Does BP Lotsa Feeds have any unpatched vulnerabilities?

No. All known vulnerabilities in BP Lotsa Feeds have been patched as of the latest data update. Always keep the plugin updated to the latest version.

How often is BP Lotsa Feeds updated?

BP Lotsa Feeds was last updated on Sep 28, 2010. Frequent updates are generally a positive security signal.

What is BP Lotsa Feeds's security score?

BP Lotsa Feeds has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BP Lotsa Feeds Security & Risk Analysis

wordpress.org/plugins/bp-lotsa-feeds

Gives your BuddyPress installation lotsa feeds.

10 active installs v1.0 PHP + WP + Updated Sep 28, 2010

activitybuddypressfeedfeedsrss

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is BP Lotsa Feeds Safe to Use in 2026?

Generally Safe

Score 85/100

BP Lotsa Feeds has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The "bp-lotsa-feeds" plugin version 1.0 exhibits a generally positive security posture based on the provided static analysis and vulnerability history. The absence of identified dangerous functions, raw SQL queries, file operations, external HTTP requests, and external HTTP requests is commendable. Furthermore, the plugin has no recorded vulnerabilities (CVEs), indicating a history of secure development or diligent patching. This lack of history suggests either a very mature and stable codebase or a relatively new plugin that hasn't yet attracted security scrutiny. However, a significant concern arises from the fact that 100% of the plugin's output is not properly escaped. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed in users' browsers.

Key Concerns

All output is unescaped

Vulnerabilities

None known

BP Lotsa Feeds Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

BP Lotsa Feeds Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped10 total outputs

Attack Surface

BP Lotsa Feeds Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionwpbp-lotsa-feeds.php:128

actionbp_loadedloader.php:13

Maintenance & Trust

BP Lotsa Feeds Maintenance & Trust

Maintenance Signals

WordPress version tested

Last updatedSep 28, 2010

PHP min version

Downloads7K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

BP Lotsa Feeds Alternatives

BP External Group Blogs

external-group-blogs

Give group creators and administrators on your BuddyPress install the ability to attach

10 No CVEs

Disable Feeds

disable-feeds

Disables all RSS/Atom/RDF feeds on your WordPress site.

30K No CVEs

GN Publisher: Google News Compatible RSS Feeds

gn-publisher

100

GN Publisher makes RSS feeds that comply with the Google News RSS Feed Technical Requirements for including your site in the Google News.

20K 1 CVE

Disable Feeds WP

disable-feeds-wp

100

Disables all RSS/Atom/RDF feeds on your WordPress site.

10K No CVEs

RSS Includes Pages

rss-includes-pages

100

Modifies RSS feeds so that they include pages and not just posts.

10K 1 CVE

Developer Profile

BP Lotsa Feeds Developer Profile

Boone Gorges

27 plugins · 12K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

1864 days

View full developer profile

Detection Fingerprints

How We Detect BP Lotsa Feeds

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bp-lotsa-feeds/feed-template.php

HTML / DOM Fingerprints

JS Globals

this_bp_feed

FAQ