Does BuddyProfileMessageUX Free have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is BuddyProfileMessageUX Free compatible with WordPress 6.8.5?

According to WordPress.org data, BuddyProfileMessageUX Free 1.8 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is BuddyProfileMessageUX Free updated?

BuddyProfileMessageUX Free was last updated on Apr 19, 2025. Frequent updates are generally a positive security signal.

What is BuddyProfileMessageUX Free's security score?

BuddyProfileMessageUX Free has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BuddyProfileMessageUX Free Security & Risk Analysis

wordpress.org/plugins/bp-profile-message-ux

This BuddyPress plugin replaces the functionality for the Public Message and Private Message buttons on profile pages.

50 active installs v1.8 PHP + WP 3.5+ Updated Apr 19, 2025

buddypressmembersmessagepluginsprofile

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is BuddyProfileMessageUX Free Safe to Use in 2026?

Generally Safe

Score 92/100

BuddyProfileMessageUX Free has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "bp-profile-message-ux" v1.8 plugin exhibits a strong security posture in several key areas. The static analysis reveals no dangerous functions, no SQL queries that are not prepared, no file operations, and no external HTTP requests, all of which are excellent security practices. The absence of known CVEs and a clean vulnerability history further suggest a well-maintained and secure plugin. However, a significant concern arises from the complete lack of output escaping. With two output points analyzed, and zero being properly escaped, this presents a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. Attackers could potentially inject malicious scripts through user-supplied data that is later displayed to other users. While the plugin has no attack surface exposed through common entry points like AJAX, REST API, or shortcodes, and it does perform nonce checks, the critical failure in output sanitization overshadows these positives. The lack of capability checks is also a point of concern, though its severity is reduced due to the absence of other entry points.

Key Concerns

0% output escaping
No capability checks

Vulnerabilities

None known

BuddyProfileMessageUX Free Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

BuddyProfileMessageUX Free Release Timeline

v1.8Current

v1.7

v1.6

v1.5

v1.4

v1.3

v1.2

v1.1.7

v1.1.6

v1.1.5

v1.1.4

v1.1.3

v1.1.2

v1.1

v1.0

Code Analysis

Analyzed Mar 16, 2026

BuddyProfileMessageUX Free Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped2 total outputs

Attack Surface

BuddyProfileMessageUX Free Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionbp_headbp-profile-message-ux.php:10

actionwpbp-profile-message-ux.php:45

filterbp_get_send_message_buttonbp-profile-message-ux.php:92

filterbp_nouveau_get_members_buttonsbp-profile-message-ux.php:147

actionwpbp-profile-message-ux.php:184

filterbp_get_send_public_message_buttonbp-profile-message-ux.php:230

actionbp_initloader.php:23

Maintenance & Trust

BuddyProfileMessageUX Free Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 19, 2025

PHP min version

Downloads12K

Community Trust

Rating80/100

Number of ratings8

Active installs50

Alternatives

BuddyProfileMessageUX Free Alternatives

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

youzify

The best BuddyPress plugin for building online communities, user profile, social networks, and membership sites on WordPress with tons of features.

6K 1 unpatched

BuddyPress xProfile Checkout Manager for WooCommerce

woocommerce-buddypress-integration-xprofile-checkout-manager

BuddyPress xProfile Checkout Manager for WooCommerce extension where you can integrate BuddyPress xProfile into WooCommerce Checkout.

70 1 CVE

BuddyForms Moderation ( Former: Review Logic )

buddyforms-review

Create new drafts or pending reviews from new or published posts without changing the live version.

30 1 CVE

BuddyForms Form Elements for WooCommerce

buddyforms-woocommerce-form-elements

Let your WooCommerce Vendors Manage there Products from the Frontend

30 No CVEs

BuddyPress Avatar Bubble

cd-bp-avatar-bubble

After moving your mouse pointer on user/group avatar (or clicking) you will see a bubble with the defined by admin information about it.

30 No CVEs

Developer Profile

BuddyProfileMessageUX Free Developer Profile

shanebp

9 plugins · 2K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

124 days

View full developer profile

Detection Fingerprints

How We Detect BuddyProfileMessageUX Free

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

send-private-messageprivate-message-form-ux

Data Attributes

id="create-private-message-ux"id="private-message-form-ux"name="private_message_subject"id="private_message_subject"name="private_message_content"id="private_message_content"+3 more

FAQ