Does Wbcom Designs – Birthday Widget for BuddyPress have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Wbcom Designs – Birthday Widget for BuddyPress compatible with WordPress 6.9.4?

According to WordPress.org data, Wbcom Designs – Birthday Widget for BuddyPress 2.4.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Wbcom Designs – Birthday Widget for BuddyPress compatible with PHP 7.4+?

Wbcom Designs – Birthday Widget for BuddyPress requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is Wbcom Designs – Birthday Widget for BuddyPress's security score?

Wbcom Designs – Birthday Widget for BuddyPress has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Wbcom Designs – Birthday Widget for BuddyPress Security & Risk Analysis

wordpress.org/plugins/birthday-widget-for-buddypress

Display upcoming birthdays of BuddyPress members with a beautiful, responsive widget that integrates seamlessly with any WordPress theme.

400 active installs v2.4.1 PHP 7.4+ WP 5.0+ Updated Apr 3, 2026

birthdaysbuddypresscommunitymemberswidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Wbcom Designs – Birthday Widget for BuddyPress Safe to Use in 2026?

Generally Safe

Score 100/100

Wbcom Designs – Birthday Widget for BuddyPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The birthday-widget-for-buddypress plugin, version 2.4.0, demonstrates a generally strong security posture based on the provided static analysis. The plugin effectively utilizes prepared statements for its SQL queries (67% prepared, which is decent but could be higher), and boasts an excellent 99% rate for proper output escaping, significantly reducing the risk of XSS vulnerabilities. The presence of a nonce check and a capability check on its entry points further enhances security by ensuring authenticated and authorized access. The absence of dangerous functions, file operations, and external HTTP requests are all positive indicators. Furthermore, the plugin has no recorded vulnerabilities, past or present, which suggests a history of secure development practices.

Despite the positive findings, there are minor areas for improvement. While the majority of SQL queries use prepared statements, there's still a percentage that does not, introducing a potential, albeit likely small, risk of SQL injection if not carefully handled. The total attack surface is low with no unprotected entry points, which is excellent. The taint analysis shows zero flows, which is a strong positive. However, the absence of taint analysis results (0 flows analyzed) could mean the analysis tool was not configured to perform this deep inspection, or there simply were no exploitable taint paths found in the code. The vulnerability history is currently spotless, which is ideal, but it's always wise to remain vigilant for future releases.

Overall, this plugin appears to be developed with security in mind. The strengths lie in its robust output escaping, good nonce and capability checks, and a clean vulnerability history. The main areas for slight improvement would be to ensure all SQL queries are prepared and to continue vigilant security testing in future development cycles. The current risk is assessed as low.

Key Concerns

SQL queries not using prepared statements

Vulnerabilities

None known

Wbcom Designs – Birthday Widget for BuddyPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Wbcom Designs – Birthday Widget for BuddyPress Release Timeline

v2.4.1Current

v2.4.0

v2.3.0

v2.1.0

v2.0.3

v2.0.2

v1.7.0

v1.6.0

Code Analysis

Analyzed Mar 16, 2026

Wbcom Designs – Birthday Widget for BuddyPress Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

98 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared6 total queries

Output Escaping

99% escaped99 total outputs

Attack Surface

Wbcom Designs – Birthday Widget for BuddyPress Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 2

authwp_ajax_bb_birthdays_actioncore-init.php:455

noprivwp_ajax_bb_birthdays_actioncore-init.php:456

Shortcodes 1

[bp_birthdays] core-init.php:315

WordPress Hooks 34

actionadmin_menuadmin\class-bp-birthdays-admin.php:77

actionadmin_initadmin\class-bp-birthdays-admin.php:78

actionadmin_enqueue_scriptsadmin\class-bp-birthdays-admin.php:79

actionplugins_loadedadmin\class-bp-birthdays-admin.php:624

actionadmin_noticesbuddypress-birthdays.php:53

actionadmin_initbuddypress-birthdays.php:57

actionwp_enqueue_scriptscore-init.php:53

actionwp_enqueue_scriptscore-init.php:115

actionwp_footercore-init.php:151

actionwp_footercore-init.php:400

actionbb_cleanup_old_wishescore-init.php:493

actionxprofile_data_after_savecore-init.php:521

actionfriends_friendship_acceptedcore-init.php:533

actionfriends_friendship_deletedcore-init.php:545

actionfriends_friendship_withdrawncore-init.php:555

actiondelete_usercore-init.php:565

actionwpmu_delete_usercore-init.php:566

actionuser_registercore-init.php:576

actionbp_follow_start_followingcore-init.php:586

actionbp_follow_stop_followingcore-init.php:587

actionbb_cleanup_old_wishescore-init.php:595

actioninitincludes\class-bp-birthdays-notifications.php:76

actioninitincludes\class-bp-birthdays-notifications.php:82

actionbp_setup_globalsincludes\class-bp-birthdays-notifications.php:85

filterbp_notifications_get_registered_componentsincludes\class-bp-birthdays-notifications.php:88

filterbp_notifications_get_notifications_for_userincludes\class-bp-birthdays-notifications.php:89

actionbp_core_install_emailsincludes\class-bp-birthdays-notifications.php:92

filterbp_email_get_schemaincludes\class-bp-birthdays-notifications.php:93

filterbp_email_get_type_schemaincludes\class-bp-birthdays-notifications.php:94

actionadmin_initincludes\class-bp-birthdays-notifications.php:97

actionbp_register_activity_actionsincludes\class-bp-birthdays-notifications.php:100

filterwp_mail_content_typeincludes\class-bp-birthdays-notifications.php:550

filterwp_mail_content_typeincludes\class-bp-birthdays-notifications.php:782

actionbp_loadedincludes\class-bp-birthdays-notifications.php:830

Scheduled Events 1

bb_cleanup_old_wishes

Maintenance & Trust

Wbcom Designs – Birthday Widget for BuddyPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 3, 2026

PHP min version7.4

Downloads12K

Community Trust

Rating100/100

Number of ratings1

Active installs400

Alternatives

Wbcom Designs – Birthday Widget for BuddyPress Alternatives

ProfileGrid – User Profiles, Groups and Communities

profilegrid-user-profiles-groups-and-communities

Custom user profiles plugin ❤ with paid memberships, groups, communities, content restriction, user registration, messaging, WooCommerce memberships, …

6K 52 CVEs

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

youzify

The best BuddyPress plugin for building online communities, user profile, social networks, and membership sites on WordPress with tons of features.

6K 1 unpatched

RumbleTalk Live Group Chat – HTML5

rumbletalk-chat-a-chat-with-themes

Live group chat plugin for WordPress. Integrate it into your website in minutes. Create one or multiple rooms effortlessly.

800 3 CVEs

TDLC Birthdays

tdlc-birthdays

A simple BuddyPress plugin displaying the birthday of members in a sidebar Widget. 9 languages, many options available. Check out the description :)

100 No CVEs

BuddyPress Extend Widgets

bp-extend-widgets

Provide all widgets with BuddyPress specific fields (conditional display logic)

10 No CVEs

Developer Profile

Wbcom Designs – Birthday Widget for BuddyPress Developer Profile

wbcomdesigns

19 plugins · 10K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

807 days

View full developer profile

Detection Fingerprints

How We Detect Wbcom Designs – Birthday Widget for BuddyPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/birthday-widget-for-buddypress/css/bp-birthdays-widget.css/wp-content/plugins/birthday-widget-for-buddypress/js/bp-birthdays-widget.js/wp-content/plugins/birthday-widget-for-buddypress/admin/css/bp-birthdays-admin-settings.css/wp-content/plugins/birthday-widget-for-buddypress/admin/js/bp-birthdays-admin-settings.js

Version Parameters

birthday-widget-for-buddypress/css/bp-birthdays-widget.css?ver=birthday-widget-for-buddypress/js/bp-birthdays-widget.js?ver=birthday-widget-for-buddypress/admin/css/bp-birthdays-admin-settings.css?ver=birthday-widget-for-buddypress/admin/js/bp-birthdays-admin-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes

bp-birthdays-widgetbp-birthdays-admin-settings-wrap

HTML Comments

+114 more

Data Attributes

data-setting-iddata-setting-typedata-section-id

JS Globals

bp_birthdays_admin_settings

FAQ