2025. Frequent updates are generally a positive security signal.

What is bbPress Voting's security score?

bbPress Voting has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

bbPress Voting Security & Risk Analysis

wordpress.org/plugins/bbp-voting

Let visitors vote up and down on bbPress topics and replies just like Reddit or Stack Overflow!

500 active installs v2.1.13.6 PHP 5.6+ WP 4.0.0+ Updated Dec 4, 2025

bbpressrateratingvotevoting

A · Safe

CVEs total1

Unpatched0

Last CVEJan 27, 2023

Plugin page Download

Safety Verdict

Is bbPress Voting Safe to Use in 2026?

Generally Safe

Score 100/100

bbPress Voting has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jan 27, 2023Updated 5mo ago

Risk Assessment

The "bbp-voting" plugin v2.1.13.6 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and has no external HTTP requests or file operations, significantly reducing common attack vectors. The static analysis shows a small attack surface with all identified entry points protected by authentication.

However, there are notable concerns. The plugin has a history of Cross-site Scripting (XSS) vulnerabilities, with the last one occurring in January 2023. While there are currently no unpatched CVEs, this pattern suggests a recurring weakness in input sanitization or output escaping, which is further evidenced by the static analysis showing a low percentage (23%) of properly escaped outputs. The lack of nonce checks on the AJAX handlers, despite them having authentication, is also a concern, as it could potentially allow for CSRF attacks if the authentication mechanism itself is not robust enough.

Overall, the plugin has strengths in areas like SQL hygiene and limiting external dependencies. Nevertheless, the historical XSS vulnerabilities and the identified issues with output escaping and nonce checks necessitate careful consideration and potential remediation to improve its security. The plugin is not actively vulnerable to known issues at this version, but the underlying code quality in these areas could pose a future risk.

Key Concerns

Low percentage of properly escaped outputs
No nonce checks on AJAX handlers
History of XSS vulnerabilities

Vulnerabilities

1 published

bbPress Voting Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-24403medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

bbPress Voting <= 2.1.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Jan 27, 2023 Patched in 2.1.11.1 (1155d)

Version History

bbPress Voting Release Timeline

v2.1.13.6Current

v2.1.13.5

v2.1.13.4

v2.1.13.3

v2.1.13.2

v2.1.13.1

v2.1.13.0

v2.1.12.7

v2.1.12.3

v2.1.12.2

v2.1.12.1

v2.1.12.0

v2.1.11.12

v2.1.11.11

v2.1.11.10

v2.1.11.9

v2.1.11.8

v2.1.11.7

v2.1.11.6

v2.1.11.5

Code Analysis

Analyzed Mar 16, 2026

bbPress Voting Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

23% escaped26 total outputs

Attack Surface

bbPress Voting Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_bbpress_post_vote_link_clickedajax.php:8

noprivwp_ajax_bbpress_post_vote_link_clickedajax.php:9

WordPress Hooks 27

actionadmin_menubackend.php:24

actionadmin_initbackend.php:35

actionbbp_voting_settings_tabsbackend.php:77

actionbbp_voting_settings_formbackend.php:89

actionbbp_voting_settings_formbackend.php:102

actionbbp_voting_settings_formbackend.php:114

actionplugins_loadedbbp-voting.php:75

actioninitfrontend.php:6

actionbbp_theme_before_topic_titlefrontend.php:12

filterbbp_get_reply_contentfrontend.php:13

filterbbp_get_topic_contentfrontend.php:14

actionbbp_theme_before_topic_titlefrontend.php:18

actionbbp_theme_before_topic_contentfrontend.php:20

actionbbp_theme_before_reply_contentfrontend.php:21

actionwp_enqueue_scriptsfrontend.php:25

actionwp_enqueue_scriptsfrontend.php:26

actionbbp_voting_cptfrontend.php:28

filterbbp_has_topics_queryfrontend.php:30

filterbbp_has_replies_queryfrontend.php:31

filterBp_Search_Forums_sqlfrontend.php:32

filterbody_classfrontend.php:58

actioninitfrontend.php:404

filterbbp_show_lead_topicfrontend.php:407

filtergamipress_activity_triggersgamipress.php:17

actionbbp_voting_votedgamipress.php:92

actionadd_meta_boxesmetabox.php:8

actionsave_postmetabox.php:93

Maintenance & Trust

bbPress Voting Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 4, 2025

PHP min version5.6

Downloads56K

Community Trust

Rating94/100

Number of ratings10

Active installs500

Alternatives

bbPress Voting Alternatives

bbPress Votes

bbpress-votes

Allows logged users to vote up or down to topics and replies inside bbPress, just like you can on StackOverflow for example.

70 No CVEs

kk Star Ratings – Rate Post & Collect User Feedbacks

kk-star-ratings

kk Star Ratings allows blog visitors to involve and interact more effectively with your website by rating posts.

80K 4 CVEs

Like Button Rating ♥ LikeBtn

likebtn-like-button

Add Like button to posts, pages, comments, WooCommerce, BuddyPress, bbPress, UM, custom posts! Sort content by likes! Get instant stats and insights!

4K 5 CVEs

Managed posts rating ★ Like button

managed-posts-rating-like-button

100

Rating system for your WordPress site with a simple "like" button and advanced admin panel.

10 No CVEs

Pro Like Button

prolike-button

Adds buttons to posts with the ability to sort them.

10 No CVEs

Developer Profile

bbPress Voting Developer Profile

natekinkead

2 plugins · 580 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

1155 days

View full developer profile

Detection Fingerprints

How We Detect bbPress Voting

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bbp-voting/css/bbp-voting.css/wp-content/plugins/bbp-voting/js/bbp-voting.js

Script Paths

/wp-content/plugins/bbp-voting/js/bbp-voting.js

Version Parameters

bbp-voting/css/bbp-voting.css?ver=bbp-voting/js/bbp-voting.js?ver=

HTML / DOM Fingerprints

CSS Classes

bbp-voting-activebbp-voting-buddyboss-cssbbp-voting-buttonsbbp-voting-upvotebbp-voting-downvotebbp-voting-vote-count

Data Attributes

data-bbp-voting-post-iddata-bbp-voting-post-typedata-bbp-voting-user-id

JS Globals

bbp_voting_ajax_object

FAQ