Does BP Profile as Homepage Fork have any unpatched vulnerabilities?

No. All known vulnerabilities in BP Profile as Homepage Fork have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BP Profile as Homepage Fork compatible with WordPress 3.6.1?

According to WordPress.org data, BP Profile as Homepage Fork 1.1.3 has been tested up to WordPress 3.6.1. Check the plugin's changelog for the latest compatibility information.

How often is BP Profile as Homepage Fork updated?

BP Profile as Homepage Fork was last updated on Sep 7, 2013. Frequent updates are generally a positive security signal.

What is BP Profile as Homepage Fork's security score?

BP Profile as Homepage Fork has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BP Profile as Homepage Fork Security & Risk Analysis

wordpress.org/plugins/bp-profile-as-homepage-fork

This plugin lets you have a normal site Homepage for visitors while logged-in users have their BP Profile as Homepage. This is similar to Facebook.

10 active installs v1.1.3 PHP + WP 3.5.1+ Updated Sep 7, 2013

buddypresshomepageloginprofileredirection

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is BP Profile as Homepage Fork Safe to Use in 2026?

Generally Safe

Score 85/100

BP Profile as Homepage Fork has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The "bp-profile-as-homepage-fork" plugin v1.1.3 exhibits a generally positive security posture based on the provided static analysis and vulnerability history. The absence of known CVEs and a clean vulnerability history indicate a history of secure development or effective patching. Furthermore, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and implementing at least one nonce check and capability check, which are crucial for preventing common web attacks.

However, a significant concern arises from the complete lack of output escaping for all identified output points. This represents a critical weakness, as it opens the door to Cross-Site Scripting (XSS) vulnerabilities. While the attack surface appears minimal with no exposed AJAX, REST API, shortcodes, or cron events, and the taint analysis found no issues, the unescaped output is a direct and exploitable risk that must be addressed. The plugin's strengths lie in its lack of known vulnerabilities and internal query security, but the unescaped output is a glaring vulnerability that overshadows these positives.

Key Concerns

0% output escaping

Vulnerabilities

None known

BP Profile as Homepage Fork Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

BP Profile as Homepage Fork Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped3 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

bpahpf_settings_page (bp-profile-as-homepage-fork.php:118)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

BP Profile as Homepage Fork Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionadmin_menubp-profile-as-homepage-fork.php:178

filterlogin_redirectbp-profile-as-homepage-fork.php:179

actionwpbp-profile-as-homepage-fork.php:180

actionwp_logoutbp-profile-as-homepage-fork.php:181

Maintenance & Trust

BP Profile as Homepage Fork Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1

Last updatedSep 7, 2013

PHP min version

Downloads7K

Community Trust

Rating80/100

Number of ratings5

Active installs10

Alternatives

BP Profile as Homepage Fork Alternatives

BP Login Redirect

buddypress-login-redirect

Allows to decide buddypress website admins where their users should land after log in.

100 No CVEs

JSON API User

json-api-user

Extends the JSON API Plugin to allow RESTful user registration, authentication & many other User Meta, BP functions. A Pro version is also available.

1K 1 CVE

BuddyPress Login Redirect to Profile

bp-redirect-to-profile

Redirect users to their BuddyPress profile on login.

700 No CVEs

Inactive Logout

inactive-logout

Automatically logout idle user sessions, with logout redirections and concurrent limit logins all in one place.

20K 3 CVEs

Login Logout Menu

100

Login Logout Menu is a handy plugin which allows you to add login, logout, register and profile menu items in your selected menu.

20K 1 CVE

Developer Profile

BP Profile as Homepage Fork Developer Profile

mort3n

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BP Profile as Homepage Fork

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Data Attributes

bpahpf_role_choice

FAQ