Does BP Group Sites have any unpatched vulnerabilities?

No. All known vulnerabilities in BP Group Sites have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BP Group Sites compatible with WordPress 6.9.4?

According to WordPress.org data, BP Group Sites 0.4.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is BP Group Sites compatible with PHP 7.4+?

BP Group Sites requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is BP Group Sites updated?

BP Group Sites was last updated on Feb 5, 2026. Frequent updates are generally a positive security signal.

What is BP Group Sites's security score?

BP Group Sites has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BP Group Sites Security & Risk Analysis

wordpress.org/plugins/bp-group-sites

Enables the creation of a many-to-many relationship between BuddyPress Groups and WordPress Sites in a Multisite context.

10 active installs v0.4.0 PHP 7.4+ WP 4.9+ Updated Feb 5, 2026

buddypressgroupsreading-groupssites

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BP Group Sites Safe to Use in 2026?

Generally Safe

Score 100/100

BP Group Sites has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The 'bp-group-sites' plugin v0.4.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and has a relatively high percentage of properly escaped output. Furthermore, there is no history of known vulnerabilities (CVEs), which suggests a generally stable codebase. However, significant concerns arise from the attack surface analysis. With three AJAX handlers and all of them lacking authentication checks, this presents a considerable risk. While there are nonce checks present, the absence of capability checks on these handlers leaves them open to unauthorized actions if an attacker can trigger them. The lack of reported taint flows is a good sign, but it doesn't negate the direct exposure of AJAX endpoints.

In conclusion, while the plugin benefits from secure database interactions and output handling, the unprotected AJAX endpoints are a critical weakness. The absence of historical vulnerabilities is encouraging, but the current implementation of its attack surface is a clear area for improvement. Focusing on implementing proper authorization checks for these AJAX handlers is paramount to mitigating potential security risks.

Key Concerns

AJAX handlers without auth checks
AJAX handlers without capability checks

Vulnerabilities

None known

BP Group Sites Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

BP Group Sites Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

98 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

82% escaped120 total outputs

Attack Surface

3 unprotected

BP Group Sites Attack Surface

Entry Points3

Unprotected3

AJAX Handlers 3

authwp_ajax_bpgsites_filterincludes\bp-bpgsites-component.php:224

noprivwp_ajax_bpgsites_filterincludes\bp-bpgsites-component.php:225

authwp_ajax_bpgsites_get_groupsincludes\bpgsites-groups.php:1510

WordPress Hooks 72

actionplugins_loadedbp-group-sites.php:114

actionbp_loadedbp-group-sites.php:117

actionbp_loadedbp-group-sites.php:118

actionbp_includebp-group-sites.php:119

actionwp_enqueue_scriptsbp-group-sites.php:227

actionwp_enqueue_scriptsbp-group-sites.php:230

actionwidgets_initbp-group-sites.php:233

actionwp_enqueue_scriptsbp-group-sites.php:240

actionbp_register_theme_packagesbp-group-sites.php:255

filterbp_located_templateincludes\bp-bpgsites-component.php:171

actionbp_directory_blogs_actionsincludes\bp-bpgsites-component.php:204

actionbp_setup_theme_compatincludes\bp-bpgsites-screens.php:32

filterbp_get_buddypress_templateincludes\bp-bpgsites-screens.php:58

actionbp_template_include_reset_dummy_post_dataincludes\bp-bpgsites-screens.php:59

filterbp_replace_the_contentincludes\bp-bpgsites-screens.php:60

actionbp_screensincludes\bp-bpgsites-screens.php:171

actionbp_activity_filter_optionsincludes\bpgsites-activity.php:58

actionbp_group_activity_filter_optionsincludes\bpgsites-activity.php:59

actionbp_member_activity_filter_optionsincludes\bpgsites-activity.php:60

filterbp_ajax_querystringincludes\bpgsites-activity.php:63

filterbp_get_activity_comment_linkincludes\bpgsites-activity.php:66

filterbp_activity_get_permalinkincludes\bpgsites-activity.php:69

actionbp_disable_blogforum_commentsincludes\bpgsites-activity.php:80

actionbp_activity_before_saveincludes\bpgsites-activity.php:83

filtercomment_id_fieldsincludes\bpgsites-activity.php:86

actioncomment_postincludes\bpgsites-activity.php:89

filterpre_comment_approvedincludes\bpgsites-activity.php:92

filtermap_meta_capincludes\bpgsites-activity.php:95

filtercp_nav_after_network_home_titleincludes\bpgsites-activity.php:98

filtercomment_reply_linkincludes\bpgsites-activity.php:101

filtercp_override_tinymceincludes\bpgsites-activity.php:104

actioncommentpress_before_scrollable_commentsincludes\bpgsites-activity.php:107

filtercomment_classincludes\bpgsites-activity.php:110

actionparse_comment_queryincludes\bpgsites-activity.php:113

filterget_comments_numberincludes\bpgsites-activity.php:116

filtercommentpress_show_comment_formincludes\bpgsites-activity.php:119

filtercommentpress_bp_activity_sidebar_before_membersincludes\bpgsites-activity.php:122

filtercp_activity_tab_recent_title_blogincludes\bpgsites-activity.php:125

actionadd_meta_boxesincludes\bpgsites-activity.php:128

actionedit_commentincludes\bpgsites-activity.php:131

actionedit_commentincludes\bpgsites-activity.php:134

filterget_comment_textincludes\bpgsites-activity.php:137

filtercommentpress_ajax_get_commentincludes\bpgsites-activity.php:140

filtercommentpress_ajax_edited_commentincludes\bpgsites-activity.php:143

filtercommentpress_reply_to_para_link_textincludes\bpgsites-activity.php:925

filtercommentpress_reply_to_para_link_hrefincludes\bpgsites-activity.php:926

filtercommentpress_reply_to_para_link_onclickincludes\bpgsites-activity.php:927

filtercommentpress_comment_form_hiddenincludes\bpgsites-activity.php:968

actionnetwork_admin_menuincludes\bpgsites-admin.php:70

filterbpgsites_extension_titleincludes\bpgsites-admin.php:531

filterbpgsites_extension_nameincludes\bpgsites-admin.php:574

filterbpgsites_extension_pluralincludes\bpgsites-admin.php:617

filterbpgsites_extension_slugincludes\bpgsites-admin.php:660

filterbp_get_blogs_visit_blog_buttonincludes\bpgsites-admin.php:702

filterbp_after_has_blogs_parse_argsincludes\bpgsites-blogs.php:79

filterbp_after_has_blogs_parse_argsincludes\bpgsites-blogs.php:143

filterbp_get_total_blog_countincludes\bpgsites-blogs.php:169

filterbp_get_total_blog_countincludes\bpgsites-blogs.php:180

filterbp_get_total_blog_count_for_userincludes\bpgsites-blogs.php:212

filterbpgsites_get_total_blog_countincludes\bpgsites-blogs.php:314

filterbpgsites_get_total_blog_count_for_userincludes\bpgsites-blogs.php:385

actionupdate_option_commentpress_theme_settingsincludes\bpgsites-blogs.php:556

filterbp_get_blog_avatarincludes\bpgsites-blogs.php:601

actionwp_headincludes\bpgsites-display.php:43

actionbp_after_group_settings_adminincludes\bpgsites-groups.php:1630

actionbp_after_group_settings_creation_stepincludes\bpgsites-groups.php:1631

actiongroups_group_after_saveincludes\bpgsites-groups.php:1694

filtercommentpress_rte_media_buttonsincludes\bpgsites-groups.php:1836

filtercommentpress_rte_quicktagsincludes\bpgsites-groups.php:1876

actiondelete_blogincludes\bpgsites-linkage.php:377

actionwp_uninitialize_siteincludes\bpgsites-linkage.php:401

actiongroups_before_delete_groupincludes\bpgsites-linkage.php:430

Maintenance & Trust

BP Group Sites Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 5, 2026

PHP min version7.4

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

BP Group Sites Alternatives

Registration Options for BuddyPress

bp-registration-options

Moderate new BuddyPress members and fight BuddyPress spam.

1K No CVEs

BuddyPress Group Email Subscription

buddypress-group-email-subscription

This powerful plugin allows users to receive email notifications of group activity. Weekly or daily digests are available.

1K No CVEs

Wbcom Designs – Shortcodes & Elementor Widgets For BuddyPress

shortcodes-for-buddypress

100

This plugin generates shortcodes for Listing Activity Streams, Members, and Groups on any website post or page.

700 No CVEs

BuddyPress Default Data

bp-default-data

Plugin will create lots of users, messages, friends connections, groups, topics, activity items, profile data - useful for testing purpose.

400 No CVEs

BuddyPress Groups Extras

buddypress-groups-extras

Introduce custom fields and custom pages to your BuddyPress-powered groups.

400 1 CVE

Developer Profile

BP Group Sites Developer Profile

Christian Wach

8 plugins · 2K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BP Group Sites

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bp-group-sites/assets/css/bpgsites.css/wp-content/plugins/bp-group-sites/assets/js/bpgsites-activity.js

Script Paths

/wp-content/plugins/bp-group-sites/assets/js/bpgsites-activity.js

Version Parameters

bp-group-sites/assets/css/bpgsites.css?ver=bp-group-sites/assets/js/bpgsites-activity.js?ver=

HTML / DOM Fingerprints

CSS Classes

bpgsites-group-site-list

HTML Comments

Data Attributes

data-bp-group-sites-group-id

JS Globals

bp_group_sites_ajax_object

Shortcode Output

[bp_group_sites_linked_sites]

FAQ