WP-Safety

Buddy Progress Bar Security & Risk Analysis

wordpress.org/plugins/buddy-progress-bar

A BuddyPress plugin that use a point system to display a progress bar or progress percentage for any of completed member's xprofile fields and/or …

20 active installs v1.0.3 PHP + WP 4.2+ Updated Nov 15, 2016
buddypressprofileprogression-bar
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Buddy Progress Bar Safe to Use in 2026?

Generally Safe

Score 85/100

Buddy Progress Bar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The "buddy-progress-bar" plugin, in version 1.0.3, exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by exclusively using prepared statements for its SQL queries and has no recorded history of known vulnerabilities (CVEs). This suggests a generally stable and secure development process for past issues. However, the static analysis reveals significant areas of concern. The presence of the `create_function` function, a known deprecated and potentially dangerous PHP function, introduces a risk. Furthermore, a substantial portion (72%) of its output is not properly escaped, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The lack of any capability checks, nonce checks, or any protection on its identified entry points (though the current number is zero) is also worrying, as any future expansion of the attack surface could be immediately vulnerable.

Key Concerns

  • Use of dangerous function: create_function
  • High percentage of unescaped output
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

Buddy Progress Bar Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Buddy Progress Bar Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
39
15 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_action( 'widgets_init', create_function( '', 'return register_widget( "progress_bar_widget" );' includes\bppp-widget.php:121

Output Escaping

28% escaped54 total outputs
Attack Surface

Buddy Progress Bar Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 23
actioninitbuddy-progress-bar.php:121
actioninitbuddy-progress-bar.php:122
actionwp_enqueue_scriptsbuddy-progress-bar.php:123
actionbp_includebuddy-progress-bar.php:254
actionadmin_enqueue_scriptsincludes\admin\bppp-admin.php:45
actioncontextual_helpincludes\admin\bppp-screens.php:40
actioncontextual_helpincludes\admin\bppp-screens.php:74
actioncontextual_helpincludes\admin\bppp-screens.php:105
actioncontextual_helpincludes\admin\bppp-screens.php:136
actioncontextual_helpincludes\admin\bppp-screens.php:167
actioncontextual_helpincludes\admin\bppp-screens.php:197
actioncontextual_helpincludes\admin\bppp-screens.php:230
actionadmin_menuincludes\admin\bppp-settings.php:10
actionadmin_initincludes\admin\bppp-settings.php:11
filtermanage_users_custom_columnincludes\bppp-functions.php:125
actionadmin_menuincludes\bppp-functions.php:141
actionadmin_headincludes\bppp-functions.php:151
actionbppp_register_progression_pointsincludes\bppp-profile-fields-points.php:86
actionbp_before_member_header_metaincludes\bppp-template.php:51
filterbp_directory_members_itemincludes\bppp-template.php:91
actionbp_after_login_widget_loggedinincludes\bppp-template.php:140
actionbppp_register_progression_pointsincludes\bppp-template.php:314
actionwidgets_initincludes\bppp-widget.php:121
Maintenance & Trust

Buddy Progress Bar Maintenance & Trust

Maintenance Signals

WordPress version tested
Last updatedNov 15, 2016
PHP min version
Downloads8K

Community Trust

Rating80/100
Number of ratings9
Active installs20
Alternatives

Buddy Progress Bar Alternatives

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

youzify

C
52

The best BuddyPress plugin for building online communities, user profile, social networks, and membership sites on WordPress with tons of features.

6K 1 unpatched
BuddyPress Xprofile Custom Field Types

BuddyPress Xprofile Custom Field Types

bp-xprofile-custom-field-types

A
97

Buddypress Xprofile Custom Field Types adds extra custom profile fields to BuddyPress. Field types are: Birthdate, Email, Url etc.

4K 1 CVE
JSON API User

JSON API User

json-api-user

A
97

Extends the JSON API Plugin to allow RESTful user registration, authentication & many other User Meta, BP functions. A Pro version is also available.

1K 1 CVE
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages

wc4bp

A
95

Integrate WooCommerce my account into BuddyPress member profiles. Bring your WooCommerce member pages into BuddyPress and BuddyBoss.

1K 5 CVEs
BuddyPress Edit Activity

BuddyPress Edit Activity

buddypress-edit-activity

A
85

BuddyPress Edit Activity allows your members to edit their activity posts on the front-end of your BuddyPress-powered site.

900 No CVEs
Developer Profile

Buddy Progress Bar Developer Profile

danbp

1 plugin · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Buddy Progress Bar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/buddy-progress-bar/css/progress-bar.css
Version Parameters
buddy-progress-bar/css/progress-bar.css?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Buddy Progress Bar