Does Bora Bora have any unpatched vulnerabilities?

No. All known vulnerabilities in Bora Bora have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Bora Bora compatible with WordPress 6.8.5?

According to WordPress.org data, Bora Bora 1.3.5 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Bora Bora compatible with PHP 8.2+?

Bora Bora requires PHP 8.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Bora Bora updated?

Bora Bora was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Bora Bora's security score?

Bora Bora has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Bora Bora Security & Risk Analysis

wordpress.org/plugins/bora-bora

Bora Bora helps you manage and monetize your online community. Protect content, manage memberships and connect your WordPress site to your Bora-Bora.

0 active installs v1.3.5 PHP 8.2+ WP 6.0+ Updated Unknown

communitymembershippaywallsubscriptionuser-access

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Bora Bora Safe to Use in 2026?

Generally Safe

Score 100/100

Bora Bora has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "bora-bora" plugin version 1.3.5 exhibits a generally strong security posture, with no known vulnerabilities or critical code signals indicating immediate threats. The absence of dangerous functions, raw SQL queries, and file operations, coupled with proper output escaping and a clean taint analysis, are significant strengths. The plugin also demonstrates good practice by implementing capability checks and nonce checks, contributing to its secure foundation.

However, a key area of concern lies within its attack surface. While the total number of entry points is low, one REST API route is exposed without a permission callback. This represents a potential gateway for unauthorized access or manipulation if not properly secured at the application level. The plugin also makes a notable number of external HTTP requests (8), which, while not inherently a vulnerability, warrants careful monitoring for potential supply chain risks or unexpected behavior if any of these external services are compromised.

Overall, "bora-bora" v1.3.5 appears to be a well-developed plugin with a focus on security fundamentals. The lack of past vulnerabilities further supports this. The primary recommendation for improvement is to secure the unprotected REST API route. Addressing this single point of potential weakness would significantly bolster the plugin's already commendable security standing.

Key Concerns

REST API route without permission callback

Vulnerabilities

None known

Bora Bora Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Bora Bora Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

42 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

Output Escaping

100% escaped42 total outputs

Attack Surface

1 unprotected

Bora Bora Attack Surface

Entry Points4

Unprotected1

REST API Routes 1

GET/wp-json/boraboraio/v1/reload-user-detailsincludes\api\class-boraboraio-internal-api.php:33

Shortcodes 3

[boraboraio_billing_portal_url] includes\class-boraboraio-billing_portal-shortcode.php:27

[boraboraio_change_password] includes\class-boraboraio-pw-change-shortcode.php:72

[boraboraio_referral_details] includes\class-boraboraio-referral-shortcode.php:57

WordPress Hooks 21

actionactivated_pluginbora_bora.php:91

filterhttp_request_argsincludes\api\class-boraboraio-api-client.php:20

actionrest_api_initincludes\api\class-boraboraio-internal-api.php:42

filtershow_admin_barincludes\class-boraboraio-hide-adminbar.php:16

actionwpincludes\class-boraboraio-page-loaded.php:8

actioncarbon_fields_register_fieldsincludes\class-boraboraio-settings.php:145

filtercarbon_fields_theme_options_container_savedincludes\class-boraboraio-settings.php:180

actioncarbon_fields_register_fieldsincludes\class-boraboraio-settings.php:208

actioncarbon_fields_register_fieldsincludes\class-boraboraio-settings.php:247

actionwp_loginincludes\class-boraboraio-user-login.php:64

actionwp_logoutincludes\class-boraboraio-user-login.php:110

actioncheck_passwordsincludes\class-boraboraio-user-password-change.php:24

actionplugins_loadedincludes\class-boraboraio.php:125

actionadmin_enqueue_scriptsincludes\class-boraboraio.php:139

actionadmin_enqueue_scriptsincludes\class-boraboraio.php:140

actionwp_enqueue_scriptsincludes\class-boraboraio.php:154

actionwp_enqueue_scriptsincludes\class-boraboraio.php:155

actionadmin_initincludes\service\class-boraboraio-wordpress-restrict_backend.php:19

filterauth_cookie_expirationincludes\service\class-boraboraio-wordpress-session.php:24

actioncarbon_fields_register_fieldsincludes\service\class-boraboraio-wordpress-session.php:28

actionlogin_enqueue_scriptsincludes\service\class-boraboraio-wordpress-session.php:45

Maintenance & Trust

Bora Bora Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedUnknown

PHP min version8.2

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Bora Bora Alternatives

codoc

A WordPress plugin for monetizing your website with paid articles, Reader Plans, and tipping.

2K 1 CVE

Memberful – Membership Plugin

memberful-wp

Sell memberships and restrict access to content with WordPress and Memberful.

1K 3 CVEs

Leaky Paywall

leaky-paywall

The subscription engine for news & niche publishers.

800 5 CVEs

Wallkit Subscriptions & Paywall Plugin for WordPress

wallkit

A Plug & Play paid-content system to manage subscribers, gather fees and drive additional content sales.

20 No CVEs

Pelcro: Content Subscription Platform

pay-to-view

The #1 Content Subscription Platform. All the tools you need to drive subscription revenue from your audience. Setup a membership paywall in minutes.

10 No CVEs

Developer Profile

Bora Bora Developer Profile

boraboraio

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Bora Bora

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bora-bora/assets/css/style.css/wp-content/plugins/bora-bora/assets/css/boraboraio-admin-style.css/wp-content/plugins/bora-bora/assets/js/boraboraio-admin.js

Script Paths

/wp-content/plugins/bora-bora/assets/js/boraboraio-admin.js

Version Parameters

bora-bora/assets/css/style.css?ver=bora-bora/assets/css/boraboraio-admin-style.css?ver=bora-bora/assets/js/boraboraio-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

boraboraio-admin

Data Attributes

data-boraboraio-plugin-name

JS Globals

boraboraio_admin_params

REST Endpoints

/wp-json/boraboraio/v1/settings

Shortcode Output

[boraboraio_referral][boraboraio_pw_change][boraboraio_billing_portal]

FAQ