WP-Safety

BP Group Documents Security & Risk Analysis

wordpress.org/plugins/bp-group-documents

BP Group Documents creates a page within each BuddyPress group to upload and any type of file or document.

700 active installs v2.1 PHP + WP 4.6+ Updated Jul 10, 2025
buddypressfilegroup-documentsstoragewidget
98
A · Safe
CVEs total4
Unpatched0
Last CVEOct 4, 2013
Plugin page Download
Safety Verdict

Is BP Group Documents Safe to Use in 2026?

Generally Safe

Score 98/100

BP Group Documents has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Oct 4, 2013Updated 8mo ago
Risk Assessment

The bp-group-documents plugin v2.1 exhibits a mixed security posture. While static analysis indicates strong adherence to secure coding practices with a high percentage of properly escaped output, 100% of SQL queries using prepared statements, and robust nonce and capability checks on its single AJAX endpoint, there are concerning aspects. The presence of two taint flows with unsanitized paths, categorized as high severity, suggests a potential for path traversal vulnerabilities that could allow attackers to access or manipulate files outside of the intended directory. The plugin's historical vulnerability record, with four known CVEs including one high and three medium severity issues, further reinforces the need for caution. The types of past vulnerabilities, such as Path Traversal, CSRF, and XSS, align with the potential risks identified in the taint analysis. The last recorded vulnerability was in 2013, suggesting a lack of recent security attention, which can be a concern for a plugin with a history of security flaws.

Key Concerns

  • High severity taint flows with unsanitized paths
  • Historical high severity CVE
  • Historical medium severity CVEs (3)
  • Unsanitized paths in taint analysis
  • File operations detected
Vulnerabilities
4

BP Group Documents Security Vulnerabilities

CVEs by Year

4 CVEs in 2013
2013
Patched Has unpatched

Severity Breakdown

High
1
Medium
3

4 total CVEs

WF-4d7b8570-96d2-46dc-983c-3933c3fd74cb-bp-group-documentsmedium · 5.4Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BP Group Documents <= 1.2.1 - Path Traversal

Oct 4, 2013 Patched in 1.2.2 (3763d)
WF-8714f5cc-56c7-4976-b021-956883a2bc73-bp-group-documentshigh · 8.8Cross-Site Request Forgery (CSRF)

BP Group Documents <= 1.2.1 - Cross-Site Request Forgery

Oct 4, 2013 Patched in 1.2.2 (3763d)
WF-db761098-e76a-4be8-8b3d-ec964ecbc01c-bp-group-documentsmedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BP Group Documents <= 1.2.1 - Stored Cross-Site Scripting

Oct 4, 2013 Patched in 1.2.2 (3763d)
WF-eb299b03-a176-43b3-beca-944c32a5af49-bp-group-documentsmedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BP Group Documents <= 1.2 - Stored Cross-Site Scripting

Oct 4, 2013 Patched in 1.2.2 (3763d)
Code Analysis
Analyzed Mar 16, 2026

BP Group Documents Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
35 prepared
Unescaped Output
22
413 escaped
Nonce Checks
6
Capability Checks
15
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared35 total queries

Output Escaping

95% escaped435 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
bp_group_documents_admin (include\admin.php:12)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

BP Group Documents Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_bpfb_documents_add_pageloader.php:389
WordPress Hooks 35
actionbp_template_content_headerclass-bp-group-documents-plugin-extension.php:371
actionbp_template_titleclass-bp-group-documents-plugin-extension.php:372
actionbp_group_documents_add_successinclude\activity.php:55
actionbp_group_documents_edit_successinclude\activity.php:103
actionbp_group_documents_delete_successinclude\activity.php:151
actionbp_group_documents_delete_successinclude\activity.php:238
actionbp_group_documents_delete_with_groupinclude\activity.php:239
filterplugin_action_linksinclude\admin.php:321
filternetwork_admin_plugin_action_linksinclude\admin.php:322
actiongroups_register_activity_actionsinclude\admin.php:356
actionbp_actionsinclude\bp_group_documents_functions.php:21
actiongroups_group_deletedinclude\bp_group_documents_functions.php:243
actioninitinclude\bp_group_documents_functions.php:263
actionbp_actionsinclude\bp_group_documents_functions.php:287
actionwp_enqueue_scriptsinclude\cssjs.php:49
actionadmin_headinclude\cssjs.php:65
filterbp_group_documents_name_outinclude\filters.php:8
filterbp_group_documents_description_outinclude\filters.php:9
filterbp_group_documents_filename_ininclude\filters.php:11
filterbp_group_documents_featured_ininclude\filters.php:12
filterbp_group_documents_category_ids_ininclude\filters.php:13
filterbp_group_documents_file_urlinclude\filters.php:78
filterwpinclude\filters.php:212
actionbp_after_group_forum_post_newinclude\group-forum-attachments.php:7
actiongroups_forum_new_reply_afterinclude\group-forum-attachments.php:8
filtergroup_forum_topic_text_before_saveinclude\group-forum-attachments.php:38
filtergroup_forum_post_text_before_saveinclude\group-forum-attachments.php:39
filterbp_forums_allowed_tagsinclude\group-forum-attachments.php:92
actiongroups_screen_notification_settingsinclude\notifications.php:44
actionbp_group_documents_add_successinclude\notifications.php:163
actionwp_enqueue_scriptsinclude\widgets.php:26
actionwidgets_initinclude\widgets.php:38
actionbp_loadedloader.php:94
actionbpfb_add_cssjs_hooksloader.php:331
actionbpfb_add_ajax_hooksloader.php:392
Maintenance & Trust

BP Group Documents Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJul 10, 2025
PHP min version
Downloads64K

Community Trust

Rating100/100
Number of ratings15
Active installs700
Alternatives

BP Group Documents Alternatives

BP Profile Home Widgets

BP Profile Home Widgets

bp-profile-home-widgets

A
92

Add user editable widgets to the BP Nouveau profile home page with a widgets for text, video, posts, BuddyPress activity, mentions, friends and groups &hellip;

30 No CVEs
BP User Widgets

BP User Widgets

bp-user-widgets

A
100

Add user editable widgets to profile pages with a widgets for text, video, buddypress friends and groups, as well as followed and followiing.

30 No CVEs
BuddyPress User Info Widget

BuddyPress User Info Widget

bp-profile-widget-for-blogs

A
100

BuddyPress User Info Widget allows easy listing of user profile info in the widget area.

20 No CVEs
Astra Widgets

Astra Widgets

astra-widgets

A
96

Quickest solution to add widgets like Address, Social Profiles and List icons on a website built with Astra.

200K 3 CVEs
Lightweight Social Icons

Lightweight Social Icons

lightweight-social-icons

A
85

Looking to add simple social icons to your widget areas? Choose the size and color of your icons, and then choose from 47 different social profiles.

30K No CVEs
Developer Profile

BP Group Documents Developer Profile

lenasterg

10 plugins · 2K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
3763 days
View full developer profile
Detection Fingerprints

How We Detect BP Group Documents

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bp-group-documents/assets/css/bp-group-documents.css/wp-content/plugins/bp-group-documents/assets/js/bp-group-documents.js/wp-content/plugins/bp-group-documents/assets/js/jquery.simpleUpload.js
Script Paths
/wp-content/plugins/bp-group-documents/assets/js/bp-group-documents.js/wp-content/plugins/bp-group-documents/assets/js/jquery.simpleUpload.js
Version Parameters
bp-group-documents/assets/css/bp-group-documents.css?ver=bp-group-documents/assets/js/bp-group-documents.js?ver=bp-group-documents/assets/js/jquery.simpleUpload.js?ver=

HTML / DOM Fingerprints

CSS Classes
bp-group-documents-upload-formbp-group-documents-file-listbp-group-documents-file-itembp-group-documents-actions
HTML Comments
<!-- BP Group Documents File Upload Form --><!-- BP Group Documents File List --><!-- BP Group Documents File Item -->
Data Attributes
data-group-iddata-user-iddata-file-id
JS Globals
bp_group_documents_vars
Shortcode Output
[bp_group_documents_upload_form][bp_group_documents_file_list]
FAQ

Frequently Asked Questions about BP Group Documents