Does BP Auto Group Join have any unpatched vulnerabilities?

No. All known vulnerabilities in BP Auto Group Join have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BP Auto Group Join compatible with WordPress 5.5.18?

According to WordPress.org data, BP Auto Group Join 1.0.4 has been tested up to WordPress 5.5.18. Check the plugin's changelog for the latest compatibility information.

How often is BP Auto Group Join updated?

BP Auto Group Join was last updated on Oct 22, 2020. Frequent updates are generally a positive security signal.

What is BP Auto Group Join's security score?

BP Auto Group Join has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BP Auto Group Join Security & Risk Analysis

wordpress.org/plugins/bp-auto-group-join

Automatically join BuddyPress members to Groups.

800 active installs v1.0.4 PHP + WP 3.8+ Updated Oct 22, 2020

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BP Auto Group Join Safe to Use in 2026?

Generally Safe

Score 85/100

BP Auto Group Join has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The "bp-auto-group-join" plugin v1.0.4 exhibits a mixed security posture. On the positive side, the plugin has no recorded vulnerabilities (CVEs), a clean vulnerability history, and a relatively small attack surface with no discovered AJAX handlers, REST API routes, shortcodes, or cron events that are immediately exploitable. Furthermore, it demonstrates some good security practices with the presence of nonce and capability checks.

However, several concerning code signals were identified. The use of the `unserialize` function without explicit input validation is a significant risk, as it can lead to object injection vulnerabilities if manipulated by an attacker. Additionally, the plugin performs SQL queries without using prepared statements, leaving it susceptible to SQL injection attacks. The low percentage of properly escaped output (5%) indicates a high likelihood of cross-site scripting (XSS) vulnerabilities. The static analysis also found no taint flows, which could be due to the limited scope of the analysis or a genuine lack of complex data flows, but the presence of other vulnerabilities makes this less reassuring.

Key Concerns

Use of unserialize without sanitization
SQL queries not using prepared statements
Low percentage of properly escaped output

Vulnerabilities

None known

BP Auto Group Join Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

BP Auto Group Join Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$saved_options = unserialize($saved_options[0]);includes\main-class.php:279

SQL Query Safety

0% prepared2 total queries

Output Escaping

5% escaped21 total outputs

Attack Surface

BP Auto Group Join Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 20

actionplugins_loadedbp-auto-group-join.php:61

actionadmin_noticesbp-auto-group-join.php:65

actionadmin_initincludes\admin.php:139

actionadmin_initincludes\admin.php:140

filterplugin_action_linksincludes\admin.php:144

filternetwork_admin_plugin_action_linksincludes\admin.php:145

actionnetwork_admin_edit_bp_auto_group_joinincludes\admin.php:179

actionbp_groups_admin_loadincludes\bp-auto-group-join-admin-class.php:25

actionbp_groups_admin_meta_boxesincludes\bp-auto-group-join-admin-class.php:26

actionbp_core_activated_userincludes\bp-auto-group-join-base-class.php:26

actionwpmu_activate_userincludes\bp-auto-group-join-base-class.php:27

actionxprofile_updated_profileincludes\bp-auto-group-join-base-class.php:28

actionuser_registerincludes\bp-auto-group-join-base-class.php:29

filterwpmu_signup_user_notification_emailincludes\bp-auto-group-join-base-class.php:30

actionwp_footerincludes\bp-auto-group-join-base-class.php:32

actionadmin_noticesincludes\bp-auto-group-join-base-class.php:33

actionwp_enqueue_scriptsincludes\bp-auto-group-join-base-class.php:182

actionadmin_enqueue_scriptsincludes\bp-auto-group-join-base-class.php:186

actioninitincludes\main-class.php:352

actionbp_initincludes\main-class.php:358

Maintenance & Trust

BP Auto Group Join Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18

Last updatedOct 22, 2020

PHP min version

Downloads17K

Community Trust

Rating90/100

Number of ratings6

Active installs800

Alternatives

BP Auto Group Join Alternatives

No alternatives data available yet.

Developer Profile

BP Auto Group Join Developer Profile

Syed Balkhi

94 plugins · 23.5M total installs

trust score

Avg Security Score

91/100

Avg Patch Time

795 days

View full developer profile

Detection Fingerprints

How We Detect BP Auto Group Join

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bp-auto-group-join/css/bp-auto-group-join.css/wp-content/plugins/bp-auto-group-join/js/bp-auto-group-join.js

Script Paths

/wp-content/plugins/bp-auto-group-join/js/bp-auto-group-join.js

Version Parameters

bp-auto-group-join/css/bp-auto-group-join.css?ver=bp-auto-group-join/js/bp-auto-group-join.js?ver=

HTML / DOM Fingerprints

Data Attributes

aj_new_registrationsaj_new_registrations_mt

FAQ