WP-Safety

Comment Like Dislike for BuddyPress Activity Security & Risk Analysis

wordpress.org/plugins/bp-activity-comment-like-dislike

Comment Like Dislike for BuddyPress Activity also known as upvote / downvote counters.

10 active installs v1.0 PHP + WP 5.0+ Updated Mar 30, 2022
activitybuddypresscommentlike-dislike
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Comment Like Dislike for BuddyPress Activity Safe to Use in 2026?

Generally Safe

Score 85/100

Comment Like Dislike for BuddyPress Activity has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "bp-activity-comment-like-dislike" plugin version 1.0 exhibits a concerning security posture primarily due to a lack of authentication checks on its AJAX handlers and the presence of unsanitized data flows. While the plugin demonstrates good practices by exclusively using prepared statements for SQL queries and having a high percentage of properly escaped output, these strengths are overshadowed by critical vulnerabilities identified through taint analysis. Three high-severity taint flows with unsanitized paths indicate that user-supplied data might be processed in a way that could lead to security issues, even without direct SQL injection or cross-site scripting being explicitly reported. The complete absence of a vulnerability history is a positive indicator of past security diligence, but it does not negate the current risks identified in the static analysis. Overall, the plugin has significant weaknesses that expose it to potential attacks through its unprotected AJAX endpoints, which could be exploited if the identified taint flows are successfully leveraged.

Key Concerns

  • AJAX handlers without authentication checks
  • High severity unsanitized taint flows
  • No nonce checks on AJAX handlers
  • No capability checks on AJAX handlers
Vulnerabilities
None known

Comment Like Dislike for BuddyPress Activity Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Comment Like Dislike for BuddyPress Activity Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
22 prepared
Unescaped Output
3
26 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared22 total queries

Output Escaping

90% escaped29 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
acld_bp_user_like (includes\class-acld-vote-updown.php:75)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Comment Like Dislike for BuddyPress Activity Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_buddypress_user_likeincludes\class-acld-vote-updown.php:22
authwp_ajax_buddypress_user_dislikeincludes\class-acld-vote-updown.php:23
WordPress Hooks 3
actionadmin_noticesbp-activity-comment-like-dislike.php:33
actionbp_activity_comment_optionsincludes\class-acld-vote-updown.php:20
actionwp_enqueue_scriptsincludes\class-acld-vote-updown.php:21
Maintenance & Trust

Comment Like Dislike for BuddyPress Activity Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedMar 30, 2022
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Comment Like Dislike for BuddyPress Activity Alternatives

BuddyPress Activity Comment Notifier

BuddyPress Activity Comment Notifier

bp-activity-comment-notifier

A
85

BuddyPress Activity Comment Notifier plugin emulates the facebook style notification for the comments made on user activity.

70 No CVEs
BP Import Blog Activity

BP Import Blog Activity

bp-import-blog-activity

A
85

Updates BuddyPress activity streams with missing blog comments and posts

10 No CVEs
BP Include Non-member Comments

BP Include Non-member Comments

bp-include-non-member-comments

A
85

Inserts blog comments from non-logged-in users into the activity stream

10 No CVEs
BuddyPress Activity Stream as Blog Comments

BuddyPress Activity Stream as Blog Comments

buddypress-activity-as-blog-comments

A
100

This plugin will replace the blog comments section with the activity stream reply system

10 No CVEs
BuddyPress Last Comments Widget

BuddyPress Last Comments Widget

bp-last-comments-widget

A
85

Shows a list of most recently added BP activity comments.

0 No CVEs
Developer Profile

Comment Like Dislike for BuddyPress Activity Developer Profile

Dhaval Kasavala

2 plugins · 910 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Comment Like Dislike for BuddyPress Activity

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bp-activity-comment-like-dislike/assets/js/script.js
Script Paths
/wp-content/plugins/bp-activity-comment-like-dislike/assets/js/script.js
Version Parameters
bp-activity-comment-like-dislike/assets/js/script.js?ver=1.0.0

HTML / DOM Fingerprints

CSS Classes
like_textlike_countdislike_textdislike_count
Data Attributes
data-cmt-iddata-act-iddata-act-snd-iddata-usr-iddata-type
JS Globals
frontend_ajax
REST Endpoints
/wp-json/admin-ajax.php
FAQ

Frequently Asked Questions about Comment Like Dislike for BuddyPress Activity