WP-Safety

BP Premiums for BuddyPress Security & Risk Analysis

wordpress.org/plugins/bp-premiums

BP Premiums is an addon for monetizing social networks. Charge users a premium for accessing features on your network.

10 active installs v1.2.0 PHP + WP 3.2+ Updated Unknown
buddypressbuddypress-groupsbuddypress-monetizegroupssocial-network
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is BP Premiums for BuddyPress Safe to Use in 2026?

Generally Safe

Score 100/100

BP Premiums for BuddyPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "bp-premiums" plugin v1.2.0 exhibits a strong security posture based on the provided static analysis. There are no identified dangerous functions, SQL injection vulnerabilities, or file operations. The plugin effectively utilizes prepared statements for all SQL queries and the vast majority of output is properly escaped, indicating good practices in preventing common web vulnerabilities. Furthermore, the absence of any recorded vulnerabilities (CVEs) in its history suggests a track record of stability and security.

However, the analysis does highlight a complete lack of nonce checks across all potential entry points, which is a significant concern. While the plugin has only one capability check, the absence of nonces means that even authenticated users could potentially perform unintended actions if an attacker can trick them into submitting a crafted request. The absence of any taint analysis data is also a gap, as it prevents a deeper understanding of how data flows through the plugin and if any sensitive information might be at risk.

In conclusion, "bp-premiums" v1.2.0 demonstrates a good foundational security by avoiding many common pitfalls. Its strengths lie in its secure database interactions and output escaping. The primary weakness is the complete omission of nonce checks, which introduces a risk of Cross-Site Request Forgery (CSRF) for any actions that might be triggered. The lack of taint analysis data also leaves a question mark regarding potential data leakage or manipulation that isn't apparent from the static checks alone.

Key Concerns

  • Missing nonce checks on all entry points
  • Lack of taint analysis data
Vulnerabilities
None known

BP Premiums for BuddyPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

BP Premiums for BuddyPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
7
29 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

81% escaped36 total outputs
Attack Surface

BP Premiums for BuddyPress Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 33
actioninitbp-premiums.php:177
actionall_admin_noticesbp-premiums.php:239
actionadmin_initbp-premiums.php:242
actionplugins_loadedbp-premiums.php:381
filterproduct_type_selectorincludes\class-api.php:43
actionwoocommerce_product_options_general_product_dataincludes\class-api.php:44
actionspbpp_before_options_listincludes\class-api.php:45
actionspbpp_after_options_listincludes\class-api.php:46
actionwoocommerce_order_status_completedincludes\class-api.php:47
actionsave_postincludes\class-api.php:48
actionplugins_loadedmodules\buddydrive.php:53
actionspbpp_options_listmodules\buddydrive.php:54
actionspbpp_save_productmodules\buddydrive.php:55
actionspbpp_order_completemodules\buddydrive.php:56
actionbp_initmodules\buddydrive.php:58
actionbp_premiums_loadedmodules\buddydrive.php:244
actionspbpp_options_listmodules\group-access.php:18
actionspbpp_save_productmodules\group-access.php:19
actionspbpp_order_completemodules\group-access.php:20
actionbp_premiums_loadedmodules\group-access.php:91
actionplugins_loadedmodules\group-create.php:26
actionspbpp_options_listmodules\group-create.php:27
actionspbpp_save_productmodules\group-create.php:28
actionspbpp_order_completemodules\group-create.php:29
filterbp_user_can_create_groupsmodules\group-create.php:31
actiongroups_group_create_completemodules\group-create.php:32
actionbp_premiums_loadedmodules\group-create.php:154
actionplugins_loadedmodules\rtmedia.php:44
actionspbpp_options_listmodules\rtmedia.php:45
actionspbpp_save_productmodules\rtmedia.php:46
actionspbpp_order_completemodules\rtmedia.php:47
actionbp_initmodules\rtmedia.php:49
actionbp_premiums_loadedmodules\rtmedia.php:200
Maintenance & Trust

BP Premiums for BuddyPress Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32
Last updatedUnknown
PHP min version
Downloads5K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

BP Premiums for BuddyPress Alternatives

Advanced XProfile Fields for BuddyPress

Advanced XProfile Fields for BuddyPress

advanced-xprofile-fields-for-buddypress

A
85

Enhance your BuddyPress profile fields with Advanced XProfile Fields for BuddyPress. Manage fields labels, validation and show fields in admin.

100 No CVEs
Buddypress Xprofile Fields Custom Css Classes

Buddypress Xprofile Fields Custom Css Classes

bp-xprofile-fields-custom-css-classes

A
85

Add custom classes to xprofile fields for ease of styling.

20 No CVEs
myCred BP Group Leaderboards

myCred BP Group Leaderboards

mycred-bp-group-leaderboards

A
100

📢🚨 Important Notice: myCred BP Group Leaderboards is now part of the myCred Toolkit and will no longer receive updates here.

80 No CVEs
BP Favorite Groups

BP Favorite Groups

bp-favorite-groups

A
85

BP Favorite Groups is an easy way for users to bookmark the best groups. Users can filter activity by their favorite groups.

10 No CVEs
Registration Options for BuddyPress

Registration Options for BuddyPress

bp-registration-options

A
85

Moderate new BuddyPress members and fight BuddyPress spam.

1K No CVEs
Developer Profile

BP Premiums for BuddyPress Developer Profile

SuitePlugins

17 plugins · 2K total installs

90
trust score
Avg Security Score
86/100
Avg Patch Time
7 days
View full developer profile
Detection Fingerprints

How We Detect BP Premiums for BuddyPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bp-premiums/assets/css/bpp-frontend.css/wp-content/plugins/bp-premiums/assets/css/bpp-frontend.min.css/wp-content/plugins/bp-premiums/assets/js/bpp-frontend.js/wp-content/plugins/bp-premiums/assets/js/bpp-frontend.min.js/wp-content/plugins/bp-premiums/assets/css/bpp-admin.css/wp-content/plugins/bp-premiums/assets/css/bpp-admin.min.css/wp-content/plugins/bp-premiums/assets/js/bpp-admin.js/wp-content/plugins/bp-premiums/assets/js/bpp-admin.min.js+2 more
Script Paths
/wp-content/plugins/bp-premiums/assets/js/bpp-frontend.js/wp-content/plugins/bp-premiums/assets/js/bpp-frontend.min.js/wp-content/plugins/bp-premiums/assets/js/bpp-admin.js/wp-content/plugins/bp-premiums/assets/js/bpp-admin.min.js/wp-content/plugins/bp-premiums/assets/js/bp-premiums-custom-fields.js/wp-content/plugins/bp-premiums/assets/js/bp-premiums-custom-fields.min.js
Version Parameters
/wp-content/plugins/bp-premiums/assets/css/bpp-frontend.css?ver=/wp-content/plugins/bp-premiums/assets/js/bpp-frontend.js?ver=/wp-content/plugins/bp-premiums/assets/css/bpp-admin.css?ver=/wp-content/plugins/bp-premiums/assets/js/bpp-admin.js?ver=/wp-content/plugins/bp-premiums/assets/js/bp-premiums-custom-fields.js?ver=

HTML / DOM Fingerprints

CSS Classes
bpp-premium-pricebpp-price-boxbpp-access-levelbp-premiums-wrapbp-premiums-contentbpp-premium-features
HTML Comments
<!-- BP Premiums activation notice --><!-- BP Premiums content wrapper --><!-- BP Premiums item -->
Data Attributes
data-premium-iddata-access-leveldata-user-id
JS Globals
window.BP_Premiums_Frontendwindow.BP_Premiums_Admin
REST Endpoints
/wp-json/bp-premiums/v1/settings/wp-json/bp-premiums/v1/users/wp-json/bp-premiums/v1/purchase
Shortcode Output
[bp_premiums_plans][bp_premiums_user_profile][bp_premiums_pricing_table]
FAQ

Frequently Asked Questions about BP Premiums for BuddyPress