Does Bebop have any unpatched vulnerabilities?

No. All known vulnerabilities in Bebop have been patched as of the latest data update. Always keep the plugin updated to the latest version.

How often is Bebop updated?

Bebop was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Bebop's security score?

Bebop has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Bebop Security & Risk Analysis

wordpress.org/plugins/bebop

Bebop is a BuddyPress plugin which allows you to connect your BuddyPress profile to other social media platforms such as Twitter, Flickr, Slideshare, …

10 active installs v1.3.2 PHP + WP + Updated Unknown

buddypressoeropen-educational-resourcesukeorwordpress

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Bebop Safe to Use in 2026?

Generally Safe

Score 100/100

Bebop has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The bebop plugin v1.3.2 exhibits a mixed security posture. On one hand, the plugin demonstrates strong adherence to WordPress security best practices by having a clean vulnerability history with no recorded CVEs. Furthermore, the static analysis shows a promisingly small attack surface, with no unprotected AJAX handlers, REST API routes, or shortcodes identified. The presence of nonce checks and capability checks, while limited, indicates some effort towards securing entry points.

However, significant concerns arise from the code analysis. The presence of dangerous functions like `create_function` and `unserialize` immediately flags potential security risks, as these functions can be exploited if not handled with extreme care and robust sanitization. The low percentage of SQL queries using prepared statements (28%) is particularly worrying, suggesting a high probability of SQL injection vulnerabilities. Compounding this, 0% of output escaping is properly implemented, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities across the plugin's output.

Despite the lack of a public vulnerability history, the internal code signals paint a picture of potential weaknesses. The taint analysis showing flows with unsanitized paths, even if not classified as critical or high severity, are still red flags that require attention. The combination of vulnerable functions, widespread unescaped output, and a large number of raw SQL queries strongly suggests that while no public exploits exist yet, the plugin is susceptible to exploitation if an attacker can find and leverage these weaknesses. A responsible disclosure process or immediate code audit is recommended.

Key Concerns

Dangerous function 'unserialize' used
Dangerous function 'create_function' used
Low percentage of prepared statements in SQL queries
No output escaping implemented
Taint analysis found unsanitized paths
Limited capability checks
Limited nonce checks

Vulnerabilities

None known

Bebop Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Bebop Code Analysis

Dangerous Functions

Raw SQL Queries

20 prepared

Unescaped Output

317

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_filter( 'bebop_plugin_extensions', create_function( '$extensions', 'core\bebop-extensions.php:8

unserialize$data = unserialize( $data );extensions\vimeo\import.php:77

SQL Query Safety

28% prepared72 total queries

Output Escaping

0% escaped317 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

5 flows3 with unsanitized paths

bebop_manage_provider (core\bebop-core.php:126)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Bebop Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 32

actionbebop_main_import_cronbebop.php:50

actionbebop_secondary_import_cronbebop.php:51

filtercron_schedulesbebop.php:54

filtercron_schedulesbebop.php:55

actionbp_initbebop.php:149

actionadmin_initcore\bebop-core-admin.php:5

actionadmin_initcore\bebop-core-admin.php:6

actionadmin_initcore\bebop-core-admin.php:7

actionadmin_initcore\bebop-core-admin.php:8

actionall_admin_noticescore\bebop-core-admin.php:9

actionadmin_enqueue_scriptscore\bebop-core-admin.php:10

actionbp_actionscore\bebop-core.php:7

actionwp_enqueue_scriptscore\bebop-core.php:120

actionbp_actionscore\bebop-core.php:125

actionbp_activity_deleted_activitiescore\bebop-core.php:441

actionbp_member_activity_filter_optionscore\bebop-core.php:599

actionbp_activity_filter_optionscore\bebop-core.php:602

actionbp_before_activity_loopcore\bebop-core.php:605

filterbp_ajax_querystringcore\bebop-core.php:609

filterbebop_plugin_extensionscore\bebop-extensions.php:8

actionwp_enqueue_scriptscore\bebop-extensions.php:165

actionbp_template_contentcore\bebop-extensions.php:166

actionbp_actionscore\bebop-feeds.php:5

actionbp_setup_navcore\bebop-pages.php:8

actionbp_setup_navcore\bebop-pages.php:12

filterwp_before_admin_bar_rendercore\bebop-pages.php:13

actionwp_enqueue_scriptscore\templates\user\bebop-user-settings.php:44

actionbp_before_activity_loopextensions\slideshare\core.php:12

filterbp_get_activity_contentextensions\twitter\core.php:7

filterbp_get_activity_content_bodyextensions\twitter\core.php:8

filterbp_get_activity_contentextensions\youtube\core.php:8

filterbp_get_activity_content_bodyextensions\youtube\core.php:9

Scheduled Events 3

bebop_main_import_cron

bebop_secondary_import_cron

bebop_main_import_cron

Maintenance & Trust

Bebop Maintenance & Trust

Maintenance Signals

WordPress version tested

Last updatedUnknown

PHP min version

Downloads7K

Community Trust

Rating80/100

Number of ratings4

Active installs10

Alternatives

Bebop Alternatives

CBX User Online & Last Login

cbxuseronline

100

Shows online users based on cookie for guest and session for registered user. It also records the last login of user.

900 No CVEs

Buddypress Ads

buddypress-ads

This plugin will allow you to publish ads throughout your buddypress site.

10 No CVEs

Buddypress Analytics

buddypress-analytics

This plugin will allow you to easily install Analytics tracting through your Buddypress and wordpress mu sites.

10 No CVEs

Jet Blog List

jet-active-blog-list-ru-edition

Provides a list of blogs sorted by last update (the last activity on the blog) in two columns.

10 No CVEs

Jet Random Members Widget

jet-member-could

100

en: Create a cloud of users on your social network! Do you have many users? Do you want more communication? Install this widget!

10 No CVEs

Developer Profile

Bebop Developer Profile

Dale Mckeown

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Bebop

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bebop/core/resources/js/bebop-provider-helper.js

Script Paths

/wp-content/plugins/bebop/core/resources/js/bebop-provider-helper.js

Version Parameters

bebop/style.css?ver=bebop/core/resources/js/bebop-provider-helper.js?ver=

HTML / DOM Fingerprints

FAQ

Bebop Security & Risk Analysis

Is Bebop Safe to Use in 2026?

Generally Safe

Key Concerns

Bebop Security Vulnerabilities

Bebop Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

Bebop Attack Surface

Scheduled Events 3

Bebop Maintenance & Trust

Maintenance Signals

Community Trust

Bebop Alternatives

CBX User Online & Last Login

Buddypress Ads

Buddypress Analytics

Jet Blog List

Jet Random Members Widget

Bebop Developer Profile

How We Detect Bebop

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Bebop