WP-Safety

BuddyPress Group Dice Security & Risk Analysis

wordpress.org/plugins/bp-group-dice

BuddyPress Group Dice.

10 active installs v1.2 PHP + WP + Updated May 17, 2013
buddypressdicegamegamesgroups
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is BuddyPress Group Dice Safe to Use in 2026?

Generally Safe

Score 85/100

BuddyPress Group Dice has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago
Risk Assessment

The bp-group-dice plugin version 1.2 exhibits a generally strong security posture based on the provided static analysis. There are no identified dangerous functions, raw SQL queries, or external HTTP requests. The absence of shortcodes, cron events, and a limited attack surface, combined with the presence of nonce checks, are positive indicators. However, the complete lack of capability checks is a significant concern, meaning that any user, regardless of their role or permissions, could potentially interact with the plugin's features. Furthermore, the fact that 100% of the single identified output is not properly escaped presents a risk of Cross-Site Scripting (XSS) vulnerabilities if user-controlled data is reflected directly to the browser without sanitization. The vulnerability history being entirely clear is a positive sign, suggesting past responsible development practices, but this does not negate the immediate risks identified in the current code. The plugin's strengths lie in its limited attack surface and avoidance of common critical vulnerabilities, but the lack of permission enforcement and unescaped output are notable weaknesses that need attention.

Key Concerns

  • No capability checks found
  • Unescaped output found
Vulnerabilities
None known

BuddyPress Group Dice Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

BuddyPress Group Dice Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
0 escaped
Nonce Checks
2
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped1 total outputs
Attack Surface

BuddyPress Group Dice Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 5
actionbp_setup_globalsincludes\bp-group-dice-core.php:19
actionbbp_new_reply_post_extrasincludes\bp-group-dice-functions.php:40
actionbbp_theme_after_reply_contentincludes\bp-group-dice-functions.php:69
actionbbp_theme_before_reply_form_contentincludes\bp-group-dice-functions.php:94
actionbp_initloader.php:20
Maintenance & Trust

BuddyPress Group Dice Maintenance & Trust

Maintenance Signals

WordPress version tested
Last updatedMay 17, 2013
PHP min version
Downloads3K

Community Trust

Rating50/100
Number of ratings2
Active installs10
Alternatives

BuddyPress Group Dice Alternatives

Registration Options for BuddyPress

Registration Options for BuddyPress

bp-registration-options

A
85

Moderate new BuddyPress members and fight BuddyPress spam.

1K No CVEs
BuddyPress Group Email Subscription

BuddyPress Group Email Subscription

buddypress-group-email-subscription

A
92

This powerful plugin allows users to receive email notifications of group activity. Weekly or daily digests are available.

1K No CVEs
PuzzleMe – Interactive Puzzles for WordPress – Easily publish crosswords, quizzes, word searches and more

PuzzleMe – Interactive Puzzles for WordPress – Easily publish crosswords, quizzes, word searches and more

puzzleme

A
99

PuzzleMe makes it easy to add interactive games to your WordPress website - no coding required.

1K 1 CVE
RPB Chessboard

RPB Chessboard

rpb-chessboard

A
100

This plugin allows you to typeset and display chess diagrams and PGN-encoded chess games.

1K No CVEs
Wbcom Designs – Shortcodes & Elementor Widgets For BuddyPress

Wbcom Designs – Shortcodes & Elementor Widgets For BuddyPress

shortcodes-for-buddypress

A
100

This plugin generates shortcodes for Listing Activity Streams, Members, and Groups on any website post or page.

700 No CVEs
Developer Profile

BuddyPress Group Dice Developer Profile

D Cartwright

5 plugins · 50 total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect BuddyPress Group Dice

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bp-group-dice/css/bp-group-dice.css/wp-content/plugins/bp-group-dice/js/bp-group-dice.js
Script Paths
/wp-content/plugins/bp-group-dice/js/bp-group-dice.js
Version Parameters
/wp-content/plugins/bp-group-dice/css/bp-group-dice.css?ver=/wp-content/plugins/bp-group-dice/js/bp-group-dice.js?ver=

HTML / DOM Fingerprints

Data Attributes
id="bp_group_dice_enabled"name="bp_group_dice_enabled"id="bbp_reply_content"name="bbp_reply_content"id="dice_type"name="dice_type"+4 more
Shortcode Output
<p>Rolled: Results: Dice type: <select name="dice_type" id="dice_type"><option value="3">D3</option><option value="4">D4</option><option value="6">D6</option><option value="8">D8</option><option value="10">D10</option><option value="12">D12</option><option value="20">D20</option><option value="100">D100</option></select>&nbsp;&nbsp;Amount: <select name="dice_number" id="dice_number"><option value="1">1</option><option value="2">2</option><option value="3">3</option><option value="4">4</option><option value="5">5</option><option value="6">6</option><option value="7">7</option><option value="8">8</option><option value="9">9</option><option value="10">10</option></select><div class="submit"><input id="submit" type="submit" value="Roll the dice!" name="submit_reply"></div><input type="hidden" name="bp_dice_roll" id="bp_dice_roll" value="1"/>
FAQ

Frequently Asked Questions about BuddyPress Group Dice