BuddyPress Activity Filter Security & Risk Analysis
wordpress.org/plugins/bp-activity-filterEasily manage your BuddyPress Activity Stream by filtering specific activity types, setting default filters, and enabling public Custom Post Types (CP …
Is BuddyPress Activity Filter Safe to Use in 2026?
Generally Safe
Score 100/100BuddyPress Activity Filter has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The bp-activity-filter plugin v3.2.0 exhibits a generally good security posture, with strong adherence to secure coding practices. The static analysis reveals no immediately apparent critical vulnerabilities such as dangerous functions, raw SQL queries, or external HTTP requests. The high percentage of properly escaped output and the presence of nonce and capability checks are positive indicators. However, the taint analysis flags three flows with unsanitized paths, which, while not resulting in critical or high severity issues in this analysis, represent a potential area of concern that could be exploited in conjunction with other factors.
The plugin's vulnerability history shows one known medium-severity CVE from 2022, which is currently patched. This indicates that while vulnerabilities have existed, they have been addressed. The historical prevalence of "Missing Authorization" suggests that this was a past focus for attackers, and the current checks in place likely aim to mitigate this. Overall, the plugin is reasonably secure, but the presence of unsanitized paths in the taint analysis warrants careful monitoring and further investigation to ensure no latent risks exist.
Key Concerns
- Unsanitized paths in taint analysis
- Past medium severity CVE in vulnerability history
BuddyPress Activity Filter Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation
BuddyPress Activity Filter Release Timeline
BuddyPress Activity Filter Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
BuddyPress Activity Filter Attack Surface
WordPress Hooks 32
Maintenance & Trust
BuddyPress Activity Filter Maintenance & Trust
Maintenance Signals
Community Trust
BuddyPress Activity Filter Alternatives
BuddyPress Activity Shortcode
bp-activity-shortcode
BuddyPress Activity shortcode plugin allows you to insert BuddyPress activity stream on any page/post using shortcode.
Activity Plus Reloaded for BuddyPress
bp-activity-plus-reloaded
Note: This plugin will be discontinued by March 31st, 2025 in favor of BuddyPress Attachment plugin. Please migrate to the new plugin before that date …
BuddyPress Sitewide Activity Widget
buddypress-sitewide-activity-widget
BuddyPress Sitewide Activity Widget allows you to use BuddyPress Sitewide activity stream as a widget.
Custom Profile Filters for BuddyPress
custom-profile-filters-for-buddypress
Allows users to take control of the way that the links in their Buddypress profiles are handled.
Buddypress Activity Plus Styling
bp-activity-plus-styling
Additional CSS styles for the Buddypress Activity Plus plugin.
BuddyPress Activity Filter Developer Profile
19 plugins · 10K total installs
How We Detect BuddyPress Activity Filter
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/bp-activity-filter/includes/css/bp-activity-filter.css/wp-content/plugins/bp-activity-filter/includes/js/bp-activity-filter.js/wp-content/plugins/bp-activity-filter/includes/js/bp-activity-filter.jsbp-activity-filter/includes/css/bp-activity-filter.css?ver=bp-activity-filter/includes/js/bp-activity-filter.js?ver=HTML / DOM Fingerprints
bp-activity-filter-wrapdata-bp-activity-filter-noncebpActivityFilterbpaf_params