Does BuddyDrive have any unpatched vulnerabilities?

No. All known vulnerabilities in BuddyDrive have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BuddyDrive compatible with WordPress 6.8.5?

According to WordPress.org data, BuddyDrive 2.1.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is BuddyDrive compatible with PHP 7.4+?

BuddyDrive requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is BuddyDrive updated?

BuddyDrive was last updated on Jun 3, 2025. Frequent updates are generally a positive security signal.

What is BuddyDrive's security score?

BuddyDrive has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BuddyDrive Security & Risk Analysis

wordpress.org/plugins/buddydrive

BuddyDrive lets BuddyPress users upload, manage, and share files and folders from profiles or groups.

1K active installs v2.1.4 PHP 7.4+ WP 4.5+ Updated Jun 3, 2025

buddypressfilesfolders

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BuddyDrive Safe to Use in 2026?

Generally Safe

Score 100/100

BuddyDrive has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago

Risk Assessment

Based on the static analysis and vulnerability history, BuddyDrive v2.1.4 exhibits a generally good security posture. The plugin demonstrates strong adherence to secure coding practices, with a high percentage of SQL queries utilizing prepared statements and a significant portion of output being properly escaped. The absence of dangerous functions, file operations, and external HTTP requests further mitigates potential attack vectors. Crucially, the lack of any recorded vulnerabilities or CVEs, coupled with the absence of critical or high-severity taint analysis findings, suggests a mature and well-maintained codebase.

Key Concerns

Output escaping is not fully implemented
Bundled library (Freemius) may be outdated

Vulnerabilities

None known

BuddyDrive Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

BuddyDrive Code Analysis

Dangerous Functions

Raw SQL Queries

19 prepared

Unescaped Output

114 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

86% prepared22 total queries

Output Escaping

72% escaped159 total outputs

Data Flows

All sanitized

Data Flow Analysis

7 flows

buddydrive_files_admin_load (includes\admin\buddydrive-items.php:56)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

BuddyDrive Attack Surface

Entry Points9

Unprotected0

AJAX Handlers 9

authwp_ajax_buddydrive_upgraderincludes\admin\buddydrive-admin.php:158

authwp_ajax_buddydrive_uploadincludes\buddydrive-item-ajax.php:112

authwp_ajax_buddydrive_fetch_itemsincludes\buddydrive-item-ajax.php:272

noprivwp_ajax_buddydrive_fetch_itemsincludes\buddydrive-item-ajax.php:273

authwp_ajax_buddydrive_item_updateincludes\buddydrive-item-ajax.php:335

authwp_ajax_buddydrive_get_bpobjectsincludes\buddydrive-item-ajax.php:380

authwp_ajax_buddydrive_bulk_edit_itemsincludes\buddydrive-item-ajax.php:437

authwp_ajax_buddydrive_add_folderincludes\buddydrive-item-ajax.php:514

authwp_ajax_buddydrive_get_statsincludes\buddydrive-item-ajax.php:575

WordPress Hooks 83

actionbp_loadedbuddydrive.php:226

actionbp_includebuddydrive.php:227

actionbuddydrive_admin_headincludes\admin\buddydrive-admin.php:154

actionbuddydrive_admin_register_settingsincludes\admin\buddydrive-admin.php:156

actionadmin_enqueue_scriptsincludes\admin\buddydrive-admin.php:157

filterplugin_action_linksincludes\admin\buddydrive-admin.php:163

filternetwork_admin_plugin_action_linksincludes\admin\buddydrive-admin.php:164

filterbp_admin_menu_orderincludes\admin\buddydrive-admin.php:167

actionedit_user_profileincludes\admin\buddydrive-admin.php:247

actionedit_user_profile_updateincludes\admin\buddydrive-admin.php:248

actionset_user_roleincludes\admin\buddydrive-admin.php:249

filtermanage_users_custom_columnincludes\admin\buddydrive-admin.php:252

actionbuddydrive_initincludes\admin\buddydrive-admin.php:912

filterbp_admin_menu_orderincludes\admin\buddydrive-items.php:32

actionbuddydrive_multisite_optionsincludes\admin\buddydrive-settings.php:574

actionbp_initincludes\buddydrive-actions.php:8

actionbp_readyincludes\buddydrive-actions.php:9

actionbp_setup_current_userincludes\buddydrive-actions.php:10

actionbp_setup_themeincludes\buddydrive-actions.php:11

actionbp_after_setup_themeincludes\buddydrive-actions.php:12

actionbp_enqueue_scriptsincludes\buddydrive-actions.php:13

actionbp_admin_enqueue_scriptsincludes\buddydrive-actions.php:14

actionbp_enqueue_scriptsincludes\buddydrive-actions.php:15

actionbp_setup_admin_barincludes\buddydrive-actions.php:16

actionbp_actionsincludes\buddydrive-actions.php:17

actionbp_screensincludes\buddydrive-actions.php:18

actionadmin_initincludes\buddydrive-actions.php:19

actionadmin_headincludes\buddydrive-actions.php:20

actionbuddydrive_admin_initincludes\buddydrive-actions.php:21

actionbuddydrive_admin_initincludes\buddydrive-actions.php:22

actionbp_template_redirectincludes\buddydrive-actions.php:23

actionbuddydrive_activationincludes\buddydrive-actions.php:118

actioninitincludes\buddydrive-component.php:46

actionbp_initincludes\buddydrive-component.php:49

actionbp_initincludes\buddydrive-component.php:53

actionbp_loadedincludes\buddydrive-component.php:380

actionafter_uninstallincludes\buddydrive-functions.php:440

actionbuddydrive_admin_initincludes\buddydrive-functions.php:535

filterbp_attachments_get_plupload_l10nincludes\buddydrive-functions.php:974

filterbp_attachments_get_plupload_default_settingsincludes\buddydrive-functions.php:975

filterbuddydrive_attachment_script_dataincludes\buddydrive-functions.php:976

actionwp_footerincludes\buddydrive-functions.php:981

filterbp_locate_template_and_loadincludes\buddydrive-functions.php:1062

filterbp_get_template_stackincludes\buddydrive-functions.php:1063

actionbp_initincludes\buddydrive-group-class.php:256

actionbuddydrive_register_scriptsincludes\buddydrive-item-actions.php:56

actionbuddydrive_after_loopincludes\buddydrive-item-actions.php:68

actionbuddydrive_directory_contentincludes\buddydrive-item-actions.php:114

actionbp_template_contentincludes\buddydrive-item-actions.php:121

actionbp_template_contentincludes\buddydrive-item-actions.php:178

actionbp_template_contentincludes\buddydrive-item-actions.php:185

actionbuddydrive_actionsincludes\buddydrive-item-actions.php:192

actionbuddydrive_update_itemincludes\buddydrive-item-actions.php:217

actionwpmu_delete_userincludes\buddydrive-item-actions.php:230

actiondelete_userincludes\buddydrive-item-actions.php:231

actionbp_make_spam_userincludes\buddydrive-item-actions.php:232

actiongroups_group_create_completeincludes\buddydrive-item-actions.php:255

filterwp_page_menu_argsincludes\buddydrive-item-filters.php:165

filternav_menu_meta_box_objectincludes\buddydrive-item-filters.php:197

filtergroups_forbidden_namesincludes\buddydrive-item-filters.php:213

filtersanitize_file_nameincludes\buddydrive-item-functions.php:449

filterupload_mimesincludes\buddydrive-item-functions.php:456

filterupload_size_limitincludes\buddydrive-item-functions.php:457

actiongroups_before_delete_groupincludes\buddydrive-item-functions.php:913

filterintermediate_image_sizes_advancedincludes\buddydrive-item-functions.php:1295

filter_wp_relative_upload_pathincludes\buddydrive-item-functions.php:1296

filterupload_mimesincludes\buddydrive-item-functions.php:1538

filterbp_located_templateincludes\buddydrive-item-screens.php:77

filterbp_get_template_stackincludes\buddydrive-item-screens.php:78

filterthe_contentincludes\buddydrive-item-screens.php:142

filterbp_get_template_partincludes\buddydrive-item-screens.php:228

actionbp_template_titleincludes\buddydrive-item-screens.php:235

actionbp_template_contentincludes\buddydrive-item-screens.php:236

actionbp_template_contentincludes\buddydrive-item-screens.php:239

actionbp_screensincludes\buddydrive-item-screens.php:273

actionbp_setup_theme_compatincludes\buddydrive-item-screens.php:274

actionbp_template_include_reset_dummy_post_dataincludes\buddydrive-item-screens.php:308

filterbp_replace_the_contentincludes\buddydrive-item-screens.php:309

actionbp_initincludes\buddydrive-item-screens.php:354

actionbp_members_admin_user_statsincludes\buddydrive-item-template.php:68

filterbp_attachments_get_plupload_l10nincludes\buddydrive-item-template.php:95

filterbp_attachments_get_plupload_default_settingsincludes\buddydrive-item-template.php:96

filterbuddydrive_attachment_script_dataincludes\buddydrive-item-template.php:97

Maintenance & Trust

BuddyDrive Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 3, 2025

PHP min version7.4

Downloads240K

Community Trust

Rating86/100

Number of ratings47

Active installs1K

Alternatives

BuddyDrive Alternatives

BuddyPress Group Folders

buddypress-group-folders

Very basic and private file storage for groups.

10 No CVEs

Disk Usage Insights

disk-usage-insights

100

Find large files and folders in no time! Hunt down the TOP 10 files and folders with the most disk usage.

1K No CVEs

Prevent files / folders access

prevent-file-access

Prevent public access to WordPress files and folders. Protect downloads from public access, Role-based folder access, and User base folder access.

1K 2 CVEs

BuddyPress Edit Activity

buddypress-edit-activity

BuddyPress Edit Activity allows your members to edit their activity posts on the front-end of your BuddyPress-powered site.

900 No CVEs

BuddyPress xProfile Checkout Manager for WooCommerce

woocommerce-buddypress-integration-xprofile-checkout-manager

BuddyPress xProfile Checkout Manager for WooCommerce extension where you can integrate BuddyPress xProfile into WooCommerce Checkout.

70 1 CVE

Developer Profile

BuddyDrive Developer Profile

Themekraft

12 plugins · 5K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

375 days

View full developer profile

Detection Fingerprints

How We Detect BuddyDrive

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/buddydrive/includes/css/admin-style.css/wp-content/plugins/buddydrive/includes/css/style.css/wp-content/plugins/buddydrive/includes/js/custom.js/wp-content/plugins/buddydrive/includes/js/upload.js

Script Paths

/wp-content/plugins/buddydrive/includes/js/custom.js/wp-content/plugins/buddydrive/includes/js/upload.js

Version Parameters

/wp-content/plugins/buddydrive/includes/css/admin-style.css?ver=/wp-content/plugins/buddydrive/includes/css/style.css?ver=/wp-content/plugins/buddydrive/includes/js/custom.js?ver=/wp-content/plugins/buddydrive/includes/js/upload.js?ver=

HTML / DOM Fingerprints

CSS Classes

buddydrive-upload-areabuddydrive-file-listbuddydrive-file-itembuddydrive-folder-itembuddydrive-breadcrumbs

Data Attributes

data-buddydrive-iddata-buddydrive-upload-urldata-buddydrive-owner-id

JS Globals

BuddyDriveUploadBuddyDrive

REST Endpoints

/wp-json/buddydrive/v1/files/wp-json/buddydrive/v1/folders

Shortcode Output

[buddydrive_files][buddydrive_folders][buddydrive_upload_form]

FAQ