BP Posts On Profile Security & Risk Analysis
wordpress.org/plugins/bp-posts-on-profileAdds 'Posts' link to member's profile page, and shows member's blog posts on that page.
Is BP Posts On Profile Safe to Use in 2026?
Generally Safe
Score 85/100BP Posts On Profile has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'bp-posts-on-profile' v1.0 plugin exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, reliance on prepared statements for all SQL queries, and lack of file operations or external HTTP requests are positive indicators. Furthermore, the vulnerability history shows no recorded CVEs, which suggests a well-maintained and secure codebase historically.
However, there are significant concerns regarding output escaping. With one total output and 0% properly escaped, this indicates a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. Any user-generated content displayed through this plugin is at risk of being rendered as executable code in the user's browser. The lack of nonce and capability checks, while not directly flagged as an issue due to a zero attack surface in these areas, could become a concern if new entry points are introduced in future versions without proper security considerations.
In conclusion, while the plugin has a clean historical record and avoids common pitfalls like raw SQL or dangerous functions, the complete lack of output escaping is a critical weakness that exposes users to XSS attacks. This oversight significantly elevates the risk profile, despite other strong security practices.
Key Concerns
- 100% of outputs are unescaped
BP Posts On Profile Security Vulnerabilities
BP Posts On Profile Release Timeline
BP Posts On Profile Code Analysis
SQL Query Safety
Output Escaping
BP Posts On Profile Attack Surface
WordPress Hooks 4
Maintenance & Trust
BP Posts On Profile Maintenance & Trust
Maintenance Signals
Community Trust
BP Posts On Profile Alternatives
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
youzify
The best BuddyPress plugin for building online communities, user profile, social networks, and membership sites on WordPress with tons of features.
BuddyPress Xprofile Custom Field Types
bp-xprofile-custom-field-types
Buddypress Xprofile Custom Field Types adds extra custom profile fields to BuddyPress. Field types are: Birthdate, Email, Url etc.
JSON API User
json-api-user
Extends the JSON API Plugin to allow RESTful user registration, authentication & many other User Meta, BP functions. A Pro version is also available.
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
wc4bp
Integrate WooCommerce my account into BuddyPress member profiles. Bring your WooCommerce member pages into BuddyPress and BuddyBoss.
BuddyPress Edit Activity
buddypress-edit-activity
BuddyPress Edit Activity allows your members to edit their activity posts on the front-end of your BuddyPress-powered site.
BP Posts On Profile Developer Profile
2 plugins · 30 total installs
How We Detect BP Posts On Profile
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/bp-posts-on-profile/assets/css/style.css/wp-content/plugins/bp-posts-on-profile/assets/js/script.js/wp-content/plugins/bp-posts-on-profile/assets/js/script.jsbp-posts-on-profile/assets/css/style.css?ver=bp-posts-on-profile/assets/js/script.js?ver=HTML / DOM Fingerprints
bp-postsonprofilepostsonprofile-nav<!-- bp-posts-on-profile plugin template -->data-postsonprofile-user-idbpPostsonprofile