Does bSuite have any unpatched vulnerabilities?

No. All known vulnerabilities in bSuite have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is bSuite compatible with WordPress 3.3.2?

According to WordPress.org data, bSuite 5 alpha 3 has been tested up to WordPress 3.3.2. Check the plugin's changelog for the latest compatibility information.

How often is bSuite updated?

bSuite was last updated on Apr 11, 2012. Frequent updates are generally a positive security signal.

What is bSuite's security score?

bSuite has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

bSuite Security & Risk Analysis

wordpress.org/plugins/bsuite

A suite of tools used to help surface interesting and popular stories as well as improve WordPress' CMS capabilities as an application platform.

10 active installs v5 alpha 3 PHP + WP 3.2+ Updated Apr 11, 2012

cmscontent-managementstatisticsstatstags

A · Safe

CVEs total1

Unpatched0

Last CVESep 27, 2014

Plugin page Download

Safety Verdict

Is bSuite Safe to Use in 2026?

Generally Safe

Score 85/100

bSuite has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 27, 2014Updated 13yr ago

Risk Assessment

The "bsuite" v5 alpha 3 plugin presents a mixed security posture. While it demonstrates some positive security practices, such as a significant number of capability checks and a lack of bundled libraries, several concerning areas were identified. The static analysis reveals a substantial attack surface, with a notable portion of AJAX handlers (7 out of 11) lacking proper authentication checks. Furthermore, a concerning number of dangerous functions are present in the codebase, including `unserialize`, `shell_exec`, and `create_function`, which can be exploited if not handled with extreme care. The taint analysis, although not revealing critical or high severity flows, indicates a high number of flows with unsanitized paths, suggesting a potential for vulnerabilities if input validation is not robust. Historically, the plugin has a known medium severity CVE for Cross-site Scripting, and while there are no currently unpatched vulnerabilities, the age of the last known vulnerability (2014) suggests potential for outdated or undiscovered security flaws within the current codebase that may not be reflected in past CVEs. Overall, the plugin requires careful review and hardening due to its large, partially unprotected attack surface and the presence of dangerous functions.

Key Concerns

Unprotected AJAX handlers
Presence of dangerous functions (unserialize, shell_exec, create_function)
High number of flows with unsanitized paths
Low percentage of properly escaped output
Low number of nonce checks
SQL queries not always using prepared statements
Known medium severity vulnerability in history

Vulnerabilities

bSuite Security Vulnerabilities

CVEs by Year

1 CVE in 2014

2014

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2011-4955medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

bSuite <= 5 alpha 2 - Multiple Cross-Site Scripting

Sep 27, 2014 Patched in 5 alpha 3 (3405d)

Code Analysis

Analyzed Mar 17, 2026

bSuite Code Analysis

Dangerous Functions

Raw SQL Queries

27 prepared

Unescaped Output

430

119 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

preg_replace(/e)preg_replace('/ebsuite.php:843

unserialize$post_orig = unserialize( serialize( $post )); // how else to prevent passing object by reference?bsuite.php:277

unserialize$img = unserialize( $img );bsuite.php:521

unserialize$se = unserialize( $session->in_extra );bsuite.php:1084

shell_exec$str = substr( strrchr( shell_exec( 'uptime' ),':' ),1 );bsuite.php:1903

unserializeif( $response = unserialize( substr( $response, strpos( $response, 'a:' ))))bsuite.php:2408

create_functionadd_filter( 'pre_comment_approved', create_function( '$a', 'return \'message\';'), 1 );components\cms-widgets.php:294

create_function$comments_template_function = create_function( '$a', "return '{$postloops->templates_response[ $instcomponents\cms-widgets.php:1649

unserialize$post_orig = unserialize( serialize( $post )); // how else to prevent passing object by reference?components\listchildren.php:76

SQL Query Safety

37% prepared73 total queries

Output Escaping

22% escaped549 total outputs

Data Flows

12 unsanitized

Data Flow Analysis

13 flows12 with unsanitized paths

icon_ajax_upload (bsuite.php:578)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

7 unprotected

bSuite Attack Surface

Entry Points19

Unprotected7

AJAX Handlers 11

authwp_ajax_bsuite_icon_formbsuite.php:69

authwp_ajax_bsuite_icon_uploadbsuite.php:70

authwp_ajax_bsuite_icon_deletebsuite.php:71

authwp_ajax_show_croncomponents\common-functions.php:126

authwp_ajax_new_fb_commentcomponents\fb-comments.php:152

noprivwp_ajax_new_fb_commentcomponents\fb-comments.php:153

authwp_ajax_feature_commentcomponents\featured-comments.php:19

authwp_ajax_bsocial_map_twitter_usercomponents\social-analytics.php:694

noprivwp_ajax_bsocial_map_twitter_usercomponents\social-analytics.php:695

authwp_ajax_bsocial_urlinfocomponents\social-analytics.php:707

noprivwp_ajax_bsocial_urlinfocomponents\social-analytics.php:708

Shortcodes 8

[include] bsuite.php:57

[icon] bsuite.php:58

[feed] bsuite.php:59

[innerindex] components\innerindex.php:6

[pagemenu] components\listchildren.php:8

[list_pages] components\listchildren.php:9

[attachmentsmenu] components\listchildren.php:10

[list_attachments] components\listchildren.php:11

WordPress Hooks 124

actioninitbsuite.php:49

filterthe_content_rssbsuite.php:63

filterthe_excerptbsuite.php:64

filterthe_excerpt_rssbsuite.php:65

filterwidget_textbsuite.php:66

filterbsuite_tokensbsuite.php:76

filterthe_contentbsuite.php:77

filterthe_content_rssbsuite.php:78

filterthe_excerptbsuite.php:79

filterthe_excerpt_rssbsuite.php:80

filterget_the_excerpt bsuite.php:81

filterwidget_textbsuite.php:82

filtersave_postbsuite.php:85

filterthe_contentbsuite.php:87

filterthe_contentbsuite.php:88

filterthe_contentbsuite.php:93

filtertemplate_redirectbsuite.php:96

filterpost_linkbsuite.php:97

actionwp_headbsuite.php:101

actionget_footerbsuite.php:107

filtercron_schedulesbsuite.php:110

filterbsuite_intervalbsuite.php:112

actionsave_postbsuite.php:116

filteruser_has_capbsuite.php:119

filtersave_postbsuite.php:120

actionwidgets_initbsuite.php:126

actionadmin_menubsuite.php:136

actionadmin_initbsuite.php:137

actioninitbsuite.php:138

filterstylesheet_uribsuite.php:169

filterlocale_stylesheet_uribsuite.php:170

actioncomment_postbsuite.php:2691

actionwp_set_comment_statusbsuite.php:2692

actioninitcomponents\cms-widgets.php:25

actionpreprocess_commentcomponents\cms-widgets.php:27

actionbsuite_response_sendmessagecomponents\cms-widgets.php:28

actiontemplate_redirectcomponents\cms-widgets.php:30

actionadmin_initcomponents\cms-widgets.php:46

actionadmin_footercomponents\cms-widgets.php:55

actioncomment_postcomponents\cms-widgets.php:293

filterpre_comment_approvedcomponents\cms-widgets.php:294

filterprint_footer_scriptscomponents\cms-widgets.php:500

filterwijax-actionscomponents\cms-widgets.php:541

filterposts_wherecomponents\cms-widgets.php:684

filterposts_wherecomponents\cms-widgets.php:687

filterposts_wherecomponents\cms-widgets.php:701

filterposts_wherecomponents\cms-widgets.php:703

filterposts_fieldscomponents\cms-widgets.php:732

filterposts_joincomponents\cms-widgets.php:733

filterposts_groupbycomponents\cms-widgets.php:734

filterposts_orderbycomponents\cms-widgets.php:735

filterposts_joincomponents\cms-widgets.php:741

filterposts_orderbycomponents\cms-widgets.php:742

filtercomments_templatecomponents\cms-widgets.php:1663

filterprint_footer_scriptscomponents\cms-widgets.php:2251

actionwidgets_initcomponents\cms-widgets.php:2308

actiondelete_commentcomponents\common-functions.php:108

filteropengraph_metadatacomponents\fb-api.php:23

filterlanguage_attributescomponents\fb-api.php:34

actionget_footercomponents\fb-api.php:54

filterthe_contentcomponents\fb-api.php:64

actioningest_fb_commentscomponents\fb-comments.php:123

actionthe_contentcomponents\fb-comments.php:167

filteradmin_comment_types_dropdowncomponents\fb-comments.php:174

actionwidgets_initcomponents\fb-widgets.php:113

actioninitcomponents\featured-comments.php:16

actionedit_commentcomponents\featured-comments.php:17

actiondelete_commentcomponents\featured-comments.php:18

filterquicktags_settingscomponents\featured-comments.php:21

filtercomment_row_actionscomponents\featured-comments.php:22

filterpre_get_postscomponents\featured-comments.php:24

filterpost_classcomponents\featured-comments.php:25

filterget_comment_textcomponents\featured-comments.php:26

filterthe_authorcomponents\featured-comments.php:27

filterthe_author_posts_linkcomponents\featured-comments.php:28

filterpost_type_linkcomponents\featured-comments.php:29

filterget_comment_textcomponents\featured-comments.php:129

actionadmin_print_footer_scriptscomponents\featured-comments.php:242

actiontemplate_redirectcomponents\head-meta.php:29

actionrss2_nscomponents\head-meta.php:37

actionrss2_itemcomponents\head-meta.php:38

actionwp_headcomponents\head-meta.php:40

actionwp_headcomponents\head-meta.php:41

filterwp_get_attachment_linkcomponents\head-meta.php:53

filtercontent_save_precomponents\innerindex.php:7

filtersave_postcomponents\innerindex.php:8

filterlanguage_attributescomponents\open-graph.php:27

filteropengraph_titlecomponents\open-graph.php:68

filteropengraph_typecomponents\open-graph.php:69

filteropengraph_imagecomponents\open-graph.php:70

filteropengraph_urlcomponents\open-graph.php:71

filteropengraph_site_namecomponents\open-graph.php:73

filteropengraph_descriptioncomponents\open-graph.php:74

filterwpcomponents\open-graph.php:76

actionwp_headcomponents\open-graph.php:190

actionupdate_wpmu_optionscomponents\privacy.php:33

actionwpmu_optionscomponents\privacy.php:34

actionblog_privacy_selectorcomponents\privacy.php:37

actiontemplate_redirectcomponents\privacy.php:40

actiontemplate_redirectcomponents\privacy.php:47

actiondo_robotscomponents\privacy.php:57

actionwp_headcomponents\privacy.php:62

actionlogin_headcomponents\privacy.php:63

filteroption_ping_sitescomponents\privacy.php:67

actioninitcomponents\search.php:8

filtercontent_save_precomponents\search.php:18

actionbsuite_intervalcomponents\search.php:21

actionparse_querycomponents\search.php:25

filterposts_searchcomponents\search.php:73

filterposts_join_requestcomponents\search.php:74

filterposts_fields_requestcomponents\search.php:75

filterposts_orderby_requestcomponents\search.php:76

filterprint_footer_scriptscomponents\twitter-api.php:289

actioningest_twitter_commentscomponents\twitter-comments.php:104

actionadmin_headcomponents\twitter-comments.php:111

filteradmin_comment_types_dropdowncomponents\twitter-comments.php:118

actioninitcomponents\wijax.php:17

actionwidgets_initcomponents\wijax.php:18

filterquery_varscomponents\wijax.php:19

filterrequestcomponents\wijax.php:26

filterprint_footer_scriptscomponents\wijax.php:32

filtertemplate_redirectcomponents\wijax.php:93

filterwijax-base-currentcomponents\wijax.php:312

filterwijax-base-homecomponents\wijax.php:313

Scheduled Events 5

bsuite_interval

ingest_fb_comments

ingest_twitter_comments

Maintenance & Trust

bSuite Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2

Last updatedApr 11, 2012

PHP min version

Downloads24K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

bSuite Alternatives

Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative)

burst-statistics

Analytics you'll actually use. Privacy-friendly, zero config, and designed to be actionable. Get insights, not just raw data.

200K 3 CVEs

Statify

statify

100

Visitor statistics for WordPress with focus on data protection, transparency and clarity. Perfect as a widget in your WordPress Dashboard.

100K No CVEs

StatCounter – Free Real Time Visitor Stats

official-statcounter-plugin-for-wordpress

StatCounter.com powered real-time detailed stats about the visitors to your blog.

70K 2 CVEs

Koko Analytics – Privacy Friendly Statistics for WordPress

koko-analytics

Koko Analytics is a privacy-friendly statistics plugin for WordPress that is an easy to use alternative to Google Analytics.

60K 2 CVEs

Connect Matomo – Analytics Dashboard for WordPress

wp-piwik

Adds Matomo (former Piwik) statistics to your WordPress dashboard and is also able to add the Matomo Tracking Code to your blog.

60K 5 CVEs

Developer Profile

bSuite Developer Profile

Casey Bisson

7 plugins · 290 total installs

trust score

Avg Security Score

84/100

Avg Patch Time

3405 days

View full developer profile

Detection Fingerprints

How We Detect bSuite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bsuite/js/bsuite.js/wp-content/plugins/bsuite/js/jquery.highlight-1.js

Script Paths