Does BP Gifts have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is BP Gifts compatible with WordPress 4.3.34?

According to WordPress.org data, BP Gifts 1.0.0 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is BP Gifts updated?

BP Gifts was last updated on Sep 1, 2015. Frequent updates are generally a positive security signal.

What is BP Gifts's security score?

BP Gifts has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BP Gifts Security & Risk Analysis

wordpress.org/plugins/bp-gifts

BP Gifts is a gifting addon for BuddyPress. Send gifts to friends, family and colleagues on your Social Network.

10 active installs v1.0.0 PHP + WP 3.6+ Updated Sep 1, 2015

buddypressbuddypress-giftsbuddypress-messagegifts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BP Gifts Safe to Use in 2026?

Generally Safe

Score 85/100

BP Gifts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "bp-gifts" v1.0.0 plugin exhibits a generally strong security posture in terms of its attack surface and vulnerability history. There are no recorded CVEs, suggesting a history of responsible development or a lack of significant past security issues. The code analysis shows no dangerous functions, file operations, or external HTTP requests, which are positive signs. Furthermore, all SQL queries appear to be using prepared statements, a crucial security practice. The presence of a capability check also indicates some level of access control is being considered.

However, a significant concern arises from the complete lack of output escaping. This means that any data displayed to users, especially if it originates from user input or other external sources, is not being properly sanitized, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. Additionally, the absence of nonce checks on any potential entry points, although the static analysis reports zero, is a concern if any were to be introduced later, as it leaves the plugin vulnerable to Cross-Site Request Forgery (CSRF) attacks. The taint analysis reporting zero flows is positive but might be less meaningful given the limited scope of the static analysis.

Key Concerns

Output escaping is not implemented
No nonce checks found

Vulnerabilities

None known

BP Gifts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

BP Gifts Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

BP Gifts Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

0% escaped7 total outputs

Attack Surface

BP Gifts Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

actionadmin_noticesbp-gifts-loader.php:77

actionplugins_loadedbp-gifts-loader.php:134

actioninitbp-gifts-loader.php:135

actionbp_after_messages_compose_contentbp-gifts-loader.php:136

actionbp_after_message_reply_boxbp-gifts-loader.php:137

actionwp_enqueue_scriptsbp-gifts-loader.php:138

actionmessages_message_after_savebp-gifts-loader.php:139

actionbp_after_message_contentbp-gifts-loader.php:140

actionsave_postbp-gifts-loader.php:141

Maintenance & Trust

BP Gifts Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedSep 1, 2015

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

BP Gifts Alternatives

Gift Buddypress Addons

gift-buddypress-addons

Gift Buddypress Add-ons provide gift management functionality with BuddyPress plugin.

10 No CVEs

Buddypress Gifts latest 2014

buddypress-gifts-latest-2014

Latest development of popular plugin Buddypress Gifts. Send a gift image and message to user in BuddyPress profile using activity stream function.

10 No CVEs

Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages

bp-better-messages

Real-time messaging and chat rooms for WordPress ecosystem: private conversations, public and private chat rooms, video & audio calls, and more.

10K 13 CVEs

rtMedia for WordPress, BuddyPress and bbPress

buddypress-media

Add albums, photo, audio/video upload, privacy, sharing, front-end uploads & more. All this works on mobile/tablets devices.

8K 14 CVEs

BuddyPress Docs

buddypress-docs

Adds collaborative Docs to BuddyPress.

7K 3 CVEs

Developer Profile

BP Gifts Developer Profile

SuitePlugins

19 plugins · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

7 days

View full developer profile

Detection Fingerprints

How We Detect BP Gifts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bp-gifts/assets/jquery.easyModal.js/wp-content/plugins/bp-gifts/assets/list.min.js/wp-content/plugins/bp-gifts/assets/bp-gifts.js

Version Parameters

bp-gifts/assets/jquery.easyModal.js?ver=bp-gifts/assets/list.min.js?ver=bp-gifts/assets/bp-gifts.js?ver=

HTML / DOM Fingerprints

CSS Classes

bp-gift-modalbp-gifts-list-wrapperbp-gift-item

Data Attributes

data-gift-iddata-recipient-id

JS Globals

bp_gifts_ajax_objectBP_Gifts

FAQ