Does bbPress Votes have any unpatched vulnerabilities?

No. All known vulnerabilities in bbPress Votes have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is bbPress Votes compatible with WordPress 5.3.21?

According to WordPress.org data, bbPress Votes 1.2.5 has been tested up to WordPress 5.3.21. Check the plugin's changelog for the latest compatibility information.

How often is bbPress Votes updated?

bbPress Votes was last updated on Jan 13, 2020. Frequent updates are generally a positive security signal.

What is bbPress Votes's security score?

bbPress Votes has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

bbPress Votes Security & Risk Analysis

wordpress.org/plugins/bbpress-votes

Allows logged users to vote up or down to topics and replies inside bbPress, just like you can on StackOverflow for example.

70 active installs v1.2.5 PHP + WP 4.1.1+ Updated Jan 13, 2020

bbpressrateratingvotevotes

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is bbPress Votes Safe to Use in 2026?

Generally Safe

Score 85/100

bbPress Votes has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The bbpress-votes v1.2.5 plugin demonstrates several positive security practices, including the exclusive use of prepared statements for all SQL queries and a notable absence of recorded vulnerabilities. This suggests a developer who understands fundamental security principles. However, the static analysis reveals a critical area of concern: one AJAX handler lacks authentication checks. This unprotected entry point represents a significant attack surface, as it could potentially be triggered by unauthenticated users, opening the door to various exploits depending on its functionality. While the plugin does implement some nonce and capability checks, their absence on this specific AJAX handler is a major oversight. The taint analysis showing one flow with an unsanitized path, though not critical or high severity, warrants attention, especially in conjunction with the unprotected AJAX handler. Despite its strengths in SQL and lack of vulnerability history, the unprotected AJAX handler significantly elevates the risk profile of this plugin.

Key Concerns

AJAX handler without authentication check
Taint flow with unsanitized path
Output escaping not fully implemented (40% not escaped)

Vulnerabilities

None known

bbPress Votes Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

bbPress Votes Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared6 total queries

Output Escaping

60% escaped10 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

bbpvotes_get_votes_log_ajax (bbpvotes-ajax.php:46)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

bbPress Votes Attack Surface

Entry Points3

Unprotected1

AJAX Handlers 3

authwp_ajax_bbpvotes_post_vote_upbbpvotes-ajax.php:53

authwp_ajax_bbpvotes_post_vote_downbbpvotes-ajax.php:54

authwp_ajax_bbpvotes_get_votes_logbbpvotes-ajax.php:55

WordPress Hooks 26

actionbbp_loadedbbpress-votes.php:127

filterquery_varsbbpress-votes.php:128

actionbbp_initbbpress-votes.php:131

actionbbp_initbbpress-votes.php:132

actionbbp_enqueue_scriptsbbpress-votes.php:134

filterbbp_topic_admin_linksbbpress-votes.php:136

filterbbp_reply_admin_linksbbpress-votes.php:137

filterbbp_get_reply_contentbbpress-votes.php:139

filterbbp_get_topic_contentbbpress-votes.php:140

actionbbp_theme_after_reply_author_detailsbbpress-votes.php:142

actionbbp_theme_after_topic_started_bybbpress-votes.php:143

actionbbp_template_before_single_forumbbpress-votes.php:144

filterbbp_before_has_topics_parse_argsbbpress-votes.php:147

actionpre_get_postsbbpress-votes.php:148

actionwpbbpress-votes.php:150

actiondelete_userbbpress-votes.php:152

actionbp_includebbpress-votes.php:155

actionbbp_initbbpvotes-admin.php:24

actionbp_register_activity_actionsbbpvotes-buddypress.php:5

actionbbpvotes_do_post_votebbpvotes-buddypress.php:6

actionbp_setup_navbbpvotes-buddypress.php:7

actionbbp_template_before_user_repliesbbpvotes-buddypress.php:8

actionbp_template_contentbbpvotes-buddypress.php:35

filterbbp_has_replies_querybbpvotes-buddypress.php:52

actionadmin_menubbpvotes-settings.php:9

actionadmin_initbbpvotes-settings.php:10

Maintenance & Trust

bbPress Votes Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21

Last updatedJan 13, 2020

PHP min version

Downloads11K

Community Trust

Rating78/100

Number of ratings15

Active installs70

Alternatives

bbPress Votes Alternatives

bbPress Voting

bbp-voting

Let visitors vote up and down on bbPress topics and replies just like Reddit or Stack Overflow!

500 1 CVE

Multi Rating & Review Matrix System

rating-review-matrix

IMPORTANT UPGRADE INFO 1.0.4 to 1.0.5

10 No CVEs

Simple 5 Star Rating

simple-5-star-rating

This plugin will help readers to interact with you by giving stars to your content. On the basis of star reviews you can plan your further writing con …

0 No CVEs

Crowdsignal Dashboard – Polls, Surveys & more

polldaddy

Manage your Crowdsignal polls, surveys, quizzes, and ratings directly from the WordPress dashboard.

100K 9 CVEs

kk Star Ratings – Rate Post & Collect User Feedbacks

kk-star-ratings

kk Star Ratings allows blog visitors to involve and interact more effectively with your website by rating posts.

80K 4 CVEs

Developer Profile

bbPress Votes Developer Profile

grosbouff

16 plugins · 380 total installs

trust score

Avg Security Score

88/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect bbPress Votes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bbpress-votes/_inc/css/bbpvotes.css/wp-content/plugins/bbpress-votes/_inc/js/bbpvotes.js

Script Paths

/wp-content/plugins/bbpress-votes/_inc/js/bbpvotes.js

Version Parameters

/wp-content/plugins/bbpress-votes/_inc/css/bbpvotes.css?ver=/wp-content/plugins/bbpress-votes/_inc/js/bbpvotes.js?ver=

HTML / DOM Fingerprints

CSS Classes

bbp-vote-upbbp-vote-downbbpvotes-display-scorebbpvotes-karmabbpvotes-logged-in

Data Attributes

data-bbpvotes-post-iddata-bbpvotes-noncedata-bbpvotes-actiondata-bbpvotes-up-labeldata-bbpvotes-down-label

JS Globals

bbpvotesL10n

FAQ