Does BuddyClients Lite have any unpatched vulnerabilities?

No. All known vulnerabilities in BuddyClients Lite have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BuddyClients Lite compatible with WordPress 6.8.5?

According to WordPress.org data, BuddyClients Lite 1.0.35 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is BuddyClients Lite compatible with PHP 8.0+?

BuddyClients Lite requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is BuddyClients Lite updated?

BuddyClients Lite was last updated on Aug 5, 2025. Frequent updates are generally a positive security signal.

What is BuddyClients Lite's security score?

BuddyClients Lite has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BuddyClients Lite Security & Risk Analysis

wordpress.org/plugins/buddyclients-lite

BuddyClients is a flexible and comprehensive platform for any service-based business. This free version includes core functionality.

0 active installs v1.0.35 PHP 8.0+ WP 4.9+ Updated Aug 5, 2025

buddypress-integrationbusiness-toolsclient-managementservice-businessteam-management

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BuddyClients Lite Safe to Use in 2026?

Generally Safe

Score 100/100

BuddyClients Lite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago

Risk Assessment

The 'buddyclients-lite' plugin v1.0.35 presents a mixed security posture. On the positive side, it demonstrates good practices in handling SQL queries with a high percentage of prepared statements and properly escaping most output. Furthermore, the absence of recorded vulnerabilities in its history is a strong indicator of diligent development and review. The plugin also includes nonce checks and capability checks, which are essential for securing WordPress actions.

However, significant concerns arise from the static analysis. A large attack surface is exposed through 15 AJAX handlers, all of which lack authentication checks. This creates a considerable risk of unauthorized actions being performed by unauthenticated users. The presence of the `unserialize` function, a known dangerous function often exploited in deserialization vulnerabilities, coupled with taint analysis indicating flows with unsanitized paths, amplifies these concerns. While no critical or high-severity taint flows were identified in this specific analysis, the potential for misuse of `unserialize` in conjunction with improperly handled data is a notable weakness. The bundled TCPDF v1.0.004 library is also outdated, which could pose a risk if vulnerabilities exist within that specific version.

In conclusion, while the plugin benefits from a clean vulnerability history and good practices in data handling like prepared statements and output escaping, the substantial number of unprotected AJAX endpoints and the use of `unserialize` with unsanitized paths represent significant security risks that require immediate attention. The outdated bundled library also warrants consideration for an update.

Key Concerns

15 unprotected AJAX handlers
7 dangerous functions (unserialize)
2 flows with unsanitized paths
Bundled outdated library TCPDF v1.0.004

Vulnerabilities

None known

BuddyClients Lite Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

BuddyClients Lite Code Analysis

Dangerous Functions

Raw SQL Queries

31 prepared

Unescaped Output

370 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$line_items = unserialize( $this->line_items );components\Booking\BookingIntent.php:318

unserializeforeach ( unserialize( $this->line_items ) as $line_item ) {components\Booking\BookingIntent.php:451

unserialize$this->line_items = unserialize( $this->booking_intent->line_items );components\Booking\SuccessfulBooking.php:76

unserialize'line_items' => unserialize( $this->booking_intent->line_items ),components\Checkout\Checkout.php:321

unserialize$unserialized_object = unserialize( $serialized_object );includes\ObjectHandler.php:172

unserialize$line_items = unserialize( $this->booking_intent->line_items );includes\Project.php:205

unserialize$line_items = unserialize( $this->booking_intent->line_items );includes\Project.php:282

Bundled Libraries

TCPDF1.0.004

SQL Query Safety

97% prepared32 total queries

Output Escaping

97% escaped383 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

buddyc_team_filter_match (components\Booking\helpers\team-filters.php:11)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

15 unprotected

BuddyClients Lite Attack Surface

Entry Points15

Unprotected15

AJAX Handlers 15

authwp_ajax_buddyc_dismiss_admin_tipsadmin\helpers\admin-info.php:34

authwp_ajax_buddyc_dismiss_admin_noticeadmin\helpers\admin-notice.php:66

authwp_ajax_buddyc_admin_create_new_pageadmin\helpers\pages.php:71

authwp_ajax_buddyc_create_line_itemcomponents\Booking\helpers\create-line-item.php:52

noprivwp_ajax_buddyc_create_line_itemcomponents\Booking\helpers\create-line-item.php:53

authwp_ajax_buddyc_get_projectcomponents\Booking\helpers\get-project.php:28

noprivwp_ajax_buddyc_get_projectcomponents\Booking\helpers\get-project.php:29

authwp_ajax_buddyc_team_filter_matchcomponents\Booking\helpers\team-filters.php:76

noprivwp_ajax_buddyc_team_filter_matchcomponents\Booking\helpers\team-filters.php:77

authwp_ajax_buddyc_checkout_create_accountincludes\helpers\create-account.php:120

noprivwp_ajax_buddyc_checkout_create_accountincludes\helpers\create-account.php:121

authwp_ajax_buddyc_update_booking_intent_emailincludes\helpers\new-email.php:39

noprivwp_ajax_buddyc_update_booking_intent_emailincludes\helpers\new-email.php:40

authwp_ajax_buddyc_get_popup_contentincludes\helpers\popup.php:31

noprivwp_ajax_buddyc_get_popup_contentincludes\helpers\popup.php:32

WordPress Hooks 105

actionadmin_initadmin\Admin.php:74

actionadmin_initadmin\Admin.php:75

actionadmin_enqueue_scriptsadmin\Admin.php:76

actionadmin_menuadmin\Admin.php:77

actionadmin_menuadmin\Admin.php:78

actioninitadmin\Admin.php:79

actioninitadmin\Admin.php:80

actionadmin_noticesadmin\AdminNotice.php:248

actionadmin_initadmin\helpers\admin-filter.php:13

actionbuddyc_adminadmin\helpers\admin-info.php:18

filtermanage_edit-brief_type_columnsadmin\helpers\brief-preview.php:23

actionmanage_brief_type_custom_columnadmin\helpers\brief-preview.php:47

actioninitadmin\helpers\brief-preview.php:62

actionpre_get_postsadmin\helpers\brief-preview.php:152

actioninitadmin\helpers\cache.php:13

actionadmin_initadmin\helpers\delete-booking.php:46

actioninitadmin\helpers\flush-permalinks.php:16

actioninitadmin\helpers\plugin-links.php:14

actioninitadmin\helpers\upgrade.php:16

actioninitadmin\helpers\welcome.php:14

actionadd_meta_boxesadmin\Metaboxes.php:60

actionadmin_noticesadmin\Nav.php:122

actionadmin_initadmin\Nav.php:123

actionbuddyc_adminadmin\Nav.php:124

actionbuddyc_adminadmin\Nav.php:125

actioninitadmin\PostType.php:85

actionadmin_initadmin\PostTypeManager.php:69

actionadmin_noticesadmin\RepairButton.php:72

actionsave_postadmin\Settings.php:48

actionbefore_delete_postadmin\Settings.php:49

actionwp_trash_postadmin\Settings.php:50

actionadmin_initadmin\Settings.php:53

actionbuddyc_available_components_updatedadmin\Settings.php:56

actionbuddyc_license_updatedadmin\Settings.php:59

actioninitadmin\Settings.php:245

actionadmin_initadmin\SettingsPage.php:105

actionbuddyc_admin_pagesadmin\UpgradePage.php:77

actionbuddyc_nav_tabsadmin\UpgradePage.php:78

actionadmin_initadmin\WelcomeMessage.php:35

actionplugins_loadedbuddyclients-lite.php:50

actionadmin_noticesbuddyclients-lite.php:93

actionadmin_noticesbuddyclients-lite.php:146

actionadmin_noticesbuddyclients-lite.php:176

actioninitBuddyClientsLite-class.php:137

actionadmin_enqueue_scriptsBuddyClientsLite-class.php:217

actionwp_enqueue_scriptsBuddyClientsLite-class.php:218

actionwpBuddyClientsLite-class.php:221

actioninitBuddyClientsLite-class.php:224

actionbp_initcomponents\Booking\BookedService\helpers\group-extension.php:47

actionbuddyc_scheduled_payment_eligiblecomponents\Booking\BookedService\helpers\status.php:24

actionbuddyc_service_status_completecomponents\Booking\BookedService\helpers\status.php:37

actionbuddyc_scheduled_abandoned_bookingcomponents\Booking\helpers\booking-intents.php:69

actionbuddyc_all_booking_services_completecomponents\Booking\helpers\booking-intents.php:85

actionadmin_initcomponents\Booking\helpers\booking-payments.php:242

actioninitcomponents\Booking\SuccessfulBooking.php:164

actionbp_initcomponents\Brief\helpers\group-extension.php:43

actionadmin_enqueue_scriptscomponents\Email\helpers\admin-log.php:45

actionadd_meta_boxescomponents\Email\helpers\functions.php:12

actionsave_postcomponents\Service\helpers\cache.php:31

actionupdated_post_metacomponents\Service\ServiceHandler.php:55

actionupdate_option_buddyc_components_settingscomponents\Service\ServiceHandler.php:58

actionupdate_option_buddyc_booking_settingscomponents\Service\ServiceHandler.php:59

actionbuddyc_version_switchcomponents\Service\ServiceHandler.php:60

actionupdated_post_metacomponents\Service\ServiceHandler.php:63

actionupdate_option_buddyc_components_settingscomponents\Service\ServiceHandler.php:66

actionupdate_option_buddyc_booking_settingscomponents\Service\ServiceHandler.php:67

actionbuddyc_version_switchcomponents\Service\ServiceHandler.php:68

actionwp_enqueue_scriptsconfig\AssetAutoloader.php:89

actionadmin_enqueue_scriptsconfig\AssetAutoloader.php:90

actionwp_enqueue_scriptsconfig\AssetManager.php:73

actionadmin_enqueue_scriptsconfig\AssetManager.php:74

actioninitconfig\helpers\license.php:15

filtersafe_style_cssconfig\helpers\security.php:53

actioninitconfig\helpers\security.php:58

actioninitconfig\helpers\system.php:13

actioninitconfig\helpers\system.php:23

actioninitconfig\helpers\version.php:38

actioninitconfig\helpers\version.php:64

actioninitconfig\ReferencePosts.php:23

actionwp_footerincludes\Alert.php:73

actioninitincludes\AlertManager.php:22

actioninitincludes\ExtensionManager.php:407

filterupload_dirincludes\File.php:174

actioninitincludes\helpers\contact.php:48

actioninitincludes\helpers\emails.php:14

actionwp_footerincludes\helpers\popup.php:86

actionwp_enqueue_scriptsincludes\helpers\recaptcha.php:47

actioninitincludes\helpers\scheduler.php:13

actionsave_post_buddyc_filterincludes\helpers\xprofile.php:26

actioninitincludes\helpers\xprofile.php:115

actionadmin_initincludes\helpers\xprofile.php:165

actionwp_footerincludes\Popup.php:71

actioninitincludes\ProfileExtension.php:53

actionbp_template_titleincludes\ProfileExtension.php:177

actionbp_template_contentincludes\ProfileExtension.php:178

actionpre_get_postsincludes\TemplateManager.php:72

filterget_the_archive_titleincludes\TemplateManager.php:73

filterthe_contentincludes\TemplateManager.php:83

filterthe_postsincludes\TemplateManager.php:84

filtertemplate_includeincludes\TemplateManager.php:95

actionbp_initincludes\XprofileField.php:101

actionsave_post_bp-member-typeincludes\XprofileManager.php:41

actionxprofile_fields_deleted_fieldincludes\XprofileManager.php:42

actionsave_post_buddyc_roleincludes\XprofileManager.php:43

actionbuddyc_activatedincludes\XprofileManager.php:44

Maintenance & Trust

BuddyClients Lite Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 5, 2025

PHP min version8.0

Downloads221

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

BuddyClients Lite Alternatives

Propovoice: All-in-One Client Management System

propovoice

All-in-one client management system for freelancers & agencies on WordPress. Manage leads, deals, invoices & projects. Get paid faster!

1K 1 unpatched

Custom Team Manager

custom-team-manager

This plugin will display team members using shortcode on your page. You just need to post members details same way as you add a new post.

100 1 unpatched

Awesome Team Showcase

awesome-team-showcase

This plugin provides to show awesome team showcase to you post or pages just using shortcode.

80 No CVEs

Sprout Clients – CRM and Lead Management

sprout-clients

Properly leveraging your contact lists isn’t sending out a single email to the entire list asking for work — instead you need to build business relati …

70 3 CVEs

Client Power Tools Portal

client-power-tools

A free, easy-to-use client portal built for designers, developers, consultants, lawyers, and other independent contractors and professionals.

40 1 CVE

Developer Profile

BuddyClients Lite Developer Profile

Victoria Griffin

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BuddyClients Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/buddyclients-lite/assets/css/buddyclients-lite.css/wp-content/plugins/buddyclients-lite/assets/js/buddyclients-lite.js/wp-content/plugins/buddyclients-lite/admin/css/admin.css/wp-content/plugins/buddyclients-lite/admin/js/admin.js/wp-content/plugins/buddyclients-lite/admin/js/customizer.js/wp-content/plugins/buddyclients-lite/admin/js/page-manager.js/wp-content/plugins/buddyclients-lite/admin/js/repair-button.js/wp-content/plugins/buddyclients-lite/admin/js/tinymce-plugin.js+1 more

Script Paths

/wp-content/plugins/buddyclients-lite/assets/js/buddyclients-lite.js/wp-content/plugins/buddyclients-lite/admin/js/admin.js/wp-content/plugins/buddyclients-lite/admin/js/customizer.js/wp-content/plugins/buddyclients-lite/admin/js/page-manager.js/wp-content/plugins/buddyclients-lite/admin/js/repair-button.js/wp-content/plugins/buddyclients-lite/admin/js/tinymce-plugin.js+1 more

Version Parameters

buddyclients-lite/assets/css/buddyclients-lite.css?ver=buddyclients-lite/assets/js/buddyclients-lite.js?ver=buddyclients-lite/admin/css/admin.css?ver=buddyclients-lite/admin/js/admin.js?ver=buddyclients-lite/admin/js/customizer.js?ver=buddyclients-lite/admin/js/page-manager.js?ver=buddyclients-lite/admin/js/repair-button.js?ver=buddyclients-lite/admin/js/tinymce-plugin.js?ver=buddyclients-lite/admin/js/xprofile-manager.js?ver=

HTML / DOM Fingerprints

CSS Classes

buddyclients-lite-admin-pagebuddyclients-lite-customizer-wrapbuddyclients-lite-repair-button-wrapbuddyclients-lite-settings-pagebuddyclients-lite-xprofile-manager-wrap

HTML Comments

Data Attributes

data-buddyclients-lite-noncedata-buddyclients-lite-id

JS Globals

buddyclients_lite_settings_paramsbuddyclients_lite_customizer_paramsbuddyclients_lite_page_manager_paramsbuddyclients_lite_repair_paramsbuddyclients_lite_tinymce_paramsbuddyclients_lite_xprofile_manager_params

REST Endpoints

/wp-json/buddyclients-lite/v1/settings/wp-json/buddyclients-lite/v1/repair

FAQ

BuddyClients Lite Security & Risk Analysis

Is BuddyClients Lite Safe to Use in 2026?

Generally Safe

Key Concerns

BuddyClients Lite Security Vulnerabilities

BuddyClients Lite Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

BuddyClients Lite Attack Surface

AJAX Handlers 15

BuddyClients Lite Maintenance & Trust

Maintenance Signals

Community Trust

BuddyClients Lite Alternatives

Propovoice: All-in-One Client Management System

Custom Team Manager

Awesome Team Showcase

Sprout Clients – CRM and Lead Management

Client Power Tools Portal

BuddyClients Lite Developer Profile

How We Detect BuddyClients Lite

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about BuddyClients Lite