Does BuddyMeet have any unpatched vulnerabilities?

No. All known vulnerabilities in BuddyMeet have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BuddyMeet compatible with WordPress 6.8.5?

According to WordPress.org data, BuddyMeet 2.6.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is BuddyMeet compatible with PHP 5.3+?

BuddyMeet requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is BuddyMeet updated?

BuddyMeet was last updated on Jul 3, 2025. Frequent updates are generally a positive security signal.

What is BuddyMeet's security score?

BuddyMeet has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BuddyMeet Security & Risk Analysis

wordpress.org/plugins/buddymeet

Adds video and audio conferencing rooms to BuddyPress! Powered by Jitsi Meet!

700 active installs v2.6.0 PHP 5.3+ WP 4.6.0+ Updated Jul 3, 2025

buddymeetbuddypressconferencejitsivideo

A · Safe

CVEs total1

Unpatched0

Last CVESep 28, 2023

Download

Safety Verdict

Is BuddyMeet Safe to Use in 2026?

Generally Safe

Score 100/100

BuddyMeet has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 28, 2023Updated 9mo ago

Risk Assessment

The "buddymeet" v2.6.0 plugin exhibits a generally strong security posture, particularly in its handling of SQL queries and its limited attack surface. The plugin correctly utilizes prepared statements for all SQL queries, which is a critical defense against SQL injection vulnerabilities. Furthermore, the absence of REST API routes and cron events, along with a relatively small number of AJAX handlers and shortcodes, reduces the overall attack surface. The presence of nonce checks and capability checks on its entry points indicates good development practices for preventing unauthorized actions.

However, a significant concern arises from the output escaping. With 62% of outputs properly escaped, it means a substantial 38% of outputs are not, leaving the plugin vulnerable to Cross-Site Scripting (XSS) attacks. This is further corroborated by the vulnerability history, which shows a past medium-severity XSS vulnerability. While there are no currently unpatched CVEs and the taint analysis found no issues, the historical XSS vulnerability and the high percentage of unescaped output present a clear and present risk. The plugin's strengths in SQL and access control are undermined by its weakness in output sanitization.

Key Concerns

Significant unescaped output
Past medium severity XSS vulnerability

Vulnerabilities

BuddyMeet Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-44985medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BuddyMeet <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Sep 28, 2023 Patched in 2.3.0 (117d)

Code Analysis

Analyzed Mar 16, 2026

BuddyMeet Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

23 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

62% escaped37 total outputs

Attack Surface

BuddyMeet Attack Surface

Entry Points5

Unprotected0

AJAX Handlers 4

authwp_ajax_members_autocompleteincludes\buddymeet-component-class.php:134

authwp_ajax_members_add_to_invite_listincludes\buddymeet-component-class.php:135

authwp_ajax_members_send_invitesincludes\buddymeet-component-class.php:136

authwp_ajax_members_delete_roomincludes\buddymeet-component-class.php:137

Shortcodes 1

[buddymeet] buddymeet.php:169

WordPress Hooks 27

actionwp_enqueue_scriptsbuddymeet.php:156

actionwp_enqueue_scriptsbuddymeet.php:157

actionbp_loadedbuddymeet.php:159

actionbp_includebuddymeet.php:160

actionbp_setup_navbuddymeet.php:162

actionadmin_menubuddymeet.php:164

actionadmin_initbuddymeet.php:165

filterbuddymeet_custom_settingsbuddymeet.php:167

filterbuddymeet_groups_get_groupmetabuddymeet.php:173

actionbp_initincludes\buddymeet-actions.php:10

actionbp_readyincludes\buddymeet-actions.php:11

actionbp_setup_current_userincludes\buddymeet-actions.php:12

actionbp_setup_themeincludes\buddymeet-actions.php:13

actionbp_after_setup_themeincludes\buddymeet-actions.php:14

actionbp_enqueue_scriptsincludes\buddymeet-actions.php:15

actionbp_admin_enqueue_scriptsincludes\buddymeet-actions.php:16

actionbp_enqueue_scriptsincludes\buddymeet-actions.php:17

actionbp_setup_admin_barincludes\buddymeet-actions.php:18

actionbp_actionsincludes\buddymeet-actions.php:19

actionbp_screensincludes\buddymeet-actions.php:20

actionadmin_initincludes\buddymeet-actions.php:21

actionadmin_headincludes\buddymeet-actions.php:22

actionbp_loadedincludes\buddymeet-component-class.php:407

actionbuddymeet_admin_initincludes\buddymeet-functions.php:123

filterbp_locate_template_and_loadincludes\buddymeet-group-class.php:352

filterbp_get_template_stackincludes\buddymeet-group-class.php:353

actionbp_initincludes\buddymeet-group-class.php:385

Maintenance & Trust

BuddyMeet Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 3, 2025

PHP min version5.3

Downloads37K

Community Trust

Rating94/100

Number of ratings14

Active installs700

Alternatives

BuddyMeet Alternatives

Video Conferencing with Zoom

video-conferencing-with-zoom-api

Gives you the power to manage Zoom Meetings, Zoom Webinars, Recordings, Reports and create users directly from your WordPress dashboard.

20K 9 CVEs

eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams

eroom-zoom-meetings-webinar

eRoom is the best WordPress Zoom Meeting and Webinar Plugin. eRoom Zoom WordPress plugin enables integration with Zoom, Google Meet, Microsoft Teams.

10K 7 CVEs

MediaPress

mediapress

MediaPress is the most advanced and feature rich media gallery plugin for BuddyPress & WordPress.

4K 3 CVEs

Activity Plus Reloaded for BuddyPress

bp-activity-plus-reloaded

Note: This plugin will be discontinued by March 31st, 2025 in favor of BuddyPress Attachment plugin. Please migrate to the new plugin before that date …

1K 2 unpatched

FlexMeeting – Webinar & Meeting Plugin for Jitsi Meet

webinar-and-video-conference-with-jitsi-meet

Host webinars and video conferences directly on your site. Add branded Jitsi-based meetings and live sessions easily.

1K 2 CVEs

Developer Profile

BuddyMeet Developer Profile

Cytech

2 plugins · 800 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

112 days

View full developer profile

Detection Fingerprints

How We Detect BuddyMeet

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/buddymeet/assets/css/buddymeet-public.css/wp-content/plugins/buddymeet/assets/js/buddymeet-public.js/wp-content/plugins/buddymeet/assets/js/buddymeet-jitsi-widget.js

Script Paths

/wp-content/plugins/buddymeet/assets/js/buddymeet-public.js/wp-content/plugins/buddymeet/assets/js/buddymeet-jitsi-widget.js

Version Parameters

/wp-content/plugins/buddymeet/assets/css/buddymeet-public.css?ver=/wp-content/plugins/buddymeet/assets/js/buddymeet-public.js?ver=/wp-content/plugins/buddymeet/assets/js/buddymeet-jitsi-widget.js?ver=

HTML / DOM Fingerprints

CSS Classes

buddymeet-content

Data Attributes

data-jitsi-domaindata-jitsi-roomdata-jitsi-widthdata-jitsi-heightdata-jitsi-config

JS Globals

BuddyMeetConfig

Shortcode Output

[buddymeet]

FAQ