WP-Safety

BP Profile Status Security & Risk Analysis

wordpress.org/plugins/bp-profile-status

Using BP Profile Status plugin you can set status in your BuddyPress Profile.

20 active installs v1.5.1 PHP + WP 4.0+ Updated Unknown
activitybuddypress-profilebuddypress-profile-statusprofilestatus
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is BP Profile Status Safe to Use in 2026?

Generally Safe

Score 100/100

BP Profile Status has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The 'bp-profile-status' plugin v1.5.1 exhibits a mixed security posture. On the positive side, the code demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively, and all identified output points are properly escaped. Furthermore, there is a complete absence of known vulnerabilities (CVEs) and no concerning taint analysis results were reported, indicating a clean history and a lack of exploitable data flow issues.

However, a significant concern arises from the plugin's attack surface. All three identified AJAX handlers lack authentication checks. This creates a substantial risk, as unauthenticated users could potentially interact with these endpoints, leading to unintended actions or information disclosure. While the absence of direct SQL injection or cross-site scripting vulnerabilities is commendable, the lack of proper authorization on these entry points is a critical oversight that needs immediate attention.

In conclusion, while the plugin benefits from a clean vulnerability history and secure handling of database queries and output, the presence of unprotected AJAX endpoints presents a serious security weakness. This aspect overshadows the otherwise positive coding practices and requires remediation to ensure the plugin's overall security.

Key Concerns

  • AJAX handlers without auth checks
  • Large attack surface without auth
Vulnerabilities
None known

BP Profile Status Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

BP Profile Status Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

BP Profile Status Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
34 escaped
Nonce Checks
4
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped34 total outputs
Attack Surface
3 unprotected

BP Profile Status Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

authwp_ajax_bpps_delete_current_statusincludes\class-bp-profile-status.php:252
authwp_ajax_bpps_delete_statusincludes\class-bp-profile-status.php:253
authwp_ajax_bpps_set_current_statusincludes\class-bp-profile-status.php:254
WordPress Hooks 8
actionplugins_loadedincludes\class-bp-profile-status.php:147
actionwp_enqueue_scriptsincludes\class-bp-profile-status.php:162
actionwp_enqueue_scriptsincludes\class-bp-profile-status.php:163
actionbp_initincludes\class-bp-profile-status.php:172
actionbp_template_contentincludes\class-bp-profile-status.php:173
actionbp_before_member_header_metaincludes\class-bp-profile-status.php:174
actionbp_directory_members_itemincludes\class-bp-profile-status.php:175
filterbp_settings_admin_navincludes\class-bp-profile-status.php:177
Maintenance & Trust

BP Profile Status Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedUnknown
PHP min version
Downloads7K

Community Trust

Rating100/100
Number of ratings4
Active installs20
Alternatives

BP Profile Status Alternatives

BuddyPress Xprofile Custom Field Types

BuddyPress Xprofile Custom Field Types

bp-xprofile-custom-field-types

A
97

Buddypress Xprofile Custom Field Types adds extra custom profile fields to BuddyPress. Field types are: Birthdate, Email, Url etc.

4K 1 CVE
NodeInfo(2)

NodeInfo(2)

nodeinfo

A
100

NodeInfo and NodeInfo2 for WordPress!

1K No CVEs
WebFinger

WebFinger

webfinger

A
100

WebFinger for WordPress

1K No CVEs
BuddyPress Edit Activity

BuddyPress Edit Activity

buddypress-edit-activity

A
85

BuddyPress Edit Activity allows your members to edit their activity posts on the front-end of your BuddyPress-powered site.

800 No CVEs
BuddyPress & BuddyBoss Member Profile Forms

BuddyPress & BuddyBoss Member Profile Forms

buddyforms-members

A
92

Create custom Member Profile Tabs and Registration Forms in BuddyPress and BuddyBoss. Allow your Members to create, edit, and delete any kind of data …

400 1 CVE
Developer Profile

BP Profile Status Developer Profile

Sanket Parmar

4 plugins · 160 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect BP Profile Status

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bp-profile-status/public/css/bp-profile-status-public.css/wp-content/plugins/bp-profile-status/public/js/bp-profile-status-public.js
Script Paths
/wp-content/plugins/bp-profile-status/public/js/bp-profile-status-public.js
Version Parameters
/wp-content/plugins/bp-profile-status/public/css/bp-profile-status-public.css?ver=/wp-content/plugins/bp-profile-status/public/js/bp-profile-status-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
bp-profile-status-user-status
JS Globals
bpps_ajax_object
FAQ

Frequently Asked Questions about BP Profile Status