Does bbPress Pencil Unread have any unpatched vulnerabilities?

No. All known vulnerabilities in bbPress Pencil Unread have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is bbPress Pencil Unread compatible with WordPress 5.3.21?

According to WordPress.org data, bbPress Pencil Unread 1.3.2 has been tested up to WordPress 5.3.21. Check the plugin's changelog for the latest compatibility information.

Is bbPress Pencil Unread compatible with PHP 5.6+?

bbPress Pencil Unread requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is bbPress Pencil Unread updated?

bbPress Pencil Unread was last updated on Jan 13, 2020. Frequent updates are generally a positive security signal.

What is bbPress Pencil Unread's security score?

bbPress Pencil Unread has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

bbPress Pencil Unread Security & Risk Analysis

wordpress.org/plugins/bbpress-pencil-unread

bbPress Pencil Unread display which bbPress forums/topics have already been read by the user.

100 active installs v1.3.2 PHP 5.6+ WP + Updated Jan 13, 2020

bbpressmark-as-readnewtopicsunread

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is bbPress Pencil Unread Safe to Use in 2026?

Generally Safe

Score 85/100

bbPress Pencil Unread has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The bbpress-pencil-unread v1.3.2 plugin exhibits a generally strong security posture based on the provided static analysis. It demonstrates good development practices with a low attack surface consisting of only one AJAX handler, which, importantly, appears to be protected by authentication. The plugin also utilizes prepared statements for the vast majority of its SQL queries, limits file operations and external requests, and incorporates both nonce and capability checks. The absence of any recorded vulnerabilities or CVEs further contributes to this positive assessment. However, a significant concern arises from the output escaping. With only 50% of outputs properly escaped, there is a notable risk of Cross-Site Scripting (XSS) vulnerabilities. This could allow an attacker to inject malicious scripts into the site, potentially leading to session hijacking, credential theft, or defacement. While other indicators are favorable, this unescaped output presents a tangible threat that requires attention.

Key Concerns

50% of outputs are not properly escaped

Vulnerabilities

None known

bbPress Pencil Unread Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

bbPress Pencil Unread Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

91% prepared11 total queries

Output Escaping

50% escaped8 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

ajax_mark_single_forum_as_read (bbppu-forum-marks.php:23)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

bbPress Pencil Unread Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_bbppu_mark_single_forum_as_readbbppu-forum-marks.php:19

WordPress Hooks 28

actionbbp_initbbppu-bookmarks.php:7

actionbbp_theme_after_reply_contentbbppu-bookmarks.php:14

actionbbp_template_after_replies_loopbbppu-bookmarks.php:15

actionbbp_theme_after_topic_titlebbppu-bookmarks.php:16

actionbbp_initbbppu-forum-marks.php:8

actionbbp_template_before_forums_indexbbppu-forum-marks.php:15

actionbbp_template_before_single_forumbbppu-forum-marks.php:16

actionwpbbppu-forum-marks.php:17

actionadmin_menubbppu-settings.php:9

actionadmin_initbbppu-settings.php:10

actionbbp_initbbpress-pencil-unread.php:125

actionbbp_loadedbbpress-pencil-unread.php:126

actionbbp_initbbpress-pencil-unread.php:128

actionbbp_initbbpress-pencil-unread.php:131

actionbbp_enqueue_scriptsbbpress-pencil-unread.php:132

actionadmin_enqueue_scriptsbbpress-pencil-unread.php:133

actionbbp_footerbbpress-pencil-unread.php:137

filterbbp_get_forum_classbbpress-pencil-unread.php:238

filterbbp_get_topic_classbbpress-pencil-unread.php:239

filterbbp_list_forumsbbpress-pencil-unread.php:240

actionbbp_template_after_replies_loopbbpress-pencil-unread.php:243

actionbbp_new_topicbbpress-pencil-unread.php:246

actionsave_postbbpress-pencil-unread.php:247

actionbbp_new_replybbpress-pencil-unread.php:249

actionsave_postbbpress-pencil-unread.php:250

filterquery_varsbbpress-pencil-unread.php:253

actionpre_get_postsbbpress-pencil-unread.php:254

filterbbp_list_forumsbbpress-pencil-unread.php:786

Maintenance & Trust

bbPress Pencil Unread Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21

Last updatedJan 13, 2020

PHP min version5.6

Downloads16K

Community Trust

Rating98/100

Number of ratings11

Active installs100

Alternatives

bbPress Pencil Unread Alternatives

bbPress New Topics

bbpress-new-topics

Displays a "new" label on topics that are unread or have unread replies for all keymasters and moderators.

100 No CVEs

bbPress – Mark as Read

bbpress-mark-as-read

100

A simple plugin to add Mark as read / Unread links to your bbPress forum topics.

40 No CVEs

Mark New Posts

mark-new-posts

Highlight unread posts on your blog.

500 1 CVE

bbPress No CAPTCHA reCAPTCHA

bbpress-no-captcha-recaptcha

Adds Google’s No CAPTCHA reCAPTCHA to bbPress forms.

200 No CVEs

bbPress – Report Content

bbpress-report-content

Give your bbPress forum users the ability to report inappropriate content or spam in topics or replies.

200 No CVEs

Developer Profile

bbPress Pencil Unread Developer Profile

grosbouff

16 plugins · 380 total installs

trust score

Avg Security Score

88/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect bbPress Pencil Unread

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bbpress-pencil-unread/css/bbppu-styles.css/wp-content/plugins/bbpress-pencil-unread/js/bbppu-functions.js/wp-content/plugins/bbpress-pencil-unread/js/bbppu-template.js/wp-content/plugins/bbpress-pencil-unread/js/bbppu-settings.js

Script Paths

/wp-content/plugins/bbpress-pencil-unread/js/bbppu-functions.js/wp-content/plugins/bbpress-pencil-unread/js/bbppu-template.js/wp-content/plugins/bbpress-pencil-unread/js/bbppu-settings.js

Version Parameters

bbpress-pencil-unread/css/bbppu-styles.css?ver=bbpress-pencil-unread/js/bbppu-functions.js?ver=bbpress-pencil-unread/js/bbppu-template.js?ver=bbpress-pencil-unread/js/bbppu-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes

bbppu-reading-indicator

HTML Comments

Data Attributes

data-bbppu-user-iddata-bbppu-post-id

JS Globals

bbppu_ajax_object

FAQ