Does Restrictions for BuddyPress have any unpatched vulnerabilities?

No. All known vulnerabilities in Restrictions for BuddyPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Restrictions for BuddyPress compatible with WordPress 6.9.4?

According to WordPress.org data, Restrictions for BuddyPress 1.5.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Restrictions for BuddyPress compatible with PHP 7.4+?

Restrictions for BuddyPress requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Restrictions for BuddyPress updated?

Restrictions for BuddyPress was last updated on Feb 24, 2026. Frequent updates are generally a positive security signal.

What is Restrictions for BuddyPress's security score?

Restrictions for BuddyPress has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Restrictions for BuddyPress Security & Risk Analysis

wordpress.org/plugins/bp-restrict

Restrict BuddyPress profiles, groups, activity, and messages by login status, membership level, or profile field.

400 active installs v1.5.3 PHP 7.4+ WP 5.0+ Updated Feb 24, 2026

access-controlbuddypressmembershippmprorestrict-content

A · Safe

CVEs total1

Unpatched0

Last CVENov 17, 2025

Plugin page Download

Safety Verdict

Is Restrictions for BuddyPress Safe to Use in 2026?

Generally Safe

Score 99/100

Restrictions for BuddyPress has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 17, 2025Updated 1mo ago

Risk Assessment

The "bp-restrict" v1.5.3 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices with 100% of its SQL queries using prepared statements and a high percentage of output escaping (86%). The presence of 18 nonce checks and 12 capability checks also indicates an awareness of security fundamentals. However, there are notable areas of concern.

The static analysis reveals an attack surface of 15 entry points, with one AJAX handler identified as lacking authentication checks. While the taint analysis shows no critical or high severity flows, the presence of 4 flows with unsanitized paths warrants attention, suggesting potential for unexpected behavior or vulnerabilities if not properly handled. The plugin's vulnerability history shows one medium-severity CVE in the past, which has since been patched, but this pattern of past vulnerabilities, even if resolved, suggests the code may have had past weaknesses.

Overall, while the plugin has strengths in its implementation of secure coding practices for SQL and output, the unprotected AJAX handler and the unsanitized paths in taint flows present tangible risks. The history of a medium vulnerability, though resolved, should not be entirely discounted. A balanced conclusion would be that "bp-restrict" v1.5.3 has a decent foundation but requires careful review of its unprotected entry points and taint flows to ensure it doesn't introduce new risks.

Key Concerns

Unprotected AJAX handler
Flows with unsanitized paths
Past medium vulnerability

Vulnerabilities

Restrictions for BuddyPress Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-12391medium · 5.3Missing Authorization

Restrictions for BuddyPress <= 1.5.2 - Missing Authorization to Unauthenticated Tracking Status Update

Nov 17, 2025 Patched in 1.5.3 (109d)

Code Analysis

Analyzed Mar 16, 2026

Restrictions for BuddyPress Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

326

2035 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared7 total queries

Output Escaping

86% escaped2361 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

8 flows4 with unsanitized paths

save_scheme (includes\options\inc\extensions\color_scheme\class-redux-extension-color-scheme.php:594)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Restrictions for BuddyPress Attack Surface

Entry Points15

Unprotected1

AJAX Handlers 7

authwp_ajax_redux_hide_admin_noticeincludes\options\inc\classes\class-redux-admin-notices.php:47

authwp_ajax_redux_update_google_fontsincludes\options\inc\classes\class-redux-ajax-typography.php:26

authwp_ajax_redux_color_schemesincludes\options\inc\extensions\color_scheme\class-redux-extension-color-scheme.php:78

authwp_ajax_redux_custom_fontsincludes\options\inc\extensions\custom_fonts\class-redux-extension-custom-fonts.php:141

authwp_ajax_redux_custom_font_timerincludes\options\inc\extensions\custom_fonts\class-redux-extension-custom-fonts.php:142

authwp_ajax_redux_get_iconsincludes\options\inc\extensions\icon_select\class-redux-extension-icon-select.php:50

authwp_ajax_redux_delete_widget_areaincludes\options\inc\extensions\widget_areas\class-redux-extension-widget-areas.php:54

Shortcodes 8

[bp_restrict_pmpro_access] admin\class-bp-restrict-pmpro.php:46

[bloginfo] includes\options\inc\extensions\shortcodes\class-redux-shortcodes.php:69

[redux_bloginfo] includes\options\inc\extensions\shortcodes\class-redux-shortcodes.php:71

[themeinfo] includes\options\inc\extensions\shortcodes\class-redux-shortcodes.php:75

[redux_themeinfo] includes\options\inc\extensions\shortcodes\class-redux-shortcodes.php:77

[date] includes\options\inc\extensions\shortcodes\class-redux-shortcodes.php:81

[redux_date] includes\options\inc\extensions\shortcodes\class-redux-shortcodes.php:83

[social_profiles] includes\options\inc\extensions\social_profiles\social_profiles\inc\class-redux-social-profiles-shortcode.php:43

WordPress Hooks 94

actiontemplate_redirectadmin\class-bp-restrict-admin.php:77

actionafter_setup_themeadmin\class-bp-restrict-admin.php:81

actionplugins_loadedadmin\class-bp-restrict-admin.php:83

actionwpadmin\class-bp-restrict-pmpro.php:43

actiontemplate_redirectadmin\class-bp-restrict-pmpro.php:44

filterredux/options/bp_restrict_opt/sectionsadmin\class-bp-restrict-pmpro.php:50

filterpmpro_has_membership_leveladmin\class-bp-restrict-pmpro.php:56

filterpmpro_has_membership_access_filteradmin\class-bp-restrict-pmpro.php:57

filterpmpro_get_membership_levels_for_useradmin\class-bp-restrict-pmpro.php:58

filterpmpro_get_membership_level_for_useradmin\class-bp-restrict-pmpro.php:59

actionbp_actionsadmin\class-bp-restrict-pmpro.php:264

actiontemplate_noticesadmin\class-bp-restrict-pmpro.php:288

actionplugins_loadedincludes\class-bp-restrict-i18n.php:68

actionplugins_loadedincludes\options\class-redux-core.php:222

filterdebug_informationincludes\options\class-redux-core.php:350

actionadmin_noticesincludes\options\inc\classes\class-redux-admin-notices.php:48

actionadmin_initincludes\options\inc\classes\class-redux-admin-notices.php:49

actionafter_setup_themeincludes\options\inc\classes\class-redux-api.php:123

actioninitincludes\options\inc\classes\class-redux-api.php:124

actionswitch_themeincludes\options\inc\classes\class-redux-api.php:125

actionplugins_loadedincludes\options\inc\classes\class-redux-api.php:181

actionReduxFrameworkPlugin_admin_noticeincludes\options\inc\classes\class-redux-api.php:1743

actionredux_framework_plugin_admin_noticeincludes\options\inc\classes\class-redux-api.php:1744

actionadmin_enqueue_scriptsincludes\options\inc\classes\class-redux-enqueue.php:58

actionwp_enqueue_scriptsincludes\options\inc\classes\class-redux-enqueue.php:61

filterredux/fieldsincludes\options\inc\classes\class-redux-extension-abstract.php:169

actionwp_headincludes\options\inc\classes\class-redux-functions-ex.php:216

actioninitincludes\options\inc\classes\class-redux-i18n.php:26

actionredux/constructincludes\options\inc\classes\class-redux-instances.php:75

actionadmin_initincludes\options\inc\classes\class-redux-options-constructor.php:63

actionwp_headincludes\options\inc\classes\class-redux-output.php:31

actionwp_enqueue_scriptsincludes\options\inc\classes\class-redux-output.php:32

actionlogin_headincludes\options\inc\classes\class-redux-output.php:37

actionlogin_enqueue_scriptsincludes\options\inc\classes\class-redux-output.php:38

actionadmin_headincludes\options\inc\classes\class-redux-output.php:43

actionadmin_enqueue_scriptsincludes\options\inc\classes\class-redux-output.php:44

filterstyle_loader_tagincludes\options\inc\classes\class-redux-output.php:185

filterwp_resource_hintsincludes\options\inc\classes\class-redux-output.php:186

actionadmin_menuincludes\options\inc\classes\class-redux-page-render.php:49

actionnetwork_admin_menuincludes\options\inc\classes\class-redux-page-render.php:53

actionadmin_headincludes\options\inc\classes\class-redux-page-render.php:142

filteradmin_footer_textincludes\options\inc\classes\class-redux-page-render.php:145

filterdeprecated_file_trigger_errorincludes\options\inc\classes\class-redux-panel.php:317

actioncustomize_registerincludes\options\inc\extensions\customizer\class-redux-extension-customizer.php:142

actionwp_headincludes\options\inc\extensions\customizer\class-redux-extension-customizer.php:143

actioncustomize_save_afterincludes\options\inc\extensions\customizer\class-redux-extension-customizer.php:145

actioncustomize_controls_print_scriptsincludes\options\inc\extensions\customizer\class-redux-extension-customizer.php:148

actioncustomize_controls_initincludes\options\inc\extensions\customizer\class-redux-extension-customizer.php:149

actionwp_enqueue_stylesincludes\options\inc\extensions\customizer\class-redux-extension-customizer.php:150

actionredux/extension/customizer/control_initincludes\options\inc\extensions\customizer\class-redux-extension-customizer.php:152

actioncustomize_controls_print_stylesincludes\options\inc\extensions\customizer\class-redux-extension-customizer.php:155

filterupload_mimesincludes\options\inc\extensions\custom_fonts\class-redux-extension-custom-fonts.php:154

actionwp_headincludes\options\inc\extensions\custom_fonts\class-redux-extension-custom-fonts.php:155

filtertiny_mce_before_initincludes\options\inc\extensions\custom_fonts\class-redux-extension-custom-fonts.php:156

actionadmin_footerincludes\options\inc\extensions\icon_select\icon_select\class-redux-icon-select.php:388

actioncustomize_controls_print_footer_scriptsincludes\options\inc\extensions\icon_select\icon_select\class-redux-icon-select.php:389

filterupload_mimesincludes\options\inc\extensions\import_export\class-redux-extension-import-export.php:63

actionsave_postincludes\options\inc\extensions\metaboxes\class-redux-extension-metaboxes.php:198

actionpre_post_updateincludes\options\inc\extensions\metaboxes\class-redux-extension-metaboxes.php:199

actionadmin_noticesincludes\options\inc\extensions\metaboxes\class-redux-extension-metaboxes.php:200

actionadmin_enqueue_scriptsincludes\options\inc\extensions\metaboxes\class-redux-extension-metaboxes.php:201

actionthe_postincludes\options\inc\extensions\metaboxes\class-redux-extension-metaboxes.php:204

actionloop_endincludes\options\inc\extensions\metaboxes\class-redux-extension-metaboxes.php:205

actioninitincludes\options\inc\extensions\metaboxes\class-redux-metaboxes-api.php:89

actionadmin_enqueue_scriptsincludes\options\inc\extensions\metaboxes\class-redux-metaboxes-api.php:129

actionwp_enqueue_scriptsincludes\options\inc\extensions\social_profiles\class-redux-extension-social-profiles.php:115

filterredux/metaboxes/save/before_validateincludes\options\inc\extensions\social_profiles\class-redux-extension-social-profiles.php:119

actionwidgets_initincludes\options\inc\extensions\social_profiles\social_profiles\inc\class-redux-social-profiles-widget.php:53

actionadmin_noticesincludes\options\inc\extensions\taxonomy\class-redux-extension-taxonomy.php:162

actionadmin_enqueue_scriptsincludes\options\inc\extensions\taxonomy\class-redux-extension-taxonomy.php:163

actioninitincludes\options\inc\extensions\taxonomy\class-redux-taxonomy-api.php:77

actioncreate_termincludes\options\inc\extensions\taxonomy\redux-taxonomy-helpers.php:29

actionadmin_noticesincludes\options\inc\extensions\users\class-redux-extension-users.php:155

actionadmin_enqueue_scriptsincludes\options\inc\extensions\users\class-redux-extension-users.php:156

actionpersonal_options_updateincludes\options\inc\extensions\users\class-redux-extension-users.php:161

actionedit_user_profile_updateincludes\options\inc\extensions\users\class-redux-extension-users.php:162

actionshow_user_profileincludes\options\inc\extensions\users\class-redux-extension-users.php:315

actionedit_user_profileincludes\options\inc\extensions\users\class-redux-extension-users.php:316

actionuser_new_formincludes\options\inc\extensions\users\class-redux-extension-users.php:317

actioninitincludes\options\inc\extensions\users\class-redux-users-api.php:77

actioncreate_termincludes\options\inc\extensions\users\redux-users-helpers.php:29

actioninitincludes\options\inc\extensions\widget_areas\class-redux-widget-areas.php:72

actionadmin_print_scriptsincludes\options\inc\extensions\widget_areas\class-redux-widget-areas.php:76

actionload-widgets.phpincludes\options\inc\extensions\widget_areas\class-redux-widget-areas.php:78

actionload-widgets.phpincludes\options\inc\extensions\widget_areas\class-redux-widget-areas.php:79

actionadmin_enqueue_scriptsincludes\options\inc\themecheck\class-redux-themecheck.php:71

actionadmin_enqueue_scriptsincludes\options\inc\themecheck\class-redux-themecheck.php:72

actionthemecheck_checks_loadedincludes\options\inc\themecheck\class-redux-themecheck.php:74

actionthemecheck_checks_loadedincludes\options\inc\themecheck\class-redux-themecheck.php:75

actioninitincludes\options\inc\validation\unique_slug\class-redux-validation-unique-slug.php:82

actioninitincludes\options\inc\welcome\class-redux-welcome.php:49

actionadmin_menuincludes\options\inc\welcome\class-redux-welcome.php:61

filteradmin_footer_textincludes\options\inc\welcome\class-redux-welcome.php:67

actionadmin_headincludes\options\inc\welcome\class-redux-welcome.php:68

Maintenance & Trust

Restrictions for BuddyPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 24, 2026

PHP min version7.4

Downloads18K

Community Trust

Rating100/100

Number of ratings4

Active installs400

Alternatives

Restrictions for BuddyPress Alternatives

BP Custom Functionalities

bp-custom-functionalities

BP Custom Functionalities provides custom functionalities that regular BuddyPress users requires.

10 No CVEs

Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More

content-control

Restrict content based on login status, user roles, device type & more. Monetize your content with a paywall or members-only content.

40K 4 CVEs

Groups

groups

Groups is an efficient and powerful solution, providing group-based user membership management, group-based capabilities and content access control.

10K 2 CVEs

Restrict User Access – Ultimate Membership & Content Protection

restrict-user-access

Create Access Levels and restrict any post, page, category, etc. Supports bbPress, BuddyPress, WooCommerce, WPML, and more.

10K 2 CVEs

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

youzify

The best BuddyPress plugin for building online communities, user profile, social networks, and membership sites on WordPress with tons of features.

6K 1 unpatched

Developer Profile

Restrictions for BuddyPress Developer Profile

SeventhQueen

3 plugins · 1K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

109 days

View full developer profile

Detection Fingerprints

How We Detect Restrictions for BuddyPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bp-restrict/assets/css/main-admin.css/wp-content/plugins/bp-restrict/assets/js/main-admin.js

Script Paths

/wp-content/plugins/bp-restrict/assets/js/main-admin.js

Version Parameters

bp-restrict/assets/css/main-admin.css?ver=bp-restrict/assets/js/main-admin.js?ver=

HTML / DOM Fingerprints

FAQ