Does Wbcom Designs – BuddyPress Check-ins have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Wbcom Designs – BuddyPress Check-ins compatible with WordPress 6.9.4?

According to WordPress.org data, Wbcom Designs – BuddyPress Check-ins 2.4.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Wbcom Designs – BuddyPress Check-ins updated?

Wbcom Designs – BuddyPress Check-ins was last updated on Dec 12, 2025. Frequent updates are generally a positive security signal.

What is Wbcom Designs – BuddyPress Check-ins's security score?

Wbcom Designs – BuddyPress Check-ins has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Wbcom Designs – BuddyPress Check-ins Security & Risk Analysis

wordpress.org/plugins/bp-check-in

Check-ins for BuddyPress allows members to share their location when posting activities.

100 active installs v2.4.0 PHP + WP 5.0.0+ Updated Dec 12, 2025

activity-check-insbuddypressbuddypress-locationcheck-ins

A · Safe

CVEs total1

Unpatched0

Last CVEApr 13, 2022

Plugin page Download

Safety Verdict

Is Wbcom Designs – BuddyPress Check-ins Safe to Use in 2026?

Generally Safe

Score 100/100

Wbcom Designs – BuddyPress Check-ins has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Apr 13, 2022Updated 5mo ago

Risk Assessment

The "bp-check-in" plugin v2.4.0 exhibits a mixed security posture. On the positive side, it demonstrates strong practices regarding SQL queries, exclusively using prepared statements, and a high percentage of properly escaped output. The plugin also incorporates a healthy number of nonce checks, indicating an awareness of common WordPress attack vectors. However, significant concerns arise from its attack surface, with 6 out of 7 AJAX handlers lacking authentication checks. While there are no direct indications of dangerous functions or unsanitized paths in the taint analysis, the substantial number of unprotected AJAX endpoints presents a notable risk. The plugin's vulnerability history shows one medium-severity CVE in the past, primarily related to missing authorization. This pattern reinforces the concern raised by the static analysis regarding inadequate authorization checks on its AJAX endpoints. Overall, while the plugin has strengths in data handling and output sanitization, the lack of robust authorization on its AJAX entry points is a critical weakness that needs immediate attention.

Key Concerns

High number of AJAX handlers without auth checks
One medium severity CVE in vulnerability history

Vulnerabilities

1 published

Wbcom Designs – BuddyPress Check-ins Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-check-inmedium · 6.3Missing Authorization

Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation

Apr 13, 2022 Patched in 1.9.4 (1057d)

Version History

Wbcom Designs – BuddyPress Check-ins Release Timeline

v2.4.0Current

v2.3.0

v2.2.0

v2.1.1

v2.1.0

v1.9.9

v1.9.8

v1.9.7

v1.9.6

v1.9.5

v1.9.4

v1.9.31 CVE

WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-check-in

v1.9.21 CVE

WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-check-in

v1.9.11 CVE

WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-check-in

v1.9.01 CVE

WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-check-in

v1.8.01 CVE

WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-check-in

v1.7.01 CVE

WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-check-in

v1.5.01 CVE

WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-check-in

v1.4.01 CVE

WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-check-in

v1.3.01 CVE

WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-check-in

Code Analysis

Analyzed Mar 16, 2026

Wbcom Designs – BuddyPress Check-ins Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

194 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

95% escaped205 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

bpchk_checkin_activity_read_more (public\class-bp-checkins-public.php:978)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Wbcom Designs – BuddyPress Check-ins Attack Surface

Entry Points8

Unprotected6

AJAX Handlers 7

authwp_ajax_wbcom_addons_cardsadmin\wbcom\wbcom-admin-settings.php:33

authwp_ajax_bpchk_verify_apikeyincludes\class-bp-checkins.php:174

authwp_ajax_bpchk_save_xprofile_locationincludes\class-bp-checkins.php:208

authwp_ajax_bpchk_delete_user_checkin_locationincludes\class-bp-checkins.php:234

noprivwp_ajax_bpchk_delete_user_checkin_locationincludes\class-bp-checkins.php:235

authwp_ajax_bpchk_checkin_activity_read_moreincludes\class-bp-checkins.php:238

noprivwp_ajax_bpchk_checkin_activity_read_moreincludes\class-bp-checkins.php:239

Shortcodes 1

[wbcom_admin_setting_header] admin\wbcom\wbcom-admin-settings.php:30

WordPress Hooks 45

actionadmin_initadmin\class-bp-checkins-admin-feedback.php:73

actionadmin_initadmin\class-bp-checkins-admin-feedback.php:74

actionadmin_noticesadmin\class-bp-checkins-admin-feedback.php:96

actioninitadmin\class-bp-checkins-admin-feedback.php:219

actionadmin_menuadmin\wbcom\wbcom-admin-settings.php:31

actionadmin_enqueue_scriptsadmin\wbcom\wbcom-admin-settings.php:32

actionbp_loadedbp-checkins.php:100

actionadmin_noticesbp-checkins.php:154

actionadmin_noticesbp-checkins.php:159

actionadmin_noticesbp-checkins.php:220

actionadmin_initbp-checkins.php:224

actionactivated_pluginbp-checkins.php:265

actionadmin_initbp-checkins.php:301

actioninitincludes\class-bp-checkins.php:151

actionadmin_enqueue_scriptsincludes\class-bp-checkins.php:166

actionadmin_enqueue_scriptsincludes\class-bp-checkins.php:167

actionadmin_initincludes\class-bp-checkins.php:169

actionbp_setup_admin_barincludes\class-bp-checkins.php:170

actionin_admin_headerincludes\class-bp-checkins.php:171

filteryz_activity_post_typesincludes\class-bp-checkins.php:177

actionwp_enqueue_scriptsincludes\class-bp-checkins.php:194

actionwp_enqueue_scriptsincludes\class-bp-checkins.php:195

actionbp_setup_navincludes\class-bp-checkins.php:196

actionbp_activity_posted_updateincludes\class-bp-checkins.php:197

actionbp_groups_posted_updateincludes\class-bp-checkins.php:198

filterbp_groups_format_activity_action_group_activity_updateincludes\class-bp-checkins.php:199

actionbp_activity_entry_contentincludes\class-bp-checkins.php:200

actionbp_activity_get_embed_excerptincludes\class-bp-checkins.php:201

filterbp_activity_check_activity_typesincludes\class-bp-checkins.php:206

actionbp_initincludes\class-bp-checkins.php:207

filterbp_get_the_profile_field_valueincludes\class-bp-checkins.php:209

actionbp_register_activity_actionsincludes\class-bp-checkins.php:210

actionbp_activity_before_saveincludes\class-bp-checkins.php:211

actionbp_activity_post_form_optionsincludes\class-bp-checkins.php:213

actionbp_activity_post_form_optionsincludes\class-bp-checkins.php:214

actionplugins_loadedincludes\class-bp-checkins.php:217

actionbp_activity_post_form_toolsincludes\class-bp-checkins.php:226

actionbp_activity_post_form_after_actionsincludes\class-bp-checkins.php:227

filteryz_allowed_form_post_typesincludes\class-bp-checkins.php:242

filterbp_after_has_profile_parse_argsincludes\class-bp-checkins.php:245

actionembed_headincludes\class-bp-checkins.php:248

filterbp_editable_types_activityincludes\class-bp-checkins.php:250

filterbuddypress_get_edit_activity_contentincludes\class-bp-checkins.php:251

actionbp_get_addition_activity_contentincludes\class-bp-checkins.php:252

actionbp_template_contentpublic\class-bp-checkins-public.php:310

Maintenance & Trust

Wbcom Designs – BuddyPress Check-ins Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 12, 2025

PHP min version

Downloads22K

Community Trust

Rating70/100

Number of ratings11

Active installs100

Alternatives

Wbcom Designs – BuddyPress Check-ins Alternatives

Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages

bp-better-messages

Real-time messaging and chat rooms for WordPress ecosystem: private conversations, public and private chat rooms, video & audio calls, and more.

10K 13 CVEs

rtMedia for WordPress, BuddyPress and bbPress

buddypress-media

Add albums, photo, audio/video upload, privacy, sharing, front-end uploads & more. All this works on mobile/tablets devices.

8K 14 CVEs

BuddyPress Docs

buddypress-docs

Adds collaborative Docs to BuddyPress.

7K 3 CVEs

WPML Multilingual for BuddyPress and BuddyBoss

buddypress-multilingual

100

WPML Multilingual for BuddyPress and BuddyBoss allows BuddyPress and BuddyBoss sites to run fully multilingual using the WPML plugin.

7K No CVEs

BP Classic

bp-classic

BP Classic, a BuddyPress (12.0.0 & up) backwards compatibility add-on

6K No CVEs

Developer Profile

Wbcom Designs – BuddyPress Check-ins Developer Profile

wbcomdesigns

19 plugins · 10K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

807 days

View full developer profile

Detection Fingerprints

How We Detect Wbcom Designs – BuddyPress Check-ins

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bp-check-in/assets/css/custom.css/wp-content/plugins/bp-check-in/assets/css/jquery-ui.css/wp-content/plugins/bp-check-in/assets/js/google-map.js/wp-content/plugins/bp-check-in/assets/js/jquery-ui.js/wp-content/plugins/bp-check-in/assets/js/main.js/wp-content/plugins/bp-check-in/assets/js/map-marker.js/wp-content/plugins/bp-check-in/assets/js/map.js/wp-content/plugins/bp-check-in/assets/js/script.js+3 more

Script Paths

/wp-content/plugins/bp-check-in/assets/js/jquery-ui.js/wp-content/plugins/bp-check-in/assets/js/main.js/wp-content/plugins/bp-check-in/assets/js/script.js/wp-content/plugins/bp-check-in/assets/js/bp-checkins.js

Version Parameters

bp-check-in/assets/css/custom.css?ver=bp-check-in/assets/css/jquery-ui.css?ver=bp-check-in/assets/js/google-map.js?ver=bp-check-in/assets/js/jquery-ui.js?ver=bp-check-in/assets/js/main.js?ver=bp-check-in/assets/js/map-marker.js?ver=bp-check-in/assets/js/map.js?ver=bp-check-in/assets/js/script.js?ver=bp-check-in/assets/js/script.min.js?ver=bp-check-in/assets/js/bp-checkins.js?ver=bp-check-in/assets/css/bp-checkins.css?ver=

HTML / DOM Fingerprints

CSS Classes

bp-checkin-form

HTML Comments

<!-- The code that runs during plugin activation.+16 more

Data Attributes

data-map-latdata-map-lngdata-map-zoomdata-map-marker-urldata-map-titledata-map-address+6 more

JS Globals

bp_checkin_map_varsBP_Checkinsbp_checkin_obj

Shortcode Output

[bp_checkin_map]

FAQ

Wbcom Designs – BuddyPress Check-ins Security & Risk Analysis

Is Wbcom Designs – BuddyPress Check-ins Safe to Use in 2026?

Generally Safe

Key Concerns

Wbcom Designs – BuddyPress Check-ins Security Vulnerabilities

CVEs by Year

Severity Breakdown

Wbcom Designs – BuddyPress Check-ins Release Timeline

Wbcom Designs – BuddyPress Check-ins Code Analysis

Output Escaping

Data Flow Analysis

Wbcom Designs – BuddyPress Check-ins Attack Surface

AJAX Handlers 7

Shortcodes 1

Wbcom Designs – BuddyPress Check-ins Maintenance & Trust

Maintenance Signals

Community Trust

Wbcom Designs – BuddyPress Check-ins Alternatives

Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages

rtMedia for WordPress, BuddyPress and bbPress

BuddyPress Docs

WPML Multilingual for BuddyPress and BuddyBoss

BP Classic

Wbcom Designs – BuddyPress Check-ins Developer Profile

How We Detect Wbcom Designs – BuddyPress Check-ins

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Wbcom Designs – BuddyPress Check-ins