WP-Safety

Wbcom Designs – BuddyPress Member Reviews Security & Risk Analysis

wordpress.org/plugins/bp-user-profile-reviews

The BuddyPress Member Reviews plugin enhances the BuddyPress community by empowering registered users to post reviews on other members' profiles.

300 active installs v3.6.0 PHP + WP 4.0+ Updated Jul 15, 2025
buddypressmembers
100
A · Safe
CVEs total1
Unpatched0
Last CVEApr 13, 2022
Plugin page Download
Safety Verdict

Is Wbcom Designs – BuddyPress Member Reviews Safe to Use in 2026?

Generally Safe

Score 100/100

Wbcom Designs – BuddyPress Member Reviews has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Apr 13, 2022Updated 10mo ago
Risk Assessment

The "bp-user-profile-reviews" v3.6.0 plugin exhibits a generally strong security posture based on the provided static analysis. The code demonstrates good practices by utilizing prepared statements for all SQL queries and a high percentage of proper output escaping. Crucially, all identified AJAX handlers and REST API routes appear to have appropriate authentication and permission checks, and no dangerous functions or file operations were detected. The absence of taint analysis findings further suggests a lack of readily apparent code execution vulnerabilities.

However, the plugin's vulnerability history presents a notable concern. A medium severity vulnerability was previously discovered, and although it is currently unpatched, the historical pattern of "Missing Authorization" is a recurring theme. This suggests that while the current version has implemented checks, past issues indicate a potential area for oversight in authorization logic. The presence of 7 AJAX handlers, while all reportedly having checks, still represents a significant attack surface, and any minor oversight in these checks could be exploited.

In conclusion, the "bp-user-profile-reviews" plugin has made significant strides in securing its codebase, particularly in its handling of database queries and output. The absence of critical issues in the current static analysis is encouraging. Nevertheless, the past medium severity vulnerability and the recurring pattern of authorization issues warrant careful consideration and ongoing vigilance to ensure that all entry points remain robustly protected against unauthorized access.

Key Concerns

  • Previously unpatched medium severity CVE
  • Historical vulnerability: Missing Authorization
  • 7 AJAX handlers, potential attack surface
  • Minor output escaping deficit (8% not escaped)
Vulnerabilities
1 published

Wbcom Designs – BuddyPress Member Reviews Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-user-profile-reviewsmedium · 6.3Missing Authorization

Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation

Apr 13, 2022 Patched in 2.7.0 (1057d)
Version History

Wbcom Designs – BuddyPress Member Reviews Release Timeline

v3.6.0Current
v3.5.0
v3.4.0
v3.3.1
v3.3.0
v3.2.0
v3.1.0
v3.0.0
v2.9.3
v2.9.0
v2.8.2
v2.8.1
v2.8.0
v2.7.0
v2.6.11 CVE
WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-user-profile-reviews
v2.6.01 CVE
WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-user-profile-reviews
v2.5.01 CVE
WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-user-profile-reviews
v2.4.11 CVE
WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-user-profile-reviews
v2.4.01 CVE
WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-user-profile-reviews
v2.3.01 CVE
WF-74d222b9-22e9-485d-8111-d3bee505b200-bp-user-profile-reviews
Code Analysis
Analyzed Mar 16, 2026

Wbcom Designs – BuddyPress Member Reviews Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
17 prepared
Unescaped Output
39
421 escaped
Nonce Checks
7
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared17 total queries

Output Escaping

92% escaped460 total outputs
Attack Surface

Wbcom Designs – BuddyPress Member Reviews Attack Surface

Entry Points9
Unprotected0

AJAX Handlers 7

authwp_ajax_wbcom_addons_cardsadmin\wbcom\wbcom-admin-settings.php:32
authwp_ajax_bupr_approve_reviewincludes\bupr-ajax.php:37
noprivwp_ajax_bupr_approve_reviewincludes\bupr-ajax.php:38
authwp_ajax_allow_bupr_member_review_updateincludes\bupr-ajax.php:40
noprivwp_ajax_allow_bupr_member_review_updateincludes\bupr-ajax.php:41
authwp_ajax_bupr_edit_reviewincludes\bupr-ajax.php:46
authwp_ajax_bupr_update_reviewincludes\bupr-ajax.php:47

Shortcodes 2

[wbcom_admin_setting_header] admin\wbcom\wbcom-admin-settings.php:28
[bupr_display_top_members] includes\bupr-shortcodes.php:30
WordPress Hooks 75
actionadmin_menuadmin\bupr-admin.php:41
actionadmin_menuadmin\bupr-admin.php:42
actionadmin_initadmin\bupr-admin.php:43
actionin_admin_headeradmin\bupr-admin.php:44
filterpre_update_option_bupr_admin_settingsadmin\bupr-admin.php:45
actiontransition_post_statusadmin\bupr-admin.php:46
actioninitadmin\bupr-admin.php:50
actioninitadmin\bupr-admin.php:51
actionadd_meta_boxesadmin\bupr-admin.php:52
actionadmin_initadmin\class-bupr-admin-feedback.php:70
actionadmin_initadmin\class-bupr-admin-feedback.php:71
actionadmin_noticesadmin\class-bupr-admin-feedback.php:142
actionadmin_menuadmin\wbcom\wbcom-admin-settings.php:29
actionadmin_enqueue_scriptsadmin\wbcom\wbcom-admin-settings.php:30
actionadmin_enqueue_scriptsadmin\wbcom\wbcom-admin-settings.php:31
actioninitbuddypress-member-review.php:32
actionadmin_noticesbuddypress-member-review.php:63
actionadmin_noticesbuddypress-member-review.php:70
actionadmin_noticesbuddypress-member-review.php:143
actionplugin_loadedbuddypress-member-review.php:181
actionadmin_noticesbuddypress-member-review.php:246
actionadmin_noticesbuddypress-member-review.php:260
actionadmin_noticesbuddypress-member-review.php:267
actionadmin_initbuddypress-member-review.php:270
actionadmin_noticesbuddypress-member-review.php:279
actionactivated_pluginbuddypress-member-review.php:310
actionadmin_initbuddypress-member-review.php:321
filterwp_insert_post_dataincludes\bupr-ajax.php:44
actionbp_setup_navincludes\bupr-filters.php:52
actionbp_before_member_in_header_metaincludes\bupr-filters.php:55
actionwpincludes\bupr-filters.php:56
actionbp_before_member_header_metaincludes\bupr-filters.php:58
actionyouzify_after_profile_header_user_metaincludes\bupr-filters.php:60
actionbp_setup_admin_barincludes\bupr-filters.php:61
actioninitincludes\bupr-filters.php:63
filterpost_row_actionsincludes\bupr-filters.php:64
filterbulk_actions-edit-reviewincludes\bupr-filters.php:65
actionbp_member_header_actionsincludes\bupr-filters.php:67
actionyouzify_after_profile_header_user_metaincludes\bupr-filters.php:68
actionbp_activity_after_saveincludes\bupr-filters.php:69
filterbp_get_activity_actionincludes\bupr-filters.php:70
filterbp_get_activity_user_linkincludes\bupr-filters.php:71
filterbp_get_activity_avatarincludes\bupr-filters.php:72
actioninitincludes\bupr-filters.php:80
actionbupr_after_member_review_listincludes\bupr-filters.php:81
filterbp_nouveau_get_nav_linkincludes\bupr-filters.php:84
actionbupr_member_review_after_review_insertincludes\bupr-filters.php:87
actionbp_get_activity_content_bodyincludes\bupr-filters.php:89
actionbp_member_members_list_itemincludes\bupr-filters.php:104
actionbp_directory_members_item_metaincludes\bupr-filters.php:111
actionbp_directory_members_itemincludes\bupr-filters.php:114
filtersite_urlincludes\bupr-filters.php:752
actionbp_template_contentincludes\bupr-filters.php:886
actionbp_template_contentincludes\bupr-filters.php:898
actionbp_template_contentincludes\bupr-filters.php:957
filtergamipress_activity_triggersincludes\bupr-general-functions.php:147
filtergamipress_trigger_get_user_idincludes\bupr-general-functions.php:164
actionbupr_member_review_after_review_insertincludes\bupr-general-functions.php:175
actionwpincludes\bupr-general-functions.php:310
filteryouzify_activity_new_post_actionincludes\bupr-general-functions.php:342
actionbefore_delete_postincludes\bupr-general-functions.php:396
actiontrashed_postincludes\bupr-general-functions.php:397
actionuntrashed_postincludes\bupr-general-functions.php:398
filterbp_notifications_get_registered_componentsincludes\bupr-notification.php:27
filterbp_notifications_get_notifications_for_userincludes\bupr-notification.php:31
actionbupr_sent_review_notificationincludes\bupr-notification.php:168
actionbp_actionsincludes\bupr-notification.php:170
actionwp_enqueue_scriptsincludes\bupr-scripts.php:33
actionwp_enqueue_scriptsincludes\bupr-scripts.php:34
actionadmin_enqueue_scriptsincludes\bupr-scripts.php:35
actionadmin_enqueue_scriptsincludes\bupr-scripts.php:36
actionbupr_member_review_formincludes\bupr-shortcodes.php:31
actioninitincludes\class-buprglobals.php:29
actionwidgets_initincludes\widgets\display-review.php:2
actionwidgets_initincludes\widgets\member-rating.php:2

Scheduled Events 2

bupr_cron_recalculate_user_reviews_batch
bupr_cron_recalculate_user_reviews_batch
Maintenance & Trust

Wbcom Designs – BuddyPress Member Reviews Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 15, 2025
PHP min version
Downloads37K

Community Trust

Rating94/100
Number of ratings18
Active installs300
Alternatives

Wbcom Designs – BuddyPress Member Reviews Alternatives

BP Profile Search

BP Profile Search

bp-profile-search

A
95

Member search and member directories for BuddyPress and the BuddyBoss Platform.

6K 3 CVEs
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

youzify

C
52

The best BuddyPress plugin for building online communities, user profile, social networks, and membership sites on WordPress with tons of features.

6K 1 unpatched
BuddyPress Members Only

BuddyPress Members Only

buddypress-members-only

A
99

BuddyPress Members Only restricts Your Buddypress and Wordpress to logged in/registered members.

1K 2 CVEs
RumbleTalk Live Group Chat – HTML5

RumbleTalk Live Group Chat – HTML5

rumbletalk-chat-a-chat-with-themes

A
96

Live group chat plugin for WordPress. Integrate it into your website in minutes. Create one or multiple rooms effortlessly.

800 3 CVEs
Wbcom Designs – Shortcodes & Elementor Widgets For BuddyPress

Wbcom Designs – Shortcodes & Elementor Widgets For BuddyPress

shortcodes-for-buddypress

A
100

This plugin generates shortcodes for Listing Activity Streams, Members, and Groups on any website post or page.

700 No CVEs
Developer Profile

Wbcom Designs – BuddyPress Member Reviews Developer Profile

wbcomdesigns

19 plugins · 10K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
807 days
View full developer profile
Detection Fingerprints

How We Detect Wbcom Designs – BuddyPress Member Reviews

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bp-user-profile-reviews/admin/css/bp-member-review-admin.css/wp-content/plugins/bp-user-profile-reviews/admin/js/bp-member-review-admin.js/wp-content/plugins/bp-user-profile-reviews/css/bp-user-profile-reviews.css/wp-content/plugins/bp-user-profile-reviews/js/bp-user-profile-reviews.js
Script Paths
/wp-content/plugins/bp-user-profile-reviews/admin/js/bp-member-review-admin.js/wp-content/plugins/bp-user-profile-reviews/js/bp-user-profile-reviews.js
Version Parameters
bp-user-profile-reviews/admin/css/bp-member-review-admin.css?ver=bp-user-profile-reviews/admin/js/bp-member-review-admin.js?ver=bp-user-profile-reviews/css/bp-user-profile-reviews.css?ver=bp-user-profile-reviews/js/bp-user-profile-reviews.js?ver=

HTML / DOM Fingerprints

CSS Classes
bp-member-reviews-wrapperbp-member-reviews-single-reviewbp-member-reviews-rating-formbp-member-reviews-review-listbupr-admin-settings
Data Attributes
data-bp-member-review-iddata-bp-member-review-nonce
JS Globals
bp_member_reviews_ajax_object
Shortcode Output
[bp_member_reviews][bp_member_rating_form]
FAQ

Frequently Asked Questions about Wbcom Designs – BuddyPress Member Reviews