Does BuddyMobile have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is BuddyMobile compatible with WordPress 4.5.33?

According to WordPress.org data, BuddyMobile 1.9.5 has been tested up to WordPress 4.5.33. Check the plugin's changelog for the latest compatibility information.

How often is BuddyMobile updated?

BuddyMobile was last updated on Jul 22, 2016. Frequent updates are generally a positive security signal.

What is BuddyMobile's security score?

BuddyMobile has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BuddyMobile Security & Risk Analysis

wordpress.org/plugins/buddymobile

Mobile plugin for optimized mobile experience on BuddyPress sites.

10 active installs v1.9.5 PHP + WP + Updated Jul 22, 2016

androidbuddypressiosiphonemobile

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BuddyMobile Safe to Use in 2026?

Generally Safe

Score 85/100

BuddyMobile has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "buddymobile" v1.9.5 plugin exhibits a generally good security posture based on the provided static analysis. The absence of identified AJAX handlers, REST API routes, shortcodes, and cron events, particularly those lacking authentication or permission checks, significantly reduces the plugin's attack surface. Furthermore, the lack of dangerous function usage and file operations is a positive indicator. The vulnerability history being clean with no recorded CVEs suggests a well-maintained plugin or a lack of past exploitation, which is reassuring.

However, there are areas for concern. The most significant is the presence of a single SQL query that does not utilize prepared statements. This introduces a risk of SQL injection vulnerabilities, especially if user-supplied data is being directly incorporated into this query. Additionally, a very low percentage of output is properly escaped, indicating a high likelihood of cross-site scripting (XSS) vulnerabilities. The lack of nonce checks on any entry points is also a significant weakness, as it leaves the plugin susceptible to cross-site request forgery (CSRF) attacks if any sensitive actions are performed.

While the plugin's limited attack surface and clean vulnerability history are strengths, the unescaped output and raw SQL query are critical weaknesses that demand immediate attention. The absence of nonce checks further amplifies these risks. Addressing these specific code-level issues is paramount to improving the plugin's overall security.

Key Concerns

SQL query without prepared statements
Low percentage of properly escaped output
No nonce checks on entry points

Vulnerabilities

None known

BuddyMobile Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

BuddyMobile Release Timeline

v1.9.5Current

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9

Code Analysis

Analyzed Apr 16, 2026

BuddyMobile Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

13% escaped90 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

1 flows

<post-form> (themes/mobile/iphone/buddypress/activity/post-form.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

BuddyMobile Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 24

actioninitincludes/bp-mobile-admin.php:12

actionadmin_menuincludes/bp-mobile-admin.php:19

actionnetwork_admin_menuincludes/bp-mobile-admin.php:20

actionadmin_initincludes/bp-mobile-admin.php:41

actionadmin_enqueue_scriptsincludes/bp-mobile-admin.php:220

actionmedia_buttonsincludes/bp-mobile-admin.php:221

actionmedia_buttonsincludes/bp-mobile-admin.php:222

actionmedia_buttonsincludes/bp-mobile-admin.php:223

actioninitincludes/bp-mobile-class.php:111

actionadmin_print_stylesincludes/bp-mobile-class.php:114

actionadmin_enqueue_scriptsincludes/bp-mobile-class.php:115

actioninitincludes/bp-mobile-class.php:117

filtertemplateincludes/bp-mobile-class.php:119

filterstylesheetincludes/bp-mobile-class.php:120

actionwp_footerincludes/bp-mobile-loader.php:40

actionwp_headincludes/bp-mobile-loader.php:68

actionplugins_loadedloader.php:18

actionplugins_loadedloader.php:28

filtershow_admin_barthemes/mobile/iphone/functions.php:4

actionwpthemes/mobile/iphone/functions.php:12

actionwp_headthemes/mobile/iphone/functions.php:23

actionbp_includethemes/mobile/iphone/functions.php:26

actionwp_enqueue_scriptsthemes/mobile/iphone/functions.php:45

actionwp_headthemes/mobile/iphone/functions.php:73

Maintenance & Trust

BuddyMobile Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33

Last updatedJul 22, 2016

PHP min version

Downloads22K

Community Trust

Rating100/100

Number of ratings9

Active installs10

Alternatives

BuddyMobile Alternatives

Mobile App Showcase Widget

mobile-app-showcase

This WordPress plugin simply adds a sidebar widget to showcase your mobile application, whether an iPhone or an Android app.

10 No CVEs

prograpper

Create (android / ios ) App for your WordPress Site

10 No CVEs

WPtouch – Make your WordPress Website Mobile-Friendly

wptouch

With just a few clicks, make your WordPress website mobile-friendly (iPhone, Android, and more). Recommended by Google, it will instantly enable a mob …

50K 10 CVEs

AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker)

appmysite

Turn your WordPress or WooCommerce site into a native Android & iOS app in minutes — no coding required.

8K 2 CVEs

WPMobile.App

wpappninja

Android and iOS mobile application. Easy setup, free test.

4K 9 CVEs

Developer Profile

BuddyMobile Developer Profile

modemlooper

9 plugins · 190 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BuddyMobile

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/buddymobile/css/iphone.css/wp-content/plugins/buddymobile/css/bootstrap.min.css/wp-content/plugins/buddymobile/css/font-awesome.min.css/wp-content/plugins/buddymobile/css/responsive.css/wp-content/plugins/buddymobile/css/style.css/wp-content/plugins/buddymobile/js/bootstrap.min.js/wp-content/plugins/buddymobile/js/jquery.isotope.min.js/wp-content/plugins/buddymobile/js/modernizr.js+11 more

Script Paths

wp-content/plugins/buddymobile/js/jquery.swipebox.jswp-content/plugins/buddymobile/js/jquery.sticky.jswp-content/plugins/buddymobile/js/jquery.bxslider.min.jswp-content/plugins/buddymobile/js/bxslider.jswp-content/plugins/buddymobile/js/isotope.jswp-content/plugins/buddymobile/js/custom.js+7 more

Version Parameters

ver=1.9.5?ver=1.9.5

HTML / DOM Fingerprints

CSS Classes

buddymobile-wrapperbuddymobile-menubuddymobile-contentbuddymobile-footerbuddymobile-login-form

HTML Comments

Data Attributes

data-buddymobile-themedata-buddymobile-stickydata-buddymobile-color

JS Globals

buddymobile_optionsjQuery.fn.swipeboxjQuery.fn.bxSliderjQuery.fn.isotope

FAQ