Does bbPress Topic Location have any unpatched vulnerabilities?

No. All known vulnerabilities in bbPress Topic Location have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is bbPress Topic Location compatible with WordPress 5.3.21?

According to WordPress.org data, bbPress Topic Location 1.0.9 has been tested up to WordPress 5.3.21. Check the plugin's changelog for the latest compatibility information.

How often is bbPress Topic Location updated?

bbPress Topic Location was last updated on Jan 23, 2020. Frequent updates are generally a positive security signal.

What is bbPress Topic Location's security score?

bbPress Topic Location has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

bbPress Topic Location Security & Risk Analysis

wordpress.org/plugins/bbpress-topic-location

This plugin brings topics geolocation to bbPress, and can filter topics by location and radius.

10 active installs v1.0.9 PHP + WP 3.3+ Updated Jan 23, 2020

bbpressgeocodinggeolocationopen-street-map

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is bbPress Topic Location Safe to Use in 2026?

Generally Safe

Score 85/100

bbPress Topic Location has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The bbpress-topic-location plugin version 1.0.9 exhibits a mixed security posture. On the positive side, it utilizes prepared statements for all SQL queries and has no recorded historical vulnerabilities, suggesting a generally conscientious approach to security in its development. However, the static analysis reveals significant concerns. A considerable attack surface is exposed through two AJAX handlers, neither of which includes authentication checks, presenting a clear risk of unauthorized actions. Furthermore, a low percentage of output is properly escaped, indicating potential for Cross-Site Scripting (XSS) vulnerabilities. The presence of an external HTTP request without explicit mention of security considerations is also a minor point of attention.

The lack of taint analysis results could mean either that no flows were found or that the analysis was not comprehensive enough to detect them. Given the identified vulnerabilities in the static analysis, the absence of taint findings should not be considered a sign of complete safety. The plugin's history of zero vulnerabilities is a positive indicator, but it is overshadowed by the immediate risks identified in the current version's code. The absence of nonce checks on AJAX handlers is a critical oversight that, combined with the lack of authentication, amplifies the risk. Overall, while the plugin has a clean history, the current version has several exploitable weaknesses that require immediate attention.

Key Concerns

AJAX handlers without auth checks
Low percentage of properly escaped output
External HTTP requests without clear security
Missing nonce checks on AJAX

Vulnerabilities

None known

bbPress Topic Location Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

bbPress Topic Location Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

24% escaped33 total outputs

Attack Surface

2 unprotected

bbPress Topic Location Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_bbptl_get_geocodingbbpress-topic-location.php:166

noprivwp_ajax_bbptl_get_geocodingbbpress-topic-location.php:167

WordPress Hooks 28

actioninitbbpress-topic-location.php:142

actioninitbbpress-topic-location.php:143

actionwidgets_initbbpress-topic-location.php:144

actionplugins_loadedbbpress-topic-location.php:145

actionadmin_noticesbbpress-topic-location.php:147

actionwp_enqueue_scriptsbbpress-topic-location.php:149

filterquery_varsbbpress-topic-location.php:156

filterposts_clausesbbpress-topic-location.php:157

actionpre_get_postsbbpress-topic-location.php:159

filterpre_get_postsbbpress-topic-location.php:160

actionbbp_new_topicbbpress-topic-location.php:175

actionbbp_edit_topicbbpress-topic-location.php:176

filterbbp_get_topic_classbbpress-topic-location.php:179

filterbbp_get_reply_classbbpress-topic-location.php:180

actionbbp_theme_after_reply_contentbbpress-topic-location.php:183

actionbbp_theme_after_topic_contentbbpress-topic-location.php:184

actionbbp_theme_after_topic_metabbpress-topic-location.php:185

actionbbp_theme_after_topic_form_tagsbbpress-topic-location.php:188

filterbbp_before_has_search_results_parse_argsbbpress-topic-location.php:192

filterbbp_after_has_search_results_parse_argsbbpress-topic-location.php:193

actionbbp_template_before_search_results_loopbbpress-topic-location.php:197

actionbbp_template_after_search_resultsbbpress-topic-location.php:198

actionadmin_enqueue_scriptsbbptl-admin.php:17

actionadd_meta_boxesbbptl-admin.php:18

actionsave_postbbptl-admin.php:19

filterbbp_admin_get_settings_sectionsbbptl-admin.php:23

filterbbp_admin_get_settings_fieldsbbptl-admin.php:24

filterbbp_map_settings_meta_capsbbptl-admin.php:25

Maintenance & Trust

bbPress Topic Location Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21

Last updatedJan 23, 2020

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

bbPress Topic Location Alternatives

Geo Controller GPS extension

cf-geoplugin-gps

100

Enable GPS lookup for the Geo Controller plugin and collect geodata from mobile visitors.

40 No CVEs

One User Avatar | User Profile Picture

one-user-avatar

Use any image from your WordPress Media Library as a custom user avatar or user profile picture. Add your own Default Avatar.

100K 2 CVEs

SlimStat Analytics

wp-slimstat

The leading web analytics plugin for WordPress

80K 23 CVEs

Content Aware Sidebars – Fastest Widget Area Plugin

content-aware-sidebars

Display new sidebars on any post, page, category etc. Works with Classic Widgets, Block Widgets, and all themes!

30K 1 CVE

Geolocation IP Detection

geoip-detect

Provides geographic information detected by an IP adress.

20K 1 CVE

Developer Profile

bbPress Topic Location Developer Profile

grosbouff

16 plugins · 380 total installs

trust score

Avg Security Score

88/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect bbPress Topic Location

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bbpress-topic-location/js/bbptl-frontend.js/wp-content/plugins/bbpress-topic-location/css/bbptl-frontend.css

Version Parameters

bbpress-topic-location/css/bbptl-frontend.css?ver=bbpress-topic-location/js/bbptl-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

bbptl-post-locationbbptl-topic-locationbbptl-reply-locationbbptl-edit-location-wrapbbptl-search-widget

HTML Comments

Data Attributes

data-bbptl-latdata-bbptl-lngdata-bbptl-addressdata-bbptl-map-icondata-bbptl-map-zoom

JS Globals

bbptl_frontend_params

Shortcode Output

[bbpress-topic-location-search]

FAQ