BP Profile Status Security & Risk Analysis

wordpress.org/plugins/bp-profile-status

Using BP Profile Status plugin you can set status in your BuddyPress Profile.

30 active installs v1.5.1 PHP + WP 4.0+ Updated Jun 19, 2017
activitybuddypress-profilebuddypress-profile-statusprofilestatus
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is BP Profile Status Safe to Use in 2026?

Generally Safe

Score 85/100

BP Profile Status has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The 'bp-profile-status' plugin v1.5.1 exhibits a mixed security posture. On the positive side, the code demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively, and all identified output points are properly escaped. Furthermore, there is a complete absence of known vulnerabilities (CVEs) and no concerning taint analysis results were reported, indicating a clean history and a lack of exploitable data flow issues.

However, a significant concern arises from the plugin's attack surface. All three identified AJAX handlers lack authentication checks. This creates a substantial risk, as unauthenticated users could potentially interact with these endpoints, leading to unintended actions or information disclosure. While the absence of direct SQL injection or cross-site scripting vulnerabilities is commendable, the lack of proper authorization on these entry points is a critical oversight that needs immediate attention.

In conclusion, while the plugin benefits from a clean vulnerability history and secure handling of database queries and output, the presence of unprotected AJAX endpoints presents a serious security weakness. This aspect overshadows the otherwise positive coding practices and requires remediation to ensure the plugin's overall security.

Key Concerns

  • AJAX handlers without auth checks
  • Large attack surface without auth
Vulnerabilities
None known

BP Profile Status Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

BP Profile Status Release Timeline

v1.5.1Current
v1.5.0
v1.4.0
v1.3.0
v1.2
v1.1.1
v1.0.1
Code Analysis
Analyzed Mar 16, 2026

BP Profile Status Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
34 escaped
Nonce Checks
4
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped34 total outputs
Attack Surface
3 unprotected

BP Profile Status Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

authwp_ajax_bpps_delete_current_statusincludes\class-bp-profile-status.php:252
authwp_ajax_bpps_delete_statusincludes\class-bp-profile-status.php:253
authwp_ajax_bpps_set_current_statusincludes\class-bp-profile-status.php:254
WordPress Hooks 8
actionplugins_loadedincludes\class-bp-profile-status.php:147
actionwp_enqueue_scriptsincludes\class-bp-profile-status.php:162
actionwp_enqueue_scriptsincludes\class-bp-profile-status.php:163
actionbp_initincludes\class-bp-profile-status.php:172
actionbp_template_contentincludes\class-bp-profile-status.php:173
actionbp_before_member_header_metaincludes\class-bp-profile-status.php:174
actionbp_directory_members_itemincludes\class-bp-profile-status.php:175
filterbp_settings_admin_navincludes\class-bp-profile-status.php:177
Maintenance & Trust

BP Profile Status Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedJun 19, 2017
PHP min version
Downloads7K

Community Trust

Rating100/100
Number of ratings4
Active installs30
Developer Profile

BP Profile Status Developer Profile

Sanket Parmar

4 plugins · 170 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect BP Profile Status

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bp-profile-status/public/css/bp-profile-status-public.css/wp-content/plugins/bp-profile-status/public/js/bp-profile-status-public.js
Script Paths
/wp-content/plugins/bp-profile-status/public/js/bp-profile-status-public.js
Version Parameters
/wp-content/plugins/bp-profile-status/public/css/bp-profile-status-public.css?ver=/wp-content/plugins/bp-profile-status/public/js/bp-profile-status-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
bp-profile-status-user-status
JS Globals
bpps_ajax_object
FAQ

Frequently Asked Questions about BP Profile Status