Does BuddyPress Groupblog have any unpatched vulnerabilities?

No. All known vulnerabilities in BuddyPress Groupblog have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BuddyPress Groupblog compatible with WordPress 6.2.9?

According to WordPress.org data, BuddyPress Groupblog 1.9.3 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

How often is BuddyPress Groupblog updated?

BuddyPress Groupblog was last updated on Jul 30, 2023. Frequent updates are generally a positive security signal.

What is BuddyPress Groupblog's security score?

BuddyPress Groupblog has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BuddyPress Groupblog Security & Risk Analysis

wordpress.org/plugins/bp-groupblog

BuddyPress Groupblog extends the group functionality by enabling the group to have a single blog associated with it.

50 active installs v1.9.3 PHP + WP 3.6+ Updated Jul 30, 2023

blogsbuddypresscontentgroups

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BuddyPress Groupblog Safe to Use in 2026?

Generally Safe

Score 85/100

BuddyPress Groupblog has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "bp-groupblog" plugin v1.9.3 exhibits a mixed security posture. On the positive side, it has a small attack surface with no unprotected entry points, a good number of nonce and capability checks, and a high percentage of SQL queries using prepared statements. The absence of known CVEs and external HTTP requests are also favorable indicators. However, the static analysis reveals some significant concerns. The presence of three instances of the dangerous `create_function` function is a serious red flag, as this function is deprecated and can lead to security vulnerabilities if not handled with extreme care. Furthermore, the taint analysis indicates two high-severity flows with unsanitized paths, suggesting potential risks of code injection or other sensitive data compromise. The relatively low percentage of properly escaped output (47%) also suggests a risk of Cross-Site Scripting (XSS) vulnerabilities, especially if the unsanitized paths involve user-supplied input that is later displayed. The plugin's vulnerability history is clean, which is a strength, but it doesn't negate the risks identified in the current code analysis. In conclusion, while the plugin has good baseline security practices like authentication checks and prepared statements, the use of `create_function` and high-severity unsanitized paths present notable risks that require attention.

Key Concerns

Dangerous function usage (create_function)
High severity unsanitized taint flows
Low percentage of properly escaped output

Vulnerabilities

None known

BuddyPress Groupblog Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

BuddyPress Groupblog Code Analysis

Dangerous Functions

Raw SQL Queries

13 prepared

Unescaped Output

181

160 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionreturn create_function( '', 'return '.var_export( $value, true ).';' );themes\p2\inc\p2.php:4

create_functionreturn create_function( $args, $export_call.' return '.$expression.';' );themes\p2\inc\p2.php:11

create_functionusort( $post_ids_and_tags, create_function( '$a, $b', 'return $b["post_id"] - $a["post_id"];' ) );themes\p2\inc\widgets\recent-tags.php:86

SQL Query Safety

81% prepared16 total queries

Output Escaping

47% escaped341 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

14 flows4 with unsanitized paths

bp_groupblog_show_blog_form (bp-groupblog.php:624)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

BuddyPress Groupblog Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_p2_post_updatethemes\p2-buddypress\functions.php:134

WordPress Hooks 103

actionwp1.5-abstraction.php:78

actionwp_initialize_sitebp-groupblog-admin.php:815

actionwpmu_new_blogbp-groupblog-admin.php:817

actionsignup_blogformbp-groupblog-classes.php:57

actionbp_groupblog_create_screen_markupbp-groupblog-classes.php:61

actionsignup_blogformbp-groupblog-classes.php:97

actionbp_groupblog_edit_screen_markupbp-groupblog-classes.php:101

actionwp_enqueue_scriptsbp-groupblog-cssjs.php:45

actionwp_print_stylesbp-groupblog-cssjs.php:61

actionbp_loadedbp-groupblog.php:78

actionbp_setup_globalsbp-groupblog.php:103

actionbp_setup_navbp-groupblog.php:163

actiongroups_join_groupbp-groupblog.php:466

actiongroups_promoted_memberbp-groupblog.php:482

actiongroups_demoted_memberbp-groupblog.php:483

actiongroups_unbanned_memberbp-groupblog.php:484

actiongroups_banned_memberbp-groupblog.php:485

actiongroups_removed_memberbp-groupblog.php:486

actiongroups_membership_acceptedbp-groupblog.php:487

actiongroups_accept_invitebp-groupblog.php:488

actiongroups_leave_groupbp-groupblog.php:521

actionbp_actionsbp-groupblog.php:947

actiontransition_post_statusbp-groupblog.php:1257

actionbp_activity_before_savebp-groupblog.php:1388

actionwp_trash_postbp-groupblog.php:1437

actiondelete_postbp-groupblog.php:1438

filterbp_ajax_querystringbp-groupblog.php:1483

filterbp_activity_can_commentbp-groupblog.php:1501

actionbp_register_activity_actionsbp-groupblog.php:1519

actionbp_activity_before_savebp-groupblog.php:1650

filterbp_activity_get_activity_idbp-groupblog.php:1689

filterbp_disable_blogforum_commentsbp-groupblog.php:1690

actiontransition_comment_statusbp-groupblog.php:1692

filterbp_activity_get_activity_idbp-groupblog.php:1716

filterbp_disable_blogforum_commentsbp-groupblog.php:1717

filterbp_activity_post_pre_commentbp-groupblog.php:1721

actiondelete_commentbp-groupblog.php:1754

actiontransition_comment_statusbp-groupblog.php:1790

actiontransition_comment_statusbp-groupblog.php:1791

actiondelete_commentbp-groupblog.php:1792

actiondelete_commentbp-groupblog.php:1793

actionbp_activity_after_deletebp-groupblog.php:1796

filterbp_activity_get_permalinkbp-groupblog.php:1859

actionbp_group_activity_filter_optionsbp-groupblog.php:1872

actionbp_screensbp-groupblog.php:1898

actionbp_template_contentbp-groupblog.php:1900

actionbp_initbp-groupblog.php:1937

actiondelete_blogbp-groupblog.php:1959

filterbp_get_blog_avatarbp-groupblog.php:2000

actionbp_includeloader.php:33

actioninitthemes\p2\functions.php:63

filterthe_contentthemes\p2\functions.php:100

filtercomment_textthemes\p2\functions.php:101

filterthe_contentthemes\p2\functions.php:128

filtercomment_textthemes\p2\functions.php:129

actionsave_postthemes\p2\functions.php:135

actionloop_startthemes\p2\functions.php:245

actionloop_endthemes\p2\functions.php:246

actionsave_postthemes\p2\functions.php:357

actiontemplate_redirectthemes\p2\functions.php:367

actionwp_headthemes\p2\functions.php:378

filtertemplate_redirectthemes\p2\functions.php:414

filterposts_distinctthemes\p2\functions.php:423

filterposts_wherethemes\p2\functions.php:433

filterposts_jointhemes\p2\functions.php:441

filterthe_contentthemes\p2\functions.php:478

filterget_the_tagsthemes\p2\functions.php:479

filterthe_excerptthemes\p2\functions.php:480

filtercomment_textthemes\p2\functions.php:481

actionwp_headthemes\p2\functions.php:493

filterprologue_poweredby_linkthemes\p2\functions.php:554

actionwp_headthemes\p2\functions.php:672

actionwp_headthemes\p2\functions.php:688

actionwp_headthemes\p2\functions.php:702

actionbefore_signup_formthemes\p2\functions.php:708

actionafter_signup_formthemes\p2\functions.php:713

actioninitthemes\p2\inc\js.php:3

actionwp_print_scriptsthemes\p2\inc\js.php:9

actionwp_headthemes\p2\inc\js.php:11

actionwp_footerthemes\p2\inc\js.php:163

actioninitthemes\p2\inc\options-page.php:3

actionadmin_menuthemes\p2\inc\options-page.php:8

actioninitthemes\p2\inc\p2.php:15

filterthe_contentthemes\p2\inc\p2.php:21

filterget_user_option_use_sslthemes\p2\inc\p2.php:37

filterflash_uploaderthemes\p2\inc\p2.php:41

filterauth_redirect_schemethemes\p2\inc\p2.php:42

filteradmin_urlthemes\p2\inc\p2.php:43

filterincludes_urlthemes\p2\inc\p2.php:44

filterscript_loader_srcthemes\p2\inc\p2.php:45

filterwp_get_attachment_urlthemes\p2\inc\p2.php:46

filtermedia_upload_form_urlthemes\p2\inc\p2.php:47

filterbody_classthemes\p2\inc\template-tags.php:9

filterp2_get_quote_contentthemes\p2\inc\template-tags.php:143

filterp2_get_quote_contentthemes\p2\inc\template-tags.php:144

filterp2_get_quote_contentthemes\p2\inc\template-tags.php:145

filterp2_get_quote_contentthemes\p2\inc\template-tags.php:146

filterp2_get_quote_contentthemes\p2\inc\template-tags.php:147

actioncomment_postthemes\p2\inc\widgets\recent-comments.php:7

actionwp_set_comment_statusthemes\p2\inc\widgets\recent-comments.php:8

actionwp_print_stylesthemes\p2-buddypress\functions.php:217

actiontemplate_redirectthemes\p2-buddypress\functions.php:226

actionwp_footerthemes\p2-buddypress\functions.php:284

Maintenance & Trust

BuddyPress Groupblog Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedJul 30, 2023

PHP min version

Downloads67K

Community Trust

Rating66/100

Number of ratings11

Active installs50

Alternatives

BuddyPress Groupblog Alternatives

BP External Group Blogs

external-group-blogs

Give group creators and administrators on your BuddyPress install the ability to attach

10 No CVEs

Registration Options for BuddyPress

bp-registration-options

Moderate new BuddyPress members and fight BuddyPress spam.

1K No CVEs

BuddyPress Group Email Subscription

buddypress-group-email-subscription

This powerful plugin allows users to receive email notifications of group activity. Weekly or daily digests are available.

1K No CVEs

Wbcom Designs – Shortcodes & Elementor Widgets For BuddyPress

shortcodes-for-buddypress

100

This plugin generates shortcodes for Listing Activity Streams, Members, and Groups on any website post or page.

700 No CVEs

BuddyPress Default Data

bp-default-data

Plugin will create lots of users, messages, friends connections, groups, topics, activity items, profile data - useful for testing purpose.

400 No CVEs

Developer Profile

BuddyPress Groupblog Developer Profile

Boone Gorges

27 plugins · 12K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

1864 days

View full developer profile

Detection Fingerprints

How We Detect BuddyPress Groupblog

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bp-groupblog/bp-groupblog.css/wp-content/plugins/bp-groupblog/bp-groupblog.js/wp-content/plugins/bp-groupblog/groupblog/images/arrow.gif/wp-content/plugins/bp-groupblog/groupblog/images/icons.gif/wp-content/plugins/bp-groupblog/groupblog/images/marker.gif/wp-content/plugins/bp-groupblog/groupblog/images/tab-left.png/wp-content/plugins/bp-groupblog/groupblog/images/tab-right.png

Script Paths

/wp-content/plugins/bp-groupblog/bp-groupblog.js

Version Parameters

bp-groupblog/bp-groupblog.css?ver=bp-groupblog/bp-groupblog.js?ver=

HTML / DOM Fingerprints

CSS Classes

groupblog-list-linksbp-groupblog

Data Attributes

data-groupblog-group-id

JS Globals

bp_groupblog

FAQ