Does BS FAQ Plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in BS FAQ Plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BS FAQ Plugin compatible with WordPress 3.4.2?

According to WordPress.org data, BS FAQ Plugin 1.0.0 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is BS FAQ Plugin updated?

BS FAQ Plugin was last updated on Feb 4, 2018. Frequent updates are generally a positive security signal.

What is BS FAQ Plugin's security score?

BS FAQ Plugin has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BS FAQ Plugin Security & Risk Analysis

wordpress.org/plugins/bs-faq

Quick and Easy way to add FAQs

10 active installs v1.0.0 PHP + WP 3.0.1+ Updated Feb 4, 2018

accordion-faqsbs-faqfaqfaqsfaqs-list

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BS FAQ Plugin Safe to Use in 2026?

Generally Safe

Score 85/100

BS FAQ Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "bs-faq" v1.0.0 plugin exhibits a generally positive security posture with several strengths. It impressively uses prepared statements for all its SQL queries, which is a significant defense against SQL injection. Furthermore, it has a history of zero known vulnerabilities, suggesting a potentially well-maintained or less targeted codebase. The presence of capability checks and a nonce check provides basic protection for its entry points.

However, there are notable concerns. The most significant weakness lies in the low percentage of properly escaped outputs (only 15%). This opens the door to Cross-Site Scripting (XSS) vulnerabilities, especially given the presence of three shortcodes which are common vectors for user-supplied data to be rendered in the front-end without adequate sanitization. While taint analysis found no issues, this is likely due to the limited scope of analysis (0 flows analyzed) and does not negate the risk posed by the unescaped outputs. The absence of external HTTP requests and a clean vulnerability history are positive, but the output escaping deficiency is a critical area that requires immediate attention.

Key Concerns

Low percentage of properly escaped outputs (15%)
Presence of 3 shortcodes with low output escaping
Limited taint analysis scope (0 flows analyzed)

Vulnerabilities

None known

BS FAQ Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

BS FAQ Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

SQL Query Safety

100% prepared7 total queries

Output Escaping

15% escaped96 total outputs

Attack Surface

BS FAQ Plugin Attack Surface

Entry Points3

Unprotected0

Shortcodes 3

[bs-faqs-list] includes\bs_faq_file\shortcode\bs_faq_list.php:14

[bs-faqs] includes\bs_faq_file\shortcode\bs_faq_list_categorywise.php:14

[bs-faq] includes\bs_faq_file\shortcode\bs_faq_list_idwise.php:14

WordPress Hooks 37

filtermanage_edit-bs_faq_columnsadmin\class-bs_faq_plugin-admin.php:56

actionmanage_posts_custom_columnadmin\class-bs_faq_plugin-admin.php:57

actionrestrict_manage_postsadmin\class-bs_faq_plugin-admin.php:59

filterparse_queryadmin\class-bs_faq_plugin-admin.php:60

actionrestrict_manage_postsincludes\bs_faq_file\bs_faq_export.php:15

actioninitincludes\bs_faq_file\bs_faq_export.php:16

actionadmin_menuincludes\bs_faq_file\bs_faq_import_data.php:15

actionadmin_post_import_ch8bt_bugincludes\bs_faq_file\bs_faq_import_data.php:16

actionadmin_menuincludes\bs_faq_file\bs_faq_info.php:15

actionwidgets_initincludes\bs_faq_file\bs_faq_recent_widget.php:14

actioninitincludes\bs_faq_file\bs_faq_register_custom_post_type.php:14

actionadmin_initincludes\bs_faq_file\bs_faq_settings.php:17

actionadmin_menuincludes\bs_faq_file\bs_faq_settings.php:18

filtertemplate_includeincludes\bs_faq_file\bs_faq_single_template.php:14

filterthe_contentincludes\bs_faq_file\bs_faq_single_template.php:24

actionwp_headincludes\bs_faq_file\bs_faq_view_count.php:19

filtermanage_post_posts_columnsincludes\bs_faq_file\bs_faq_view_count.php:23

actionmanage_post_posts_custom_columnincludes\bs_faq_file\bs_faq_view_count.php:31

actionadmin_initincludes\bs_faq_file\metabox\bs_faq_display_name_metabox.php:14

actionsave_postincludes\bs_faq_file\metabox\bs_faq_display_name_metabox.php:15

actionadmin_print_footer_scriptsincludes\bs_faq_file\shortcode\bs_faq_list.php:19

actionadmin_print_footer_scriptsincludes\bs_faq_file\shortcode\bs_faq_list_categorywise.php:19

actionafter_setup_themeincludes\bs_faq_file\shortcode\bs_faq_visual_editor1.php:3

actioninitincludes\bs_faq_file\shortcode\bs_faq_visual_editor1.php:11

filtermce_external_pluginsincludes\bs_faq_file\shortcode\bs_faq_visual_editor1.php:28

filtermce_buttonsincludes\bs_faq_file\shortcode\bs_faq_visual_editor1.php:29

actionafter_wp_tiny_mceincludes\bs_faq_file\shortcode\bs_faq_visual_editor1.php:47

actionafter_setup_themeincludes\bs_faq_file\shortcode\bs_faq_visual_editor2.php:3

actioninitincludes\bs_faq_file\shortcode\bs_faq_visual_editor2.php:10

filtermce_external_pluginsincludes\bs_faq_file\shortcode\bs_faq_visual_editor2.php:27

filtermce_buttonsincludes\bs_faq_file\shortcode\bs_faq_visual_editor2.php:28

actionafter_wp_tiny_mceincludes\bs_faq_file\shortcode\bs_faq_visual_editor2.php:46

actionplugins_loadedincludes\class-bs_faq_plugin.php:227

actionadmin_enqueue_scriptsincludes\class-bs_faq_plugin.php:242

actionadmin_enqueue_scriptsincludes\class-bs_faq_plugin.php:243

actionwp_enqueue_scriptsincludes\class-bs_faq_plugin.php:265

actionwp_enqueue_scriptsincludes\class-bs_faq_plugin.php:266

Maintenance & Trust

BS FAQ Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedFeb 4, 2018

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

BS FAQ Plugin Alternatives

Iks Menu – WordPress Category Accordion Menu & FAQs

iks-menu

100

Super customizable WordPress plugin for displaying custom menus, taxonomy/category terms and FAQs as accordion menu (with images support).

10K No CVEs

Quick and Easy FAQs

quick-and-easy-faqs

100

Truly a quick and easy way to add FAQs to your site.

10K No CVEs

Joli FAQ SEO – WordPress FAQ Plugin

joli-faq-seo

The best WordPress FAQ plugin: easy & fast single page drag n drop editor, lightweight, no jQuery, block-enabled, schema.org, optimized for SEO.

700 1 CVE

FAQ Builder AYS

faq-builder-ays

Create FAQs and accordions for your WP website without effort with FAQ Builder. Has Gutenberg Block, responsive design, 20+ style options, etc.

100 3 CVEs

My WP FAQs

my-wp-faqs-list

This plugin will add FAQs list feature inside a post or page.

10 No CVEs

Developer Profile

BS FAQ Plugin Developer Profile

Bipul Sarkar

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BS FAQ Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bs-faq-plugin/admin/css/bs_faq_plugin-admin.css/wp-content/plugins/bs-faq-plugin/admin/js/bs_faq_plugin-admin.js

Version Parameters

bs_faq_plugin-admin.css?ver=bs_faq_plugin-admin.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-post-id

Shortcode Output

[bs-faq id='']

FAQ