WP-Safety

Wbcom Designs – BuddyPress Activity Social Share Security & Risk Analysis

wordpress.org/plugins/bp-activity-social-share

A free WordPress plugin enables easy sharing of BuddyPress activities across major social media platforms such as Facebook, Twitter, and LinkedIn.

500 active installs v3.5.4 PHP + WP 4.0+ Updated Nov 18, 2024
activitybuddypressshare
91
A · Safe
CVEs total2
Unpatched0
Last CVEMar 22, 2023
Plugin page Download
Safety Verdict

Is Wbcom Designs – BuddyPress Activity Social Share Safe to Use in 2026?

Generally Safe

Score 91/100

Wbcom Designs – BuddyPress Activity Social Share has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Mar 22, 2023Updated 1yr ago
Risk Assessment

The "bp-activity-social-share" plugin v3.5.4 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by exclusively using prepared statements for SQL queries and achieving a high percentage (90%) of properly escaped outputs. It also includes nonce checks and capability checks on a significant portion of its entry points, and importantly, there are no known unpatched vulnerabilities at this time. The taint analysis also shows no critical or high-severity issues with unsanitized paths.

However, there are notable concerns. The plugin has a substantial attack surface consisting of 6 entry points, with 4 of these (a significant majority) lacking authentication checks. This lack of authorization on multiple AJAX handlers is a critical weakness, potentially allowing unauthorized users to trigger plugin functionalities. Furthermore, the plugin has a history of 2 medium-severity vulnerabilities, primarily related to Cross-Site Request Forgery (CSRF) and Missing Authorization. While currently unpatched vulnerabilities are zero, this historical pattern suggests a recurring tendency towards authorization and input validation flaws.

In conclusion, while the plugin has made strides in secure coding practices like prepared SQL and output escaping, the presence of numerous unprotected AJAX handlers is a serious security risk that requires immediate attention. The historical vulnerability pattern reinforces this concern. The plugin is moderately secure, but the extensive unprotected entry points significantly detract from its overall security.

Key Concerns

  • AJAX handlers without auth checks
  • History of medium severity vulnerabilities
Vulnerabilities
2 published

Wbcom Designs – BuddyPress Activity Social Share Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2023-28694medium · 5.4Cross-Site Request Forgery (CSRF)

Wbcom Designs – BuddyPress Activity Social Share <= 3.5.0 - Cross-Site Request Forgery

Mar 22, 2023 Patched in 3.5.1 (335d)
WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-activity-social-sharemedium · 6.3Missing Authorization

Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation

Apr 13, 2022 Patched in 3.3.0 (1057d)
Version History

Wbcom Designs – BuddyPress Activity Social Share Release Timeline

v3.5.4Current
v3.5.3
v3.5.2
v3.5.1
v3.5.01 CVE
CVE-2023-28694
v3.4.01 CVE
CVE-2023-28694
v3.3.11 CVE
CVE-2023-28694
v3.3.01 CVE
CVE-2023-28694
v3.2.12 CVEs
CVE-2023-28694 WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-activity-social-share
v3.2.02 CVEs
CVE-2023-28694 WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-activity-social-share
v3.1.02 CVEs
CVE-2023-28694 WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-activity-social-share
v3.0.02 CVEs
CVE-2023-28694 WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-activity-social-share
v2.9.12 CVEs
CVE-2023-28694 WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-activity-social-share
v2.9.02 CVEs
CVE-2023-28694 WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-activity-social-share
v2.8.02 CVEs
CVE-2023-28694 WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-activity-social-share
v2.7.02 CVEs
CVE-2023-28694 WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-activity-social-share
v2.6.02 CVEs
CVE-2023-28694 WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-activity-social-share
v2.5.02 CVEs
CVE-2023-28694 WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-activity-social-share
v2.4.02 CVEs
CVE-2023-28694 WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-activity-social-share
v2.3.02 CVEs
CVE-2023-28694 WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-activity-social-share
Code Analysis
Analyzed Mar 16, 2026

Wbcom Designs – BuddyPress Activity Social Share Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
21
185 escaped
Nonce Checks
6
Capability Checks
8
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

90% escaped206 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
wbcom_addons_cards_links (admin\wbcom\wbcom-admin-settings.php:39)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Wbcom Designs – BuddyPress Activity Social Share Attack Surface

Entry Points6
Unprotected4

AJAX Handlers 5

authwp_ajax_wbcom_addons_cardsadmin\wbcom\wbcom-admin-settings.php:31
authwp_ajax_bp_share_chb_services_ajaxincludes\class-buddypress-share.php:167
authwp_ajax_bp_share_sort_social_links_ajaxincludes\class-buddypress-share.php:168
authwp_ajax_wss_social_iconsincludes\class-buddypress-share.php:170
authwp_ajax_wss_social_remove_iconsincludes\class-buddypress-share.php:171

Shortcodes 1

[wbcom_admin_setting_header] admin\wbcom\wbcom-admin-settings.php:28
WordPress Hooks 27
actionadmin_initadmin\class-buddypress-share-feedback.php:73
actionadmin_initadmin\class-buddypress-share-feedback.php:74
actionadmin_noticesadmin\class-buddypress-share-feedback.php:157
actionadmin_menuadmin\wbcom\wbcom-admin-settings.php:29
actionadmin_enqueue_scriptsadmin\wbcom\wbcom-admin-settings.php:30
actionbp_loadedbuddypress-share.php:104
actionadmin_noticesbuddypress-share.php:143
actionadmin_noticesbuddypress-share.php:146
actionadmin_noticesbuddypress-share.php:178
actionadmin_noticesbuddypress-share.php:188
actionadmin_initbuddypress-share.php:199
actionactivated_pluginbuddypress-share.php:263
actionadmin_initbuddypress-share.php:280
actionadmin_initbuddypress-share.php:318
actioninitincludes\class-buddypress-share.php:150
actionadmin_enqueue_scriptsincludes\class-buddypress-share.php:163
actionadmin_enqueue_scriptsincludes\class-buddypress-share.php:164
actionadmin_initincludes\class-buddypress-share.php:166
actionadmin_initincludes\class-buddypress-share.php:169
actionadmin_initincludes\class-buddypress-share.php:172
actionwp_enqueue_scriptsincludes\class-buddypress-share.php:184
actionwp_enqueue_scriptsincludes\class-buddypress-share.php:185
filterlanguage_attributesincludes\class-buddypress-share.php:186
actionwp_headincludes\class-buddypress-share.php:187
actionbp_initincludes\class-buddypress-share.php:188
actionwp_headincludes\class-buddypress-share.php:189
actionbp_activity_entry_metapublic\class-buddypress-share-public.php:114
Maintenance & Trust

Wbcom Designs – BuddyPress Activity Social Share Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.0
Last updatedNov 18, 2024
PHP min version
Downloads61K

Community Trust

Rating84/100
Number of ratings19
Active installs500
Alternatives

Wbcom Designs – BuddyPress Activity Social Share Alternatives

Re-post Activity for BuddyPress

Re-post Activity for BuddyPress

bp-repost-activity

A
100

Re-Post an Activity from activity stream. Re-post an activity to your group and personal activity.

100 No CVEs
BP Activity Share

BP Activity Share

bp-activity-share

A
85

Using BP Activity Share plugin you can share any activity locally like we share any post in FaceBook.

30 No CVEs
BuddyPress Activity Shortcode

BuddyPress Activity Shortcode

bp-activity-shortcode

A
99

BuddyPress Activity shortcode plugin allows you to insert BuddyPress activity stream on any page/post using shortcode.

2K 1 CVE
Activity Plus Reloaded for BuddyPress

Activity Plus Reloaded for BuddyPress

bp-activity-plus-reloaded

D
47

Note: This plugin will be discontinued by March 31st, 2025 in favor of BuddyPress Attachment plugin. Please migrate to the new plugin before that date &hellip;

1K 2 unpatched
BuddyPress Group Email Subscription

BuddyPress Group Email Subscription

buddypress-group-email-subscription

A
92

This powerful plugin allows users to receive email notifications of group activity. Weekly or daily digests are available.

1K No CVEs
Developer Profile

Wbcom Designs – BuddyPress Activity Social Share Developer Profile

wbcomdesigns

19 plugins · 10K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
807 days
View full developer profile
Detection Fingerprints

How We Detect Wbcom Designs – BuddyPress Activity Social Share

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bp-activity-social-share/css/style.css/wp-content/plugins/bp-activity-social-share/js/bp-share.js/wp-content/plugins/bp-activity-social-share/js/social-sharing.js
Script Paths
/wp-content/plugins/bp-activity-social-share/js/bp-share.js/wp-content/plugins/bp-activity-social-share/js/social-sharing.js
Version Parameters
bp-activity-social-share/css/style.css?ver=bp-activity-social-share/js/bp-share.js?ver=bp-activity-social-share/js/social-sharing.js?ver=

HTML / DOM Fingerprints

CSS Classes
bp-share-social-share-buttonbp-share-button-wrapper
Data Attributes
data-bp-share-post-iddata-bp-share-post-url
JS Globals
bpShare
FAQ

Frequently Asked Questions about Wbcom Designs – BuddyPress Activity Social Share