Does BuddyPress & BuddyBoss Member Profile Forms have any unpatched vulnerabilities?

No. All known vulnerabilities in BuddyPress & BuddyBoss Member Profile Forms have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BuddyPress & BuddyBoss Member Profile Forms compatible with WordPress 6.6.5?

According to WordPress.org data, BuddyPress & BuddyBoss Member Profile Forms 1.5.7 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

How often is BuddyPress & BuddyBoss Member Profile Forms updated?

BuddyPress & BuddyBoss Member Profile Forms was last updated on Sep 4, 2024. Frequent updates are generally a positive security signal.

What is BuddyPress & BuddyBoss Member Profile Forms's security score?

BuddyPress & BuddyBoss Member Profile Forms has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BuddyPress & BuddyBoss Member Profile Forms Security & Risk Analysis

wordpress.org/plugins/buddyforms-members

Create custom Member Profile Tabs and Registration Forms in BuddyPress and BuddyBoss. Allow your Members to create, edit, and delete any kind of data …

400 active installs v1.5.7 PHP + WP 3.9+ Updated Sep 4, 2024

buddybossbuddypressbuddypress-profilebuddypress-registrationmember-forms

A · Safe

CVEs total1

Unpatched0

Last CVEMay 31, 2022

Plugin page Download

Safety Verdict

Is BuddyPress & BuddyBoss Member Profile Forms Safe to Use in 2026?

Generally Safe

Score 92/100

BuddyPress & BuddyBoss Member Profile Forms has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 31, 2022Updated 1yr ago

Risk Assessment

The "buddyforms-members" v1.5.7 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and having a high percentage of properly escaped output. The absence of file operations and external HTTP requests, along with a respectable number of nonce and capability checks, are also strengths. However, a significant concern is the presence of a single unprotected AJAX handler, which represents a direct entry point that lacks authentication checks. This "attack surface" of one unprotected entry point is a notable weakness.

The vulnerability history indicates a past medium-severity Cross-Site Scripting (XSS) vulnerability, which was patched. The lack of currently unpatched vulnerabilities is a positive sign, suggesting the developers are responsive to security issues. The absence of critical or high-severity vulnerabilities in the past, combined with the strong use of prepared statements and output escaping, suggests a generally decent but not flawless development process.

In conclusion, while the plugin has several strong security controls in place, the unprotected AJAX handler is a clear and present risk that requires immediate attention. The historical XSS vulnerability, though patched, serves as a reminder that even with good practices, vulnerabilities can emerge. The overall security is moderate, with the unprotected AJAX handler being the most critical actionable item.

Key Concerns

Unprotected AJAX handler found
Past medium-severity XSS vulnerability

Vulnerabilities

BuddyPress & BuddyBoss Member Profile Forms Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

WF-dbbd9eda-756b-4fa7-b7b6-d91181cc80d6-buddyforms-membersmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BuddyForms Members <= 1.4.21 - Cross-Site Scripting

May 31, 2022 Patched in 1.4.22 (602d)

Code Analysis

Analyzed Mar 16, 2026

BuddyPress & BuddyBoss Member Profile Forms Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

99 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared3 total queries

Output Escaping

87% escaped114 total outputs

Attack Surface

1 unprotected

BuddyPress & BuddyBoss Member Profile Forms Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_buddyforms_update_xprofile_field_selectorincludes\form-elements.php:571

WordPress Hooks 80

actionplugins_loadedbuddyforms-members.php:17

actionbuddyforms_members_loadbuddyforms-members.php:20

actionbuddyforms_members_loadbuddyforms-members.php:23

actionbuddyforms_members_loadbuddyforms-members.php:26

actionbuddyforms_members_loadbuddyforms-members.php:29

actionbp_initbuddyforms-members.php:32

filterbuddyforms_admin_tabsincludes\admin-settings-tab.php:6

actionbuddyforms_settings_page_tabincludes\admin-settings-tab.php:12

actionadmin_initincludes\admin-settings-tab.php:103

filterpostbox_classes_buddyforms_buddyforms_membersincludes\form-elements.php:7

filterpostbox_classes_buddyforms_buddyforms_membersincludes\form-elements.php:8

filterpostbox_classes_buddyforms_buddyforms_membersincludes\form-elements.php:9

filteradd_meta_boxesincludes\form-elements.php:166

filterbuddyforms_add_form_element_select_optionincludes\form-elements.php:171

filterbuddyforms_form_element_add_fieldincludes\form-elements.php:205

filterbuddyforms_create_edit_form_display_elementincludes\form-elements.php:577

actionbuddyforms_process_submission_endincludes\form-elements.php:953

filterbuddyforms_formbuilder_fields_optionsincludes\form-elements.php:1093

actionbp_template_contentincludes\form-elements.php:1136

filterbp_get_template_partincludes\form-elements.php:1137

actionbp_initincludes\form-elements.php:1141

actionwp_before_admin_bar_renderincludes\functions.php:14

actionwp_before_admin_bar_renderincludes\functions.php:79

filterbuddyforms_front_js_css_loaderincludes\functions.php:136

filterbuddyforms_mail_to_before_send_notificationincludes\functions.php:195

filterbuddyforms_notifications_send_mail_to_optionsincludes\functions.php:222

actionpost_submitbox_startincludes\functions.php:241

actionbuddyforms_before_update_form_optionsincludes\functions.php:277

filterbp_is_current_componentincludes\functions.php:310

filterbuddyforms_the_author_idincludes\functions.php:318

actionbp_located_templateincludes\member-extension.php:30

actionwp_enqueue_scriptsincludes\member-extension.php:31

actionbp_template_contentincludes\member-extension.php:388

actionbp_template_contentincludes\member-extension.php:395

actionbp_template_contentincludes\member-extension.php:402

actionbp_template_contentincludes\member-extension.php:409

actionbp_template_contentincludes\member-extension.php:416

actionbp_template_contentincludes\member-extension.php:423

actioninitincludes\member-extension.php:512

actionbuddyforms_after_submission_endincludes\member-extension.php:568

filterbp_activity_create_summaryincludes\member-extension.php:593

filterbp_activity_custom_post_type_post_actionincludes\member-extension.php:618

filterbp_activity_new_update_actionincludes\member-extension.php:654

actiontemplate_redirectincludes\redirect.php:112

filterpage_linkincludes\redirect.php:143

filterbuddyforms_loop_edit_post_linkincludes\redirect.php:172

filterget_pagenum_linkincludes\redirect.php:196

filterbuddyforms_after_save_post_redirectincludes\redirect.php:199

filterbuddyforms_login_form_redirect_urlincludes\redirect.php:246

filterbuddyforms_reset_password_redirectincludes\redirect.php:258

actioninitincludes\resources\tgm\class-tgm-plugin-activation.php:5

filterload_textdomain_mofileincludes\resources\tgm\class-tgm-plugin-activation.php:5

actioninitincludes\resources\tgm\class-tgm-plugin-activation.php:5

actionadmin_menuincludes\resources\tgm\class-tgm-plugin-activation.php:5

actionadmin_headincludes\resources\tgm\class-tgm-plugin-activation.php:5

filterinstall_plugin_complete_actionsincludes\resources\tgm\class-tgm-plugin-activation.php:5

filterupdate_plugin_complete_actionsincludes\resources\tgm\class-tgm-plugin-activation.php:5

actionadmin_noticesincludes\resources\tgm\class-tgm-plugin-activation.php:5

actionadmin_initincludes\resources\tgm\class-tgm-plugin-activation.php:5

actionadmin_enqueue_scriptsincludes\resources\tgm\class-tgm-plugin-activation.php:5

actionload-plugins.phpincludes\resources\tgm\class-tgm-plugin-activation.php:5

actionswitch_themeincludes\resources\tgm\class-tgm-plugin-activation.php:5

actionadmin_initincludes\resources\tgm\class-tgm-plugin-activation.php:5

actionswitch_themeincludes\resources\tgm\class-tgm-plugin-activation.php:5

actionload_textdomain_mofileincludes\resources\tgm\class-tgm-plugin-activation.php:5

filterupgrader_source_selectionincludes\resources\tgm\class-tgm-plugin-activation.php:22

actionplugins_loadedincludes\resources\tgm\class-tgm-plugin-activation.php:22

filterbuddyforms_members_tgmpa_table_data_itemsincludes\resources\tgm\class-tgm-plugin-activation.php:22

filterupgrader_source_selectionincludes\resources\tgm\class-tgm-plugin-activation.php:29

actionadmin_initincludes\resources\tgm\class-tgm-plugin-activation.php:29

actionupgrader_process_completeincludes\resources\tgm\class-tgm-plugin-activation.php:29

filterupgrader_post_installincludes\resources\tgm\class-tgm-plugin-activation.php:29

actioninitloader.php:46

actionbuddyforms_members_tgmpa_registerloader.php:56

actionbp_loadedloader.php:91

actionbuddyforms_core_fs_loadedloader.php:174

filterbp_get_template_partloader.php:203

actionbp_initloader.php:212

Maintenance & Trust

BuddyPress & BuddyBoss Member Profile Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedSep 4, 2024

PHP min version

Downloads58K

Community Trust

Rating78/100

Number of ratings21

Active installs400

Alternatives

BuddyPress & BuddyBoss Member Profile Forms Alternatives

WPML Multilingual for BuddyPress and BuddyBoss

buddypress-multilingual

100

WPML Multilingual for BuddyPress and BuddyBoss allows BuddyPress and BuddyBoss sites to run fully multilingual using the WPML plugin.

7K No CVEs

BuddyPress Xprofile Custom Field Types

bp-xprofile-custom-field-types

Buddypress Xprofile Custom Field Types adds extra custom profile fields to BuddyPress. Field types are: Birthdate, Email, Url etc.

4K 1 CVE

BuddyPress Builder for Elementor – BuddyBuilder

stax-buddy-builder

BuddyPress builder for Elementor — design member profiles, group pages, activity feeds and directories with drag & drop.

1K 3 CVEs

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages

wc4bp

Integrate WooCommerce my account into BuddyPress member profiles. Bring your WooCommerce member pages into BuddyPress and BuddyBoss.

1K 5 CVEs

BuddyPress Simple Events

buddypress-simple-events

100

A simple Events plugin for BuddyPress or the BuddyBoss Platform.

200 No CVEs

Developer Profile

BuddyPress & BuddyBoss Member Profile Forms Developer Profile

Themekraft

12 plugins · 5K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

375 days

View full developer profile

Detection Fingerprints

How We Detect BuddyPress & BuddyBoss Member Profile Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/buddyforms-members/includes/css/buddyforms-members.css/wp-content/plugins/buddyforms-members/includes/js/buddyforms-members.js

Script Paths

/wp-content/plugins/buddyforms-members/includes/js/buddyforms-members.js

Version Parameters

buddyforms-members/includes/css/buddyforms-members.css?ver=buddyforms-members/includes/js/buddyforms-members.js?ver=

HTML / DOM Fingerprints

CSS Classes

buddyforms-members-formbuddyforms-members-form-settingsbuddyforms-members-profile-form

Data Attributes

data-bf-member-form-iddata-bf-member-form-settings

JS Globals

BuddyFormsMembers

Shortcode Output

[buddyforms_members_form][buddyforms_members_profile_form]

FAQ