WP-Safety

BP xProfile WordPress User Sync Security & Risk Analysis

wordpress.org/plugins/bp-xprofile-wp-user-sync

Replaces the default BuddyPress xProfile Name field with First Name and Last Name fields and keeps these in sync with WordPress user profile fields.

40 active installs v0.6.7 PHP + WP 3.5+ Updated May 12, 2021
buddypressprofilesyncxprofile
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is BP xProfile WordPress User Sync Safe to Use in 2026?

Generally Safe

Score 85/100

BP xProfile WordPress User Sync has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "bp-xprofile-wp-user-sync" plugin version 0.6.7 exhibits a generally strong security posture based on the provided static analysis. The absence of vulnerabilities in its history and the secure coding practices observed, such as 100% use of prepared statements for SQL queries and robust nonce and capability checks (3 and 4 respectively), are commendable. Furthermore, the plugin demonstrates a small attack surface with no unprotected entry points and no identified taint flows, which significantly reduces the immediate risk. However, a minor concern arises from the output escaping; only 50% of the identified outputs are properly escaped, suggesting a potential for cross-site scripting (XSS) vulnerabilities if sensitive data is outputted without sanitization. Despite this, the overall lack of critical findings, coupled with a clean vulnerability history, indicates a well-maintained and relatively secure plugin.

Key Concerns

  • 50% of outputs are not properly escaped
Vulnerabilities
None known

BP xProfile WordPress User Sync Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

BP xProfile WordPress User Sync Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
6 prepared
Unescaped Output
1
1 escaped
Nonce Checks
3
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared6 total queries

Output Escaping

50% escaped2 total outputs
Attack Surface

BP xProfile WordPress User Sync Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_bpxpwp_process_filtersbp-xprofile-wp-user-sync-migrate.php:123
authwp_ajax_bpxpwp_process_settingsbp-xprofile-wp-user-sync-migrate.php:124
WordPress Hooks 22
actionadmin_noticesbp-xprofile-wp-user-sync-migrate.php:114
actionadmin_menubp-xprofile-wp-user-sync-migrate.php:117
actionadd_meta_boxesbp-xprofile-wp-user-sync-migrate.php:120
actionbp_initbp-xprofile-wp-user-sync.php:67
actionplugins_loadedbp-xprofile-wp-user-sync.php:70
filterplugin_auto_update_setting_htmlbp-xprofile-wp-user-sync.php:73
filterbp_after_has_profile_parse_argsbp-xprofile-wp-user-sync.php:330
filterbp_has_profilebp-xprofile-wp-user-sync.php:336
filterbp_xprofile_get_groupsbp-xprofile-wp-user-sync.php:341
actionuser_registerbp-xprofile-wp-user-sync.php:344
actionprofile_updatebp-xprofile-wp-user-sync.php:345
actionxprofile_updated_profilebp-xprofile-wp-user-sync.php:348
actionbp_core_signup_userbp-xprofile-wp-user-sync.php:349
actionbp_core_activated_userbp-xprofile-wp-user-sync.php:350
filterwpfb_xprofile_fields_receivedbp-xprofile-wp-user-sync.php:353
actionwoocommerce_save_account_detailsbp-xprofile-wp-user-sync.php:356
filterbp_has_profilebp-xprofile-wp-user-sync.php:580
actionxprofile_updated_profilebp-xprofile-wp-user-sync.php:695
actionbp_core_signup_userbp-xprofile-wp-user-sync.php:696
actionbp_core_activated_userbp-xprofile-wp-user-sync.php:697
actionuser_registerbp-xprofile-wp-user-sync.php:931
actionprofile_updatebp-xprofile-wp-user-sync.php:932
Maintenance & Trust

BP xProfile WordPress User Sync Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15
Last updatedMay 12, 2021
PHP min version
Downloads15K

Community Trust

Rating96/100
Number of ratings9
Active installs40
Alternatives

BP xProfile WordPress User Sync Alternatives

BuddyPress Xprofile Custom Field Types

BuddyPress Xprofile Custom Field Types

bp-xprofile-custom-field-types

A
97

Buddypress Xprofile Custom Field Types adds extra custom profile fields to BuddyPress. Field types are: Birthdate, Email, Url etc.

4K 1 CVE
JSON API User

JSON API User

json-api-user

A
97

Extends the JSON API Plugin to allow RESTful user registration, authentication & many other User Meta, BP functions. A Pro version is also available.

1K 1 CVE
CiviCRM Profile Sync

CiviCRM Profile Sync

civicrm-wp-profile-sync

A
100

Keeps a WordPress User profile in sync with a CiviCRM Contact and integrates WordPress and CiviCRM Entities when using Advanced Custom Fields.

500 No CVEs
BuddyPress XProfile Custom Image Field

BuddyPress XProfile Custom Image Field

buddypress-xprofile-image-field

A
95

With the BPXPIF plugin you can add XProfile fields of type Image without writing any custom code.

300 1 CVE
BuddyPress to WordPress Full Sync

BuddyPress to WordPress Full Sync

bp2wp-full-sync

A
85

BuddyPress to WordPress Full Sync lets BuddyPress xProfile fields to synchronize with WordPress user fields

200 No CVEs
Developer Profile

BP xProfile WordPress User Sync Developer Profile

Christian Wach

8 plugins · 2K total installs

90
trust score
Avg Security Score
94/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect BP xProfile WordPress User Sync

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about BP xProfile WordPress User Sync