Does BP Member Reviews have any unpatched vulnerabilities?

No. All known vulnerabilities in BP Member Reviews have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BP Member Reviews compatible with WordPress 4.9.29?

According to WordPress.org data, BP Member Reviews 1.2.6 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is BP Member Reviews updated?

BP Member Reviews was last updated on May 11, 2018. Frequent updates are generally a positive security signal.

What is BP Member Reviews's security score?

BP Member Reviews has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BP Member Reviews Security & Risk Analysis

wordpress.org/plugins/bp-user-reviews

Add to your BuddyPress community the ability to provide reviews and star ratings for the members.

20 active installs v1.2.6 PHP + WP 4.0+ Updated May 11, 2018

bbpressbpbuddypressratingratings

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BP Member Reviews Safe to Use in 2026?

Generally Safe

Score 85/100

BP Member Reviews has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "bp-user-reviews" plugin v1.2.6 exhibits a generally strong security posture based on the provided static analysis. The absence of critical taint flows, raw SQL queries, and a significant number of properly escaped outputs are positive indicators. Furthermore, the plugin demonstrates good practice by implementing nonce checks and capability checks on its AJAX handlers, which represent its entire identified attack surface. The lack of any recorded vulnerabilities or CVEs further bolsters this positive assessment, suggesting a well-maintained and secure codebase. However, the relatively low percentage of properly escaped outputs (46%) does present a potential area of concern. While no specific vulnerabilities are directly indicated by this, it suggests that cross-site scripting (XSS) could be a theoretical risk if sensitive data is handled within the unescaped outputs. Therefore, while the plugin appears secure in its current state, ongoing vigilance regarding output escaping is recommended.

Key Concerns

Low percentage of properly escaped outputs

Vulnerabilities

None known

BP Member Reviews Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

BP Member Reviews Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

39 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

46% escaped85 total outputs

Attack Surface

BP Member Reviews Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_bp_user_reviewbp-user-reviews.php:65

noprivwp_ajax_bp_user_reviewbp-user-reviews.php:67

WordPress Hooks 29

actioninitbp-user-reviews.php:54

actioninitbp-user-reviews.php:55

actionbp_setup_navbp-user-reviews.php:61

actionbp_enqueue_scriptsbp-user-reviews.php:62

actionwp_enqueue_scriptsbp-user-reviews.php:63

actionwp_headbp-user-reviews.php:64

actionbp_profile_header_metabp-user-reviews.php:71

actionbp_directory_members_actionsbp-user-reviews.php:73

actionbbp_theme_after_reply_author_detailsbp-user-reviews.php:75

actionadmin_menubp-user-reviews.php:80

actionadmin_enqueue_scriptsbp-user-reviews.php:81

actionadd_meta_boxesbp-user-reviews.php:82

actionsave_postbp-user-reviews.php:83

actionadmin_footer-edit.phpbp-user-reviews.php:84

actionadmin_footer-post.phpbp-user-reviews.php:85

actionadmin_footer-post-new.phpbp-user-reviews.php:86

actionmanage_posts_custom_columnbp-user-reviews.php:87

filterpost_row_actionsbp-user-reviews.php:88

actionpost_submitbox_minor_actionsbp-user-reviews.php:89

actionpost_action_spambp-user-reviews.php:90

actionpost_action_unspambp-user-reviews.php:91

actionpost_action_unpublishbp-user-reviews.php:92

actionpost_action_publishbp-user-reviews.php:93

filterdisplay_post_statesbp-user-reviews.php:96

actionpost_action_publishbp-user-reviews.php:98

actionadmin_initbp-user-reviews.php:99

actionsave_postbp-user-reviews.php:456

actionbp_template_contentbp-user-reviews.php:718

actionplugins_loadedbp-user-reviews.php:914

Maintenance & Trust

BP Member Reviews Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedMay 11, 2018

PHP min version

Downloads6K

Community Trust

Rating92/100

Number of ratings12

Active installs20

Alternatives

BP Member Reviews Alternatives

CBX User Online & Last Login

cbxuseronline

100

Shows online users based on cookie for guest and session for registered user. It also records the last login of user.

900 No CVEs

WP Notification Bell

wp-notification-bell

On-site bell notifications. Display notifications custom or triggered (new posts/cpts, WooCommerce order updates, new comment replies, bbPress...)

800 1 CVE

bbPress Login Register Links On Forum Topic Pages

bbpress-login-register-links-on-forum-topic-pages

100

Add bbPress only sidebar, Add bbpress login link, bbpress register link, forget password link, log out link in bbpress forum index pages or bbpress si …

700 1 CVE

bbPress Voting

bbp-voting

100

Let visitors vote up and down on bbPress topics and replies just like Reddit or Stack Overflow!

500 1 CVE

bbPress Messages

bbp-messages

bbPress Messages - Simple yet powerful private messaging system tailored for bbPress.

100 No CVEs

Developer Profile

BP Member Reviews Developer Profile

wordplus

2 plugins · 10K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

357 days

View full developer profile

Detection Fingerprints

How We Detect BP Member Reviews

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bp-user-reviews/css/bp-user-reviews.css/wp-content/plugins/bp-user-reviews/css/bp-user-reviews-admin.css/wp-content/plugins/bp-user-reviews/js/bp-user-reviews.js/wp-content/plugins/bp-user-reviews/js/bp-user-reviews-admin.js

Script Paths

/wp-content/plugins/bp-user-reviews/js/bp-user-reviews.js/wp-content/plugins/bp-user-reviews/js/bp-user-reviews-admin.js

Version Parameters

bp-user-reviews/css/bp-user-reviews.css?ver=bp-user-reviews/css/bp-user-reviews-admin.css?ver=bp-user-reviews/js/bp-user-reviews.js?ver=bp-user-reviews/js/bp-user-reviews-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

bp-user-reviewsbp-user-reviews-adminbp-user-reviews-rating-starsbp-user-reviews-review-itembp-user-reviews-admin-column

Data Attributes

data-averagedata-stars

JS Globals

bp_user_reviews_ajax_urlbp_user_reviews_settings

FAQ