WP-Safety

Bravo WP security Plugin Security & Risk Analysis

wordpress.org/plugins/bravo-security

Bravo WP Security Plugin, Is a plugin helps you to hide wordpress side by side Bravo wordpress firewall, wordpress antivirus (wordpress malware scanne …

10 active installs v1.1 PHP + WP 4.7+ Updated Dec 11, 2017
best-wordpress-security-pluginwordpress-malware-removalwordpress-securitywordpress-vulnerability-scannerwp-security
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Bravo WP security Plugin Safe to Use in 2026?

Generally Safe

Score 85/100

Bravo WP security Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The 'bravo-security' plugin v1.1 exhibits a mixed security posture. On the positive side, it has no known vulnerabilities (CVEs) and demonstrates a commitment to security by including a significant number of nonce and capability checks. The presence of 70 nonce checks and 26 capability checks suggests that the developers are aware of and attempting to implement fundamental WordPress security practices. However, there are notable areas of concern stemming from the static analysis. The plugin exposes 32 AJAX handlers, with a significant portion (2) lacking authentication checks. This is a critical oversight that could allow unauthenticated users to trigger potentially sensitive actions. Furthermore, the taint analysis reveals 17 flows with unsanitized paths, two of which are of high severity. This indicates potential for path traversal or other file-system related vulnerabilities if these flows are not properly handled. While the plugin doesn't directly use raw SQL without prepared statements, the high percentage of unsanitized paths is a substantial risk. The lack of any historical vulnerabilities could indicate diligent development or simply a lack of past scrutiny, but the current findings necessitate careful attention.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
  • Unsanitized path flows
Vulnerabilities
None known

Bravo WP security Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Bravo WP security Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
79
23 prepared
Unescaped Output
277
675 escaped
Nonce Checks
70
Capability Checks
26
File Operations
46
External Requests
3
Bundled Libraries
0

SQL Query Safety

23% prepared102 total queries

Output Escaping

71% escaped952 total outputs
Data Flows
17 unsanitized

Data Flow Analysis

25 flows17 with unsanitized paths
re_login (hooks\2fa_actions\tebravo.login.php:193)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Bravo WP security Plugin Attack Surface

Entry Points32
Unprotected2

AJAX Handlers 32

authwp_ajax_ajax_load_dirhooks\tebravo.antivirus.php:36
authwp_ajax_scan_fileshooks\tebravo.antivirus.php:37
authwp_ajax_scan_files_stophooks\tebravo.antivirus.php:38
authwp_ajax_scan_files_resumehooks\tebravo.antivirus.php:39
authwp_ajax_scan_files_startoverhooks\tebravo.antivirus.php:40
authwp_ajax_scan_files_infected_resultshooks\tebravo.antivirus.php:41
authwp_ajax_spamlist_checkerhooks\tebravo.antivirus.php:42
authwp_ajax_dbscan_checkerhooks\tebravo.antivirus.php:43
authwp_ajax_filechange_checkerhooks\tebravo.antivirus.php:44
authwp_ajax_remove_blockedhooks\tebravo.firewall.php:145
authwp_ajax_whitelist_blockedhooks\tebravo.firewall.php:146
authwp_ajax_tebravo_online_monitorhooks\tebravo.traffic.php:44
authwp_ajax_tebravo_online_table_updatehooks\tebravo.traffic.php:45
authwp_ajax_list_online_detailshooks\tebravo.traffic.php:46
authwp_ajax_firewall_traffic_actionshooks\tebravo.traffic.php:47
authwp_ajax_adminsonline_updatehooks\tebravo.traffic.php:48
authwp_ajax_tebravo_backup_htaccess_fileincludes\tebravo.core.php:21
authwp_ajax_tebravo_get_new_inline_prefixincludes\tebravo.core.php:316
authwp_ajax_tebravo_fix_db_dir_permsincludes\tebravo.core.php:342
authwp_ajax_tebravo_fix_config_file_permsincludes\tebravo.core.php:402
authwp_ajax_tebravo_auth_keys_updateincludes\tebravo.core.php:461
authwp_ajax_tebravo_editor_changeincludes\tebravo.core.php:507
authwp_ajax_tebravo_errors_debug_enable_disableincludes\tebravo.core.php:549
authwp_ajax_tebravo_wordpress_auto_updatesincludes\tebravo.core.php:591
authwp_ajax_tebravo_wpconfig_change_permissionsincludes\tebravo.core.php:633
authwp_ajax_tebravo_themes_auto_updatesincludes\tebravo.core.php:675
authwp_ajax_tebravo_plugins_auto_updatesincludes\tebravo.core.php:710
authwp_ajax_tebravo_notify_config_permsincludes\tebravo.core.php:747
authwp_ajax_tebravo_idle_action_frontendincludes\tebravo.core.php:814
authwp_ajax_tebravo_idle_logout_in_adminincludes\tebravo.core.php:869
authwp_ajax_tebravo_send_new_auth_codeincludes\tebravo.core.php:886
authwp_ajax_tebravo_contact_supportincludes\tebravo.core.php:1076
WordPress Hooks 120
actionplugins_loadedbravo-security.php:57
actionshow_user_profilehooks\2fa_actions\2fa.php:6
actionedit_user_profilehooks\2fa_actions\2fa.php:7
actionpersonal_options_updatehooks\2fa_actions\2fa.php:9
actionedit_user_profile_updatehooks\2fa_actions\2fa.php:10
actionshow_user_profilehooks\2fa_actions\fb.php:14
actionpersonal_options_updatehooks\2fa_actions\fb.php:17
actionshow_user_profilehooks\2fa_actions\pin.php:7
actionpersonal_options_updatehooks\2fa_actions\pin.php:10
actionshow_user_profilehooks\2fa_actions\q.php:7
actionpersonal_options_updatehooks\2fa_actions\q.php:10
actionset_logged_in_cookiehooks\2fa_actions\tebravo.login.php:42
actionwp_loginhooks\2fa_actions\tebravo.login.php:43
actionlogin_form_bravo_fahooks\2fa_actions\tebravo.login.php:44
actionlogin_form_new_2fahooks\2fa_actions\tebravo.login.php:45
filterwp_mail_content_typehooks\2fa_actions\tebravo.login.php:531
actionadmin_inithooks\tebravo.antivirus.php:24
actionmedia_buttonshooks\tebravo.antivirus.php:45
actioninithooks\tebravo.bforce.php:55
actionwp_loginhooks\tebravo.bforce.php:58
filtergettexthooks\tebravo.bforce.php:67
filterngettexthooks\tebravo.bforce.php:68
filtergettexthooks\tebravo.bforce.php:72
filterngettexthooks\tebravo.bforce.php:73
actionuser_profile_update_errorshooks\tebravo.bforce.php:80
filterlogin_messagehooks\tebravo.bforce.php:84
filterauthenticatehooks\tebravo.bforce.php:85
filterauthenticatehooks\tebravo.bforce.php:86
filteruser_row_actionshooks\tebravo.bforce.php:94
filtermanage_users_columnshooks\tebravo.bforce.php:95
filtermanage_users_custom_columnhooks\tebravo.bforce.php:96
actionuser_registerhooks\tebravo.bforce.php:97
actionload-users.phphooks\tebravo.bforce.php:98
actioninithooks\tebravo.bforce.php:99
actionadmin_inithooks\tebravo.bforce.php:100
actionlogin_headhooks\tebravo.bforce.php:101
actionauthenticatehooks\tebravo.bforce.php:107
actioninithooks\tebravo.bforce.php:405
actioninithooks\tebravo.cronjobs.php:42
actionadmin_inithooks\tebravo.cronjobs.php:43
filtercron_scheduleshooks\tebravo.cronjobs.php:46
filtercron_scheduleshooks\tebravo.cronjobs.php:56
actioninithooks\tebravo.errorpages.php:39
actiontemplate_redirecthooks\tebravo.errorpages.php:46
actioninithooks\tebravo.firewall.php:100
actioninithooks\tebravo.firewall.php:105
actioninithooks\tebravo.firewall.php:115
actionadmin_inithooks\tebravo.firewall.php:116
actionwp_headhooks\tebravo.firewall.php:121
actiontebravo_errorpages_404hooks\tebravo.firewall.php:122
actionwp_footerhooks\tebravo.firewall.php:123
actionpre_pinghooks\tebravo.firewall.php:124
filterxmlrpc_enabledhooks\tebravo.firewall.php:127
actionwp_headhooks\tebravo.firewall.php:129
actionwp_headhooks\tebravo.firewall.php:130
actiontebravo_errorpages_404hooks\tebravo.firewall.php:134
actiontebravo_errorpages_404hooks\tebravo.firewall.php:135
actionwp_headhooks\tebravo.firewall.php:137
actionwp_headhooks\tebravo.firewall.php:138
actiontebravo_recaptcha_validatehooks\tebravo.firewall.php:141
actionpreprocess_commenthooks\tebravo.firewall.php:142
actioninithooks\tebravo.firewall.php:387
actioninithooks\tebravo.firewall.php:803
actioninithooks\tebravo.firewall.php:964
actionphpmailer_inithooks\tebravo.mail.php:31
actioninithooks\tebravo.recaptcha.php:47
filtercomment_form_submit_buttonhooks\tebravo.recaptcha.php:60
filtercomment_form_field_commenthooks\tebravo.recaptcha.php:62
filterpreprocess_commenthooks\tebravo.recaptcha.php:64
actionlogin_formhooks\tebravo.recaptcha.php:71
filterwp_authenticate_userhooks\tebravo.recaptcha.php:72
actionregister_formhooks\tebravo.recaptcha.php:78
filterregistration_errorshooks\tebravo.recaptcha.php:79
actionwp_footerhooks\tebravo.traffic.php:35
actiontebravo_errorpages_templatehooks\tebravo.traffic.php:36
actionadmin_footerhooks\tebravo.traffic.php:40
actionadmin_footerhooks\tebravo.traffic.php:49
actioninithooks\tebravo.traffic.php:188
actioninithooks\tebravo.wpadmin.php:63
actioninithooks\tebravo.wpadmin.php:74
actionadmin_inithooks\tebravo.wpadmin.php:78
actionadmin_inithooks\tebravo.wpadmin.php:83
actionadmin_inithooks\tebravo.wpadmin.php:86
actionadmin_inithooks\tebravo.wpadmin.php:87
actionwp_footerhooks\tebravo.wpadmin.php:111
actionplugins_loadedhooks\tebravo.wpadmin.php:218
actionlogin_inithooks\tebravo.wpadmin.php:219
actioninithooks\tebravo.wpadmin.php:225
filterlogout_urlhooks\tebravo.wpadmin.php:226
filterloginouthooks\tebravo.wpadmin.php:232
filtersite_urlhooks\tebravo.wpadmin.php:233
filterwp_redirecthooks\tebravo.wpadmin.php:234
filterlostpassword_urlhooks\tebravo.wpadmin.php:235
filterretrieve_password_messagehooks\tebravo.wpadmin.php:236
filtercomment_moderation_texthooks\tebravo.wpadmin.php:237
filterwp_mail_content_typehooks\tebravo.wpadmin.php:1311
actionlogin_headincludes\function.login-header.php:14
actionlogin_headincludes\function.login-header.php:17
actionlogin_headincludes\function.login-header.php:34
actionwp_headincludes\tebravo.core.php:182
actionin_admin_footerincludes\tebravo.core.php:253
filterwp_mail_content_typeincludes\tebravo.core.php:927
filterwp_mail_content_typeincludes\tebravo.core.php:996
actionadmin_headincludes\tebravo.html.php:34
actionadmin_bar_menuincludes\tebravo.init.php:95
actionadmin_bar_menuincludes\tebravo.init.php:96
actionadmin_enqueue_scriptsincludes\tebravo.init.php:124
actionwp_enqueue_scriptsincludes\tebravo.init.php:125
actioninitincludes\tebravo.init.php:146
actioninitincludes\tebravo.init.php:147
filterstyle_loader_srcincludes\tebravo.init.php:155
filterscript_loader_srcincludes\tebravo.init.php:156
actionadmin_headincludes\tebravo.init.php:159
actionadmin_headincludes\tebravo.init.php:160
filterauto_update_pluginincludes\tebravo.init.php:302
filterauto_update_themeincludes\tebravo.init.php:308
actionadmin_initincludes\tebravo.selfprotect.php:29
actionadmin_headincludes\tebravo.selfprotect.php:30
actionadmin_headincludes\tebravo.selfprotect.php:31
actionadmin_noticesincludes\tebravo.selfprotect.php:32
Maintenance & Trust

Bravo WP security Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedDec 11, 2017
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Bravo WP security Plugin Alternatives

MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall

MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall

malcare-security

A
100

Get Bulletproof Security for your WordPress site. WordPress security plugin packed with comprehensive Firewall, malware scanner, cleaner & more.

200K No CVEs
SecuPress with Simple SSL – Simple and Performant Security

SecuPress with Simple SSL – Simple and Performant Security

secupress

A
94

Protect your WordPress with SecuPress, analyze and ensure the safety of your website daily.

40K 6 CVEs
Quttera ThreatSign – Web Malware Scanner for WordPress

Quttera ThreatSign – Web Malware Scanner for WordPress

quttera-web-malware-scanner

A
98

WordPress multi-level security scanner detecting malware, 0-day threats, brute-force attacks, bot attacks, and unauthorized admin changes.

10K 3 CVEs
SP Move Login

SP Move Login

sf-move-login

A
100

Move your WordPress login page to protect it from bots. This plugin contains the Move Login module from SecuPress. Other security modules are availabl …

7K No CVEs
WebDefender Security – Protection & AntiSpam

WebDefender Security – Protection & AntiSpam

cwis-antivirus-malware-detected

A
100

PRO Security – Antivirus Scanner, 2-Layer Protection Hide Security, Brute Force Security & Antispam, Security Website and Security Hardening.

1K No CVEs
Developer Profile

Bravo WP security Plugin Developer Profile

Technoyer

2 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Bravo WP security Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bravo-security/js/tebravo.custom.js/wp-content/plugins/bravo-security/css/tebravo.style.css/wp-content/plugins/bravo-security/css/tebravo.dashboard.css
Script Paths
/wp-content/plugins/bravo-security/js/tebravo.custom.js
Version Parameters
bravo-security/js/tebravo.custom.js?ver=bravo-security/css/tebravo.style.css?ver=bravo-security/css/tebravo.dashboard.css?ver=

HTML / DOM Fingerprints

CSS Classes
tebravo-menutebravo-login-form
HTML Comments
<!-- BRAVO WP Ultimate Security --><!-- TEBRAVO --><!-- tebravo_login_form -->
Data Attributes
data-tebravo-toggle
JS Globals
window.tebravo_script_vars
REST Endpoints
/wp-json/bravo-security/v1/settings/wp-json/bravo-security/v1/logs
Shortcode Output
[bravo_security_widget][tebravo_captcha]
FAQ

Frequently Asked Questions about Bravo WP security Plugin