Does BP Attachments have any unpatched vulnerabilities?

No. All known vulnerabilities in BP Attachments have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BP Attachments compatible with WordPress 6.6.5?

According to WordPress.org data, BP Attachments 1.2.0 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is BP Attachments compatible with PHP 5.6+?

BP Attachments requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is BP Attachments updated?

BP Attachments was last updated on Jul 13, 2024. Frequent updates are generally a positive security signal.

What is BP Attachments's security score?

BP Attachments has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BP Attachments Security & Risk Analysis

wordpress.org/plugins/bp-attachments

BP Attachments is a BuddyPress Add-on to manage your community members media.

1K active installs v1.2.0 PHP 5.6+ WP 6.1+ Updated Jul 13, 2024

add-onattachmentsbuddypressmedia

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BP Attachments Safe to Use in 2026?

Generally Safe

Score 92/100

BP Attachments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

Based on the static analysis and vulnerability history provided, the "bp-attachments" plugin v1.2.0 exhibits a strong security posture. The plugin demonstrates good development practices with a near-perfect rate of output escaping and a high percentage of SQL queries utilizing prepared statements. Crucially, the absence of any identified taint flows, dangerous functions, or external HTTP requests further contributes to its favorable security profile. The plugin also has no recorded CVEs, indicating a history of security diligence or a lack of exploitable vulnerabilities discovered to date. The limited attack surface, with zero unprotected entry points, is a significant strength. While the presence of nonces and capability checks could further enhance security, the current findings suggest a well-secured plugin.

Vulnerabilities

None known

BP Attachments Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

BP Attachments Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

117 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

83% prepared6 total queries

Output Escaping

97% escaped121 total outputs

Attack Surface

BP Attachments Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 79

filterbp_is_activity_blocks_activebp-attachments\bp-attachments-activity.php:16

actionwp_footerbp-attachments\bp-attachments-activity.php:112

filterbp_before_activity_post_update_parse_argsbp-attachments\bp-attachments-activity.php:198

filterbp_before_groups_post_update_parse_argsbp-attachments\bp-attachments-activity.php:199

filterbp_nouveau_activity_buttonsbp-attachments\bp-attachments-activity.php:211

actionbp_attachments_register_front_end_assetsbp-attachments\bp-attachments-activity.php:212

actionbp_after_activity_post_formbp-attachments\bp-attachments-activity.php:213

actionbp_screensbp-attachments\bp-attachments-activity.php:215

actionbp_initbp-attachments\bp-attachments-activity.php:230

actionbp_initbp-attachments\bp-attachments-activity.php:233

actionbp_activity_after_savebp-attachments\bp-attachments-activity.php:265

filterupload_dirbp-attachments\bp-attachments-admin.php:22

actionbp_admin_initbp-attachments\bp-attachments-admin.php:52

actionadmin_menubp-attachments\bp-attachments-admin.php:74

actionload-settings_page_bp-settingsbp-attachments\bp-attachments-admin.php:106

filterplugin_action_linksbp-attachments\bp-attachments-admin.php:143

filternetwork_admin_plugin_action_linksbp-attachments\bp-attachments-admin.php:144

actionbp_admin_enqueue_scriptsbp-attachments\bp-attachments-assets-loader.php:88

actionbp_enqueue_scriptsbp-attachments\bp-attachments-assets-loader.php:89

actionbp_admin_enqueue_scriptsbp-attachments\bp-attachments-assets-loader.php:109

actionbp_enqueue_scriptsbp-attachments\bp-attachments-assets-loader.php:202

actionwp_footerbp-attachments\bp-attachments-assets-loader.php:217

actionbp_enqueue_community_scriptsbp-attachments\bp-attachments-assets-loader.php:227

actionwp_footerbp-attachments\bp-attachments-assets-loader.php:313

actionbp_enqueue_community_scriptsbp-attachments\bp-attachments-assets-loader.php:338

actionembed_headbp-attachments\bp-attachments-assets-loader.php:368

filterblock_editor_settings_allbp-attachments\bp-attachments-blocks.php:43

filterbp_activity_block_editor_settingsbp-attachments\bp-attachments-blocks.php:44

filterblock_categories_allbp-attachments\bp-attachments-blocks.php:66

filterbp_activity_block_categoriesbp-attachments\bp-attachments-blocks.php:67

actionbp_attachments_deleted_mediumbp-attachments\bp-attachments-cache.php:31

actionbp_attachments_updated_mediumbp-attachments\bp-attachments-cache.php:32

actionbp_attachments_parse_querybp-attachments\bp-attachments-functions.php:1563

actionbp_setup_componentsbp-attachments\bp-attachments-loader.php:68

filterbp_core_get_componentsbp-attachments\bp-attachments-loader.php:94

actionbp_admin_enqueue_scriptsbp-attachments\bp-attachments-loader.php:109

actionwp_footerbp-attachments\bp-attachments-messages.php:65

filterbp_before_messages_new_message_parse_argsbp-attachments\bp-attachments-messages.php:120

actionmessages_message_sentbp-attachments\bp-attachments-messages.php:141

filterbp_messages_allowed_tagsbp-attachments\bp-attachments-messages.php:175

actionbp_attachments_enqueue_front_end_assetsbp-attachments\bp-attachments-messages.php:187

filterthe_editorbp-attachments\bp-attachments-messages.php:188

actionbp_screensbp-attachments\bp-attachments-messages.php:190

filterbp_avatar_is_front_editbp-attachments\bp-attachments-profile-images.php:44

actionbp_attachments_register_front_end_assetsbp-attachments\bp-attachments-profile-images.php:99

actionbp_attachments_register_front_end_assetsbp-attachments\bp-attachments-profile-images.php:163

filterbp_attachments_template_part_overridesbp-attachments\bp-attachments-profile-images.php:202

actionbp_register_admin_settingsbp-attachments\bp-attachments-settings.php:287

filterbp_get_template_stackbp-attachments\bp-attachments-template-loader.php:54

actionbp_locate_templatebp-attachments\bp-attachments-template-loader.php:124

filterbp_get_template_partbp-attachments\bp-attachments-template-loader.php:129

filterbp_nouveau_member_locate_template_partbp-attachments\bp-attachments-template-loader.php:130

actionbp_template_include_reset_dummy_post_databp-attachments\bp-attachments-template-loader.php:201

filterbp_replace_the_contentbp-attachments\bp-attachments-template-loader.php:202

actionbp_setup_theme_compatbp-attachments\bp-attachments-template-loader.php:205

actionbp_attachments_created_mediabp-attachments\bp-attachments-tracking.php:154

actionbp_attachments_deleted_mediumbp-attachments\bp-attachments-tracking.php:210

filterbp_activity_get_where_conditionsbp-attachments\bp-attachments-tracking.php:343

actionbp_attachments_register_front_end_assetsbp-attachments\bp-attachments-tracking.php:376

filterbp_core_register_common_scriptsbp-attachments\bp-attachments-tracking.php:404

actionbp_enqueue_community_scriptsbp-attachments\bp-attachments-tracking.php:447

filterbp_attachments_rendered_audio_contentbp-attachments\bp-attachments-tracking.php:485

filterbp_attachments_rendered_video_contentbp-attachments\bp-attachments-tracking.php:486

filterbp_attachments_rendered_image_contentbp-attachments\bp-attachments-tracking.php:487

filterbp_attachments_rendered_file_contentbp-attachments\bp-attachments-tracking.php:488

actionupdate_option_bp-pagesbp-attachments\bp-attachments-tracking.php:564

actionpost_updatedbp-attachments\bp-attachments-tracking.php:589

filterbp_core_get_directory_page_default_titlesbp-attachments\bp-attachments-tracking.php:607

actionbp_attachments_installbp-attachments\bp-attachments-tracking.php:639

actionbp_initbp-attachments\bp-attachments-users.php:34

actionbp_rest_api_initbp-attachments\bp-attachments-users.php:56

filterbp_attachments_current_user_canbp-attachments\bp-attachments-users.php:245

actionbp_rest_api_initbp-attachments\classes\class-bp-attachments-component.php:65

filterbp_classic_admin_display_directory_statesbp-attachments\classes\class-bp-attachments-component.php:70

filterupload_dirbp-attachments\classes\class-bp-attachments-media.php:301

filterthe_permalinkbp-attachments\classes\class-bp-attachments-oembed-extension.php:125

actionbp_screensbp-attachments\screens\directory.php:28

actionbp_loadedclass-bp-attachments.php:193

actionadmin_noticesclass-bp-attachments.php:203

Maintenance & Trust

BP Attachments Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedJul 13, 2024

PHP min version5.6

Downloads17K

Community Trust

Rating74/100

Number of ratings3

Active installs1K

Alternatives

BP Attachments Alternatives

Media Deduper

media-deduper

100

Save disk space and bring some order to the chaos of your media library by removing and preventing duplicate files.

9K No CVEs

rtMedia for WordPress, BuddyPress and bbPress

buddypress-media

Add albums, photo, audio/video upload, privacy, sharing, front-end uploads & more. All this works on mobile/tablets devices.

8K 12 CVEs

MediaPress

mediapress

MediaPress is the most advanced and feature rich media gallery plugin for BuddyPress & WordPress.

4K 3 CVEs

WP Attachments

wp-attachments

A powerful solution to manage and display your WordPress media attachments in posts and pages.

3K 5 CVEs

Fix Media Library

wow-media-library-fix

Fix Media Library inconsistency between database and wp-content/uploads folder contents. Unused image files, broken media library entries, missing att …

2K 1 unpatched

Developer Profile

BP Attachments Developer Profile

Mathieu Viet

7 plugins · 2K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BP Attachments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bp-attachments/bp-attachments-admin.css/wp-content/plugins/bp-attachments/bp-attachments-admin.js/wp-content/plugins/bp-attachments/bp-attachments-media-library.css/wp-content/plugins/bp-attachments/bp-attachments-media-library.js/wp-content/plugins/bp-attachments/bp-attachments-media.css/wp-content/plugins/bp-attachments/bp-attachments-media.js/wp-content/plugins/bp-attachments/bp-attachments-settings.css/wp-content/plugins/bp-attachments/bp-attachments-settings.js+4 more

Script Paths

/wp-content/plugins/bp-attachments/bp-attachments-admin.js/wp-content/plugins/bp-attachments/bp-attachments-media-library.js/wp-content/plugins/bp-attachments/bp-attachments-media.js/wp-content/plugins/bp-attachments/bp-attachments-settings.js/wp-content/plugins/bp-attachments/bp-attachments-admin.min.js/wp-content/plugins/bp-attachments/bp-attachments-media-library.min.js+2 more

Version Parameters

bp-attachments-admin.css?ver=bp-attachments-admin.js?ver=bp-attachments-media-library.css?ver=bp-attachments-media-library.js?ver=bp-attachments-media.css?ver=bp-attachments-media.js?ver=bp-attachments-settings.css?ver=bp-attachments-settings.js?ver=bp-attachments-admin.min.js?ver=bp-attachments-media-library.min.js?ver=bp-attachments-media.min.js?ver=bp-attachments-settings.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

bp-attachments-media-listbp-media-librarybp-attachments-adminbp-attachments-settings

Data Attributes

data-bp-attachments-template

JS Globals

bp_attachments_adminbp_attachments_media_librarybp_attachments_settings

FAQ