Does BP default user noifications have any unpatched vulnerabilities?

No. All known vulnerabilities in BP default user noifications have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BP default user noifications compatible with WordPress 4.9.29?

According to WordPress.org data, BP default user noifications 1.0.0 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is BP default user noifications updated?

BP default user noifications was last updated on Aug 31, 2018. Frequent updates are generally a positive security signal.

What is BP default user noifications's security score?

BP default user noifications has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BP default user noifications Security & Risk Analysis

wordpress.org/plugins/bp-default-user-notifications

BP default user noifications allows you to change buddypress default notification for all users but Admins.

10 active installs v1.0.0 PHP + WP 4.0+ Updated Aug 31, 2018

buddypressbuddypress-missing-optionsbuddypress-notificationsstop-buddypress-flooading-emails

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BP default user noifications Safe to Use in 2026?

Generally Safe

Score 85/100

BP default user noifications has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "bp-default-user-notifications" plugin v1.0.0 exhibits a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and not making external HTTP requests, significant concerns arise from its attack surface and output handling. The presence of one AJAX handler without authentication checks presents a direct vulnerability, allowing any unauthenticated user to trigger plugin functionality. Furthermore, the lack of output escaping for all analyzed outputs is a critical weakness, potentially leading to cross-site scripting (XSS) vulnerabilities. The plugin's history is clean, with no recorded vulnerabilities, which is a positive indicator of its development. However, this does not negate the immediate risks identified in the static analysis. In conclusion, the plugin has strengths in its database interaction and lack of external dependencies, but the unauthenticated AJAX endpoint and widespread unescaped output pose a substantial security risk that needs immediate attention.

Key Concerns

AJAX handler without authentication checks
All analyzed outputs are unescaped

Vulnerabilities

None known

BP default user noifications Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

BP default user noifications Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

0% escaped3 total outputs

Attack Surface

1 unprotected

BP default user noifications Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_bp_default_notificationsbp-default-user-notifications.php:62

WordPress Hooks 3

actionadmin_menubp-default-user-notifications.php:22

actionadmin_enqueue_scriptsbp-default-user-notifications.php:32

actionuser_registerbp-default-user-notifications.php:52

Maintenance & Trust

BP default user noifications Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedAug 31, 2018

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

BP default user noifications Alternatives

Buddy Notification Bell

buddy-notification-bell

Buddy Notification Bell convert BuddyPress notification to BuddyPress Bell Notification. It shows all notification with bell alert and anywhere you wa …

100 No CVEs

Simple BuddyPress Notifications

simple-buddypress-notifications

Simple BuddyPress Notifications allows sites using BuddyPress to have a notification icon on the site. It also plays a "ting" sound when a n …

10 No CVEs

Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages

bp-better-messages

Real-time messaging and chat rooms for WordPress ecosystem: private conversations, public and private chat rooms, video & audio calls, and more.

10K 13 CVEs

rtMedia for WordPress, BuddyPress and bbPress

buddypress-media

Add albums, photo, audio/video upload, privacy, sharing, front-end uploads & more. All this works on mobile/tablets devices.

8K 12 CVEs

BP Classic

bp-classic

BP Classic, a BuddyPress (12.0.0 & up) backwards compatibility add-on

7K No CVEs

Developer Profile

BP default user noifications Developer Profile

Tyler Moore

6 plugins · 20K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect BP default user noifications

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bp-default-user-notifications/client/css/bp-user-notifications-style.css/wp-content/plugins/bp-default-user-notifications/client/js/bp-default-user-notifications.js

Script Paths

/wp-content/plugins/bp-default-user-notifications/client/js/bp-default-user-notifications.js

Version Parameters

bp-default-user-notifications/client/js/bp-default-user-notifications.js?ver=bp-default-user-notifications/client/css/bp-user-notifications-style.css?ver=

HTML / DOM Fingerprints

CSS Classes

bd-d-u-settings-container

JS Globals

ajax_object

REST Endpoints

/wp-admin/admin-ajax.php

FAQ