WP-Safety

bbPress Notify (No-Spam) Security & Risk Analysis

wordpress.org/plugins/bbpress-notify-nospam

Powerful, customizable email notifications for bbPress and BuddyBoss forums — without the spam.

3K active installs v3.0.3 PHP 7.4+ WP 3.1+ Updated Mar 11, 2026
bbpressbuddybossemail-notificationforum-notificationsno-spam
98
A · Safe
CVEs total2
Unpatched0
Last CVEJul 19, 2025
Download
Safety Verdict

Is bbPress Notify (No-Spam) Safe to Use in 2026?

Generally Safe

Score 98/100

bbPress Notify (No-Spam) has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Jul 19, 2025Updated 2mo ago
Risk Assessment

The 'bbpress-notify-nospam' plugin v3.0.3 exhibits a generally good security posture, with strong adherence to best practices like prepared SQL statements and a high percentage of properly escaped output. The static analysis shows no critical or high severity taint flows, and all identified entry points appear to have authorization checks, which is commendable. The presence of only two medium severity Cross-Site Scripting (XSS) vulnerabilities in its history, both of which are marked as patched, suggests a history of addressing security issues promptly.

However, the plugin's vulnerability history does reveal a pattern of Cross-Site Scripting vulnerabilities, even if they are addressed. This indicates a potential for subtle input sanitization issues that might be missed in static analysis alone. The existence of one file operation and one external HTTP request, while not inherently risky, warrants careful review in combination with the vulnerability history, as these can sometimes be vectors for exploitation if not handled with extreme care.

In conclusion, 'bbpress-notify-nospam' v3.0.3 presents a relatively low-risk profile due to its proactive security measures. The key areas of vigilance should remain input sanitization to prevent future XSS, and careful scrutiny of file operations and external requests. The prompt patching of past vulnerabilities is a significant positive, balancing the concerns raised by past XSS findings.

Key Concerns

  • Past XSS vulnerabilities
  • File operation detected
  • External HTTP request detected
Vulnerabilities
2 published

bbPress Notify (No-Spam) Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-49962medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

bbPress Notify <= 2.19.5 - Reflected Cross-Site Scripting

Jul 19, 2025 Patched in 2.20 (129d)
CVE-2024-37485medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

bbPress Notify <= 2.18.3 - Reflected Cross-Site Scripting

Jul 4, 2024 Patched in 2.18.4 (7d)
Version History

bbPress Notify (No-Spam) Release Timeline

v3.0.3Current
v3.0.2
v3.0.1
v3.0.0
v2.27.7
v2.20
v2.19.51 CVE
CVE-2025-49962
vv2.19.41 CVE
CVE-2025-49962
v2.19.31 CVE
CVE-2025-49962
v2.19.21 CVE
CVE-2025-49962
v2.19.11 CVE
CVE-2025-49962
v2.191 CVE
CVE-2025-49962
v2.18.51 CVE
CVE-2025-49962
v2.18.41 CVE
CVE-2025-49962
v2.18.32 CVEs
CVE-2024-37485 CVE-2025-49962
v2.18.22 CVEs
CVE-2024-37485 CVE-2025-49962
v2.18.12 CVEs
CVE-2024-37485 CVE-2025-49962
v2.182 CVEs
CVE-2024-37485 CVE-2025-49962
v2.17.102 CVEs
CVE-2024-37485 CVE-2025-49962
v2.17.72 CVEs
CVE-2024-37485 CVE-2025-49962
Code Analysis
Analyzed Mar 16, 2026

bbPress Notify (No-Spam) Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
4
198 escaped
Nonce Checks
6
Capability Checks
3
File Operations
1
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

98% escaped202 total outputs
Attack Surface

bbPress Notify (No-Spam) Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 4

authwp_ajax_bbpnns-notice-handlerincludes\controller\class-bbpress-notify-nospam-controller-admin-notices.php:73
authwp_ajax_bbpnns_update_dbincludes\controller\class-bbpress-notify-nospam-controller-ajax.php:38
authwp_ajax_bbpnns_dry_run_fetch_postsincludes\controller\class-bbpress-notify-nospam-controller-ajax.php:39
authwp_ajax_bbpnns_dry_run_run_testincludes\controller\class-bbpress-notify-nospam-controller-ajax.php:40

Shortcodes 1

[bbpnns_date] includes\controller\class-bbpress-notify-nospam-controller-common-core.php:606
WordPress Hooks 60
actionplugins_loadedincludes\class-bbpress-notify-nospam-uninstall.php:46
filterplugin_action_linksincludes\controller\class-bbpress-notify-nospam-controller-admin-core.php:34
actionadmin_initincludes\controller\class-bbpress-notify-nospam-controller-admin-core.php:37
actionadd_meta_boxesincludes\controller\class-bbpress-notify-nospam-controller-admin-core.php:40
actionadmin_noticesincludes\controller\class-bbpress-notify-nospam-controller-admin-notices.php:61
filterwp_redirectincludes\controller\class-bbpress-notify-nospam-controller-admin-notices.php:65
filterpost_updated_messagesincludes\controller\class-bbpress-notify-nospam-controller-admin-notices.php:69
actionadmin_noticesincludes\controller\class-bbpress-notify-nospam-controller-admin-notices.php:121
filterbbp_forum_subscription_mail_messageincludes\controller\class-bbpress-notify-nospam-controller-ajax.php:78
filterbbp_subscription_mail_messageincludes\controller\class-bbpress-notify-nospam-controller-ajax.php:79
filterbbpnns_dry_runincludes\controller\class-bbpress-notify-nospam-controller-ajax.php:88
actionsave_postincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:145
actionbbpnns_dry_run_traceincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:147
actionbbp_new_topicincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:156
actionbbp_approved_topicincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:159
actionbbpress_notify_bg_topicincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:165
actionbbp_new_replyincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:172
actionbbp_approved_replyincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:175
actionbbpress_notify_bg_replyincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:181
actionbbp_new_topicincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:189
actionbbp_approved_topicincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:192
actionbbp_new_replyincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:200
actionbbp_approved_replyincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:203
filterbbp_forum_subscription_user_idsincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:214
filterbbp_forum_subscription_mail_messageincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:215
actioninitincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:216
filterbbp_topic_subscription_user_idsincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:218
filterbbp_subscription_mail_messageincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:219
actioninitincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:220
filterbbpress_notify_recipients_hidden_forumincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:225
filterbbpnns_available_tagsincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:228
filterbbpnns_available_topic_tagsincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:229
filterbbpnns_available_reply_tagsincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:232
filterbbpnns_is_in_effectincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:234
actionuser_registerincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:238
filterbbp_use_autoembedincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:621
filterwp_mail_content_typeincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:1351
actionwp_mail_failedincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:1354
actionphpmailer_initincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:1369
actionphpmailer_initincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:1490
filtermandrill_nl2brincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:1537
filterbbpnns_dry_run_trace_infoincludes\controller\class-bbpress-notify-nospam-controller-common-core.php:1594
actiontemplate_redirectincludes\controller\class-bbpress-notify-nospam-controller-login.php:38
filterbbpnns_topic_urlincludes\controller\class-bbpress-notify-nospam-controller-login.php:40
filterbbpnns_reply_urlincludes\controller\class-bbpress-notify-nospam-controller-login.php:41
filterbbpnns_topic_replyincludes\controller\class-bbpress-notify-nospam-controller-login.php:42
actionadmin_menuincludes\controller\class-bbpress-notify-nospam-controller-settings.php:65
actionadmin_initincludes\controller\class-bbpress-notify-nospam-controller-settings.php:66
filterbbpnns_settings_pagehookincludes\controller\class-bbpress-notify-nospam-controller-settings.php:68
filterbbpnns_settings_available_topics_tagsincludes\controller\class-bbpress-notify-nospam-controller-settings.php:69
filterbbpnns_settings_available_reply_tagsincludes\controller\class-bbpress-notify-nospam-controller-settings.php:70
actionplugins_loadedincludes\controller\class-bbpress-notify-nospam-controller-settings.php:74
filterbbpnns-warningsincludes\controller\class-bbpress-notify-nospam-controller-settings.php:76
actionplugins_loadedincludes\controller\class-bbpress-notify-nospam-uninstall.php:46
actioninitincludes\controller\class-bbpress-notify-nospam.php:75
actioninitincludes\controller\class-bbpress-notify-nospam.php:76
actionplugins_loadedincludes\controller\class-bbpress-notify-nospam.php:214
actionadmin_noticesincludes\controller\class-bbpress-notify-nospam.php:216
actionadmin_enqueue_scriptsincludes\helper\class-bbpress-notify-nospam-helper-converter.php:25
filterbbpnns_settings_registered_tabsincludes\view\class-bbpress-notify-nospam-view-settings.php:34

Scheduled Events 2

bbpress_notify_bg_reply
bbpress_notify_bg_topic
Maintenance & Trust

bbPress Notify (No-Spam) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 11, 2026
PHP min version7.4
Downloads293K

Community Trust

Rating96/100
Number of ratings39
Active installs3K
Alternatives

bbPress Notify (No-Spam) Alternatives

bbPress Notify Admins

bbPress Notify Admins

bbp-notify-admins

A
85

bbPress Notify Admins plugin notifies all site admins when a new topic is created or a new reply is posted on the bbPress based forums.

40 No CVEs
FrontPage Buddy – Custom landing pages for members, groups and profiles

FrontPage Buddy – Custom landing pages for members, groups and profiles

frontpage-buddy

A
100

Personalised front pages for buddypress & buddyboss members & groups, bbpress profiles and 'Ultimate Member' profiles.

30 No CVEs
One User Avatar | User Profile Picture

One User Avatar | User Profile Picture

one-user-avatar

A
99

Use any image from your WordPress Media Library as a custom user avatar or user profile picture. Add your own Default Avatar.

100K 2 CVEs
Content Aware Sidebars – Fastest Widget Area Plugin

Content Aware Sidebars – Fastest Widget Area Plugin

content-aware-sidebars

A
99

Display new sidebars on any post, page, category etc. Works with Classic Widgets, Block Widgets, and all themes!

30K 1 CVE
Stop Spammers Classic

Stop Spammers Classic

stop-spammer-registrations-plugin

A
89

A simplified, restored, and preserved version of the original Stop Spammers plugin.

30K 8 CVEs
Developer Profile

bbPress Notify (No-Spam) Developer Profile

useStrict

2 plugins · 5K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
47 days
View full developer profile
Detection Fingerprints

How We Detect bbPress Notify (No-Spam)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bbpress-notify-nospam/assets/css/admin.css/wp-content/plugins/bbpress-notify-nospam/assets/js/admin.js
Script Paths
/wp-content/plugins/bbpress-notify-nospam/assets/js/admin.js
Version Parameters
bbpress-notify-nospam/assets/css/admin.css?ver=bbpress-notify-nospam/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
bbpnns-admin-settings-page
HTML Comments
<!-- Location: bbpress-notify-nospam/bbpress-notify-nospam.php --><!-- bbPress Notify (No-Spam) v3.0.3 Admin Settings -->
Data Attributes
data-bbpnns-nonce
JS Globals
bbpnns_admin_options
FAQ

Frequently Asked Questions about bbPress Notify (No-Spam)