Does bbtemplate have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is bbtemplate compatible with WordPress 4.6.30?

According to WordPress.org data, bbtemplate 1.1 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

How often is bbtemplate updated?

bbtemplate was last updated on Oct 15, 2016. Frequent updates are generally a positive security signal.

What is bbtemplate's security score?

bbtemplate has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

bbtemplate Security & Risk Analysis

wordpress.org/plugins/bbtemplate

BBPress Templater - quick creation of BBPress Forums from a predefined template.

10 active installs v1.1 PHP + WP 3.0.1+ Updated Oct 15, 2016

bbpressforumstemplate

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is bbtemplate Safe to Use in 2026?

Generally Safe

Score 85/100

bbtemplate has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The bbtemplate plugin v1.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, using prepared statements for all SQL queries, and having no recorded vulnerability history. This suggests a development team that is conscious of common security pitfalls.

However, significant concerns arise from the static analysis. The plugin exposes a single AJAX handler that lacks any authentication checks, presenting a direct attack vector. Furthermore, a concerning taint analysis result indicates one flow with unsanitized paths, though it's not classified as critical or high severity. The low percentage of properly escaped output (17%) also raises flags, as this could lead to cross-site scripting (XSS) vulnerabilities if user-controlled data is displayed without proper sanitization.

The absence of any historical vulnerabilities is a strong positive, implying a commitment to secure coding. Nevertheless, the presence of an unprotected AJAX endpoint and the unsanitized path flow are immediate risks that require attention. The low output escaping rate also represents a potential, albeit less severe, ongoing risk.

Key Concerns

AJAX handler without authentication
Flow with unsanitized paths
Low output escaping percentage
Missing nonce checks on AJAX

Vulnerabilities

None known

bbtemplate Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

bbtemplate Release Timeline

v1.0

Code Analysis

Analyzed Mar 17, 2026

bbtemplate Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

17% escaped6 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

bbt_createnew_callback (bbtemplate.php:50)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

bbtemplate Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_bbtcreatenewbbtemplate.php:15

WordPress Hooks 4

actionadmin_initbbtemplate.php:76

actionsave_postbbtemplate.php:257

actionadd_meta_boxesbbtemplate.php:258

actioninitbbtemplate.php:314

Maintenance & Trust

bbtemplate Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedOct 15, 2016

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

bbtemplate Alternatives

wpForo Forum

wpforo

Number one WordPress forum plugin with AI features. Full-fledged forum solution with modern forum design. Community builder WordPress forum plugin.

20K 40 CVEs

bbPress – Private Replies

bbpress-private-replies

A simple plugin to allow your bbPress users to mark their replies as private.

300 No CVEs

bbPress Capabilities

bbp-capabilities

Advanced user capability editing, specifically for bbPress

100 No CVEs

bbPress Messages

bbp-messages

bbPress Messages - Simple yet powerful private messaging system tailored for bbPress.

100 No CVEs

bbP Signature

bbp-signature

100

This plugin adds user signature support to bbPress 2.0.

100 No CVEs

Developer Profile

bbtemplate Developer Profile

Kiera Howe

2 plugins · 20 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect bbtemplate

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bbtemplate/jqtree.css/wp-content/plugins/bbtemplate/tree.jquery.js

Script Paths

/wp-content/plugins/bbtemplate/tree.jquery.js

HTML / DOM Fingerprints

CSS Classes

jqtree-elementjqtree-titleeditdelete

Data Attributes

data-node-id

JS Globals

datajqajaxurl

REST Endpoints

/wp-json/bbt/v1/createnew

FAQ

bbtemplate Security & Risk Analysis

Is bbtemplate Safe to Use in 2026?

Generally Safe

Key Concerns

bbtemplate Security Vulnerabilities

bbtemplate Release Timeline

bbtemplate Code Analysis

Output Escaping

Data Flow Analysis

bbtemplate Attack Surface

AJAX Handlers 1

bbtemplate Maintenance & Trust

Maintenance Signals

Community Trust

bbtemplate Alternatives

wpForo Forum

bbPress – Private Replies

bbPress Capabilities

bbPress Messages

bbP Signature

bbtemplate Developer Profile

How We Detect bbtemplate

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about bbtemplate