WP-Safety

BuddyForms Moderation ( Former: Review Logic ) Security & Risk Analysis

wordpress.org/plugins/buddyforms-review

Create new drafts or pending reviews from new or published posts without changing the live version.

40 active installs v1.5.1 PHP + WP 3.9+ Updated Dec 27, 2023
buddypresscustom-post-typesmembersprofilesuser
85
A · Safe
CVEs total1
Unpatched0
Last CVEOct 3, 2022
Plugin page Download
Safety Verdict

Is BuddyForms Moderation ( Former: Review Logic ) Safe to Use in 2026?

Generally Safe

Score 85/100

BuddyForms Moderation ( Former: Review Logic ) has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 3, 2022Updated 2yr ago
Risk Assessment

The 'buddyforms-review' plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries, conducting a significant number of nonce and capability checks, and properly escaping the vast majority of its output. There are no identified dangerous functions, file operations, or external HTTP requests, which are all favorable indicators. However, a key concern arises from the static analysis revealing one unprotected AJAX handler, presenting a direct attack vector that could potentially be exploited if not properly secured at the application level.

The vulnerability history shows one previously identified medium-severity Cross-Site Scripting (XSS) vulnerability, which was patched. While there are currently no unpatched CVEs, the existence of a past XSS vulnerability, particularly combined with the unprotected AJAX endpoint, suggests a potential for input sanitization or output escaping issues that warrant careful review. The taint analysis indicates a low risk of unsanitized paths with no critical or high severity flows, which is encouraging, but the two flows with unsanitized paths still represent a potential area for concern.

In conclusion, the plugin has strengths in its secure handling of database interactions and a generally good output escaping rate. However, the presence of an unprotected AJAX handler and a history of XSS vulnerabilities necessitate ongoing vigilance. Future development should prioritize securing all entry points, particularly AJAX handlers, and thorough code audits to prevent the reintroduction of input validation or output escaping flaws.

Key Concerns

  • Unprotected AJAX handler found
  • History of medium severity XSS vulnerability
  • Flows with unsanitized paths
Vulnerabilities
1

BuddyForms Moderation ( Former: Review Logic ) Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

WF-50c8a20a-66b4-445e-9167-e6fc0e6a1000-buddyforms-reviewmedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BuddyForms Moderation <= 1.4.16 - Authenticated Stored Cross-Site Scripting

Oct 3, 2022 Patched in 1.4.17 (477d)
Code Analysis
Analyzed Mar 16, 2026

BuddyForms Moderation ( Former: Review Logic ) Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
17
155 escaped
Nonce Checks
6
Capability Checks
15
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

90% escaped172 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
buddyforms_moderation_duplicate_post (includes\duplicate-post.php:10)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

BuddyForms Moderation ( Former: Review Logic ) Attack Surface

Entry Points3
Unprotected1

AJAX Handlers 2

authwp_ajax_buddyforms_reject_nowincludes\functions.php:517
authwp_ajax_buddyforms_moderators_ajax_approve_postincludes\moderators-form-element.php:287

Shortcodes 1

[buddyforms_list_posts_to_moderate] includes\shortcodes.php:127
WordPress Hooks 73
actionwp_insert_post_dataincludes\buddyforms-moderation.php:27
actioninitincludes\buddyforms-moderation.php:28
actionpost_submitbox_misc_actionsincludes\buddyforms-moderation.php:29
actionadmin_footer-edit.phpincludes\buddyforms-moderation.php:30
filterbuddyforms_get_post_status_arrayincludes\buddyforms-moderation.php:31
filterdisplay_post_statesincludes\buddyforms-moderation.php:32
actionadmin_action_buddyforms_moderation_duplicate_postincludes\duplicate-post.php:9
filterpost_row_actionsincludes\duplicate-post.php:147
actionadmin_bar_menuincludes\duplicate-post.php:180
filterpostbox_classes_buddyforms_buddyforms_moderationincludes\form-elements.php:9
filterpostbox_classes_buddyforms_buddyforms_moderationincludes\form-elements.php:10
filterpostbox_classes_buddyforms_buddyforms_moderationincludes\form-elements.php:11
filteradd_meta_boxesincludes\form-elements.php:172
filterbuddyforms_create_edit_form_buttonincludes\form-elements.php:276
filterbuddyforms_include_form_draft_buttonincludes\form-elements.php:297
filterbuddyforms_include_form_submit_buttonincludes\form-elements.php:298
filterthe_titleincludes\form-elements.php:418
filterbuddyforms_ajax_process_edit_post_json_responseincludes\form-elements.php:420
filterbuddyforms_update_post_argsincludes\form-elements.php:452
filterbuddyforms_post_status_cssincludes\form-elements.php:505
filterbuddyforms_create_edit_form_post_statusincludes\form-elements.php:534
actiontransition_post_statusincludes\functions.php:6
filterbuddyforms_shortcode_the_loop_post_statusincludes\functions.php:93
filterbuddyforms_loop_edit_post_linkincludes\functions.php:95
actionbuddyforms_the_table_inner_tr_lastincludes\functions.php:193
actionbuddyforms_the_loop_li_lastincludes\functions.php:324
filterbuddyforms_the_loop_date_formatincludes\functions.php:358
actionbuddyforms_post_edit_meta_box_select_formincludes\functions.php:360
filterbuddyforms_process_submission_okincludes\functions.php:644
filterbuddyforms_process_submission_ok_error_messageincludes\functions.php:656
filterbuddyforms_unauthorized_shortcodes_field_typeincludes\functions.php:831
filterbuddyforms_form_display_messageincludes\functions.php:874
filtercomments_openincludes\functions.php:898
filterthe_contentincludes\functions.php:936
actionbuddyforms_front_js_css_after_enqueueincludes\functions.php:963
filterbuddyforms_add_form_element_select_optionincludes\functions.php:988
actionpre_get_postsincludes\functions.php:991
filterbuddyforms_post_link_on_the_loopincludes\functions.php:1014
filtermycred_publish_hook_oldincludes\functions.php:1033
filterbuddyforms_form_element_add_fieldincludes\moderators-form-element.php:73
filterbuddyforms_create_edit_form_display_elementincludes\moderators-form-element.php:174
actionbuddyforms_update_post_metaincludes\moderators-form-element.php:224
filterbuddyforms_form_custom_validationincludes\moderators-form-element.php:227
actionbuddyforms_the_loop_after_actionsincludes\moderators-form-element.php:284
actioninitincludes\resources\tgm\class-tgm-plugin-activation.php:5
filterload_textdomain_mofileincludes\resources\tgm\class-tgm-plugin-activation.php:5
actioninitincludes\resources\tgm\class-tgm-plugin-activation.php:5
actionadmin_menuincludes\resources\tgm\class-tgm-plugin-activation.php:5
actionadmin_headincludes\resources\tgm\class-tgm-plugin-activation.php:5
filterinstall_plugin_complete_actionsincludes\resources\tgm\class-tgm-plugin-activation.php:5
filterupdate_plugin_complete_actionsincludes\resources\tgm\class-tgm-plugin-activation.php:5
actionadmin_noticesincludes\resources\tgm\class-tgm-plugin-activation.php:5
actionadmin_initincludes\resources\tgm\class-tgm-plugin-activation.php:5
actionadmin_enqueue_scriptsincludes\resources\tgm\class-tgm-plugin-activation.php:5
actionload-plugins.phpincludes\resources\tgm\class-tgm-plugin-activation.php:5
actionswitch_themeincludes\resources\tgm\class-tgm-plugin-activation.php:5
actionswitch_themeincludes\resources\tgm\class-tgm-plugin-activation.php:5
actionadmin_initincludes\resources\tgm\class-tgm-plugin-activation.php:5
actionswitch_themeincludes\resources\tgm\class-tgm-plugin-activation.php:5
actionload_textdomain_mofileincludes\resources\tgm\class-tgm-plugin-activation.php:5
filterupgrader_source_selectionincludes\resources\tgm\class-tgm-plugin-activation.php:21
actionplugins_loadedincludes\resources\tgm\class-tgm-plugin-activation.php:21
filtertgmpa_table_data_itemsincludes\resources\tgm\class-tgm-plugin-activation.php:21
filterupgrader_source_selectionincludes\resources\tgm\class-tgm-plugin-activation.php:28
actionadmin_initincludes\resources\tgm\class-tgm-plugin-activation.php:28
actionupgrader_process_completeincludes\resources\tgm\class-tgm-plugin-activation.php:28
filterupgrader_post_installincludes\resources\tgm\class-tgm-plugin-activation.php:28
filterupgrader_post_installincludes\resources\tgm\class-tgm-plugin-activation.php:28
actioninitloader.php:38
actiontgmpa_registerloader.php:60
actionplugins_loadedloader.php:61
actionadmin_noticesloader.php:236
actionbuddyforms_core_fs_loadedloader.php:247
Maintenance & Trust

BuddyForms Moderation ( Former: Review Logic ) Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedDec 27, 2023
PHP min version
Downloads7K

Community Trust

Rating74/100
Number of ratings3
Active installs40
Alternatives

BuddyForms Moderation ( Former: Review Logic ) Alternatives

BuddyForms Form Elements for WooCommerce

BuddyForms Form Elements for WooCommerce

buddyforms-woocommerce-form-elements

A
85

Let your WooCommerce Vendors Manage there Products from the Frontend

20 No CVEs
BuddyPress xProfile Checkout Manager for WooCommerce

BuddyPress xProfile Checkout Manager for WooCommerce

woocommerce-buddypress-integration-xprofile-checkout-manager

A
85

BuddyPress xProfile Checkout Manager for WooCommerce extension where you can integrate BuddyPress xProfile into WooCommerce Checkout.

70 1 CVE
BP Profile Search

BP Profile Search

bp-profile-search

A
95

Member search and member directories for BuddyPress and the BuddyBoss Platform.

6K 3 CVEs
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

youzify

D
47

The best BuddyPress plugin for building online communities, user profile, social networks, and membership sites on WordPress with tons of features.

6K 1 unpatched
BP Edit User Profiles

BP Edit User Profiles

bp-edit-user-profiles

A
85

Adds a "Edit BuddyPress Profile" link to the users page in the dashboard if current user is an administrator.

20 No CVEs
Developer Profile

BuddyForms Moderation ( Former: Review Logic ) Developer Profile

Themekraft

12 plugins · 5K total installs

69
trust score
Avg Security Score
85/100
Avg Patch Time
375 days
View full developer profile
Detection Fingerprints

How We Detect BuddyForms Moderation ( Former: Review Logic )

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/buddyforms-review/assets/css/admin.css/wp-content/plugins/buddyforms-review/assets/css/review.css/wp-content/plugins/buddyforms-review/assets/js/admin.js/wp-content/plugins/buddyforms-review/assets/js/review.js
Script Paths
/wp-content/plugins/buddyforms-review/assets/js/admin.js/wp-content/plugins/buddyforms-review/assets/js/review.js
Version Parameters
buddyforms-review/assets/css/admin.css?ver=buddyforms-review/assets/css/review.css?ver=buddyforms-review/assets/js/admin.js?ver=buddyforms-review/assets/js/review.js?ver=

HTML / DOM Fingerprints

CSS Classes
buddyforms-noticebuddyforms-titlebuddyforms-notice-body
HTML Comments
Plugin Name: BuddyForms Moderation ( Former: Review Logic )Svn: buddyforms-review
FAQ

Frequently Asked Questions about BuddyForms Moderation ( Former: Review Logic )