Does BuddyPress Backwards Compatibility have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is BuddyPress Backwards Compatibility compatible with WordPress 2.9.2?

According to WordPress.org data, BuddyPress Backwards Compatibility 0.6 has been tested up to WordPress 2.9.2. Check the plugin's changelog for the latest compatibility information.

How often is BuddyPress Backwards Compatibility updated?

BuddyPress Backwards Compatibility was last updated on Feb 19, 2010. Frequent updates are generally a positive security signal.

What is BuddyPress Backwards Compatibility's security score?

BuddyPress Backwards Compatibility has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BuddyPress Backwards Compatibility Security & Risk Analysis

wordpress.org/plugins/buddypress-backwards-compatibility

Code needed for backwards compatibility with previous versions of BuddyPress. Contains original themes, wire component, status updates, and functions …

10 active installs v0.6 PHP + WP 2.9.1+ Updated Feb 19, 2010

backwards-compatibilitybuddypress

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BuddyPress Backwards Compatibility Safe to Use in 2026?

Generally Safe

Score 85/100

BuddyPress Backwards Compatibility has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago

Risk Assessment

The "buddypress-backwards-compatibility" plugin v0.6 presents a mixed security profile. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and having no recorded vulnerabilities or CVEs, suggesting a generally stable codebase. The absence of external HTTP requests and file operations also reduces certain attack vectors.

However, significant concerns arise from the static analysis. The plugin has a substantial attack surface, with 26 entry points, 14 of which lack authentication checks. This is a major weakness, as these unprotected AJAX handlers could be exploited by unauthenticated users. Furthermore, the taint analysis revealed 9 flows with unsanitized paths, indicating a potential for cross-site scripting (XSS) or other injection vulnerabilities, even though no critical or high-severity issues were explicitly flagged in the taint analysis itself. The low percentage of properly escaped output (6%) is another red flag, significantly increasing the risk of XSS attacks targeting users who interact with the plugin's output.

The lack of capability checks on entry points is particularly concerning, as it bypasses WordPress's built-in permission system. While the vulnerability history is clean, it does not mitigate the immediate risks identified in the code. The plugin's strengths lie in its SQL handling and lack of known external threats, but the unprotected entry points and poor output sanitization pose a considerable security risk that needs to be addressed.

Key Concerns

14 AJAX handlers without auth checks
6% properly escaped output
9 flows with unsanitized paths
0 capability checks on entry points
39 dangerous functions (create_function)

Vulnerabilities

None known

BuddyPress Backwards Compatibility Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

BuddyPress Backwards Compatibility Release Timeline

v0.6Current

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5

v0.4

Code Analysis

Analyzed Mar 17, 2026

BuddyPress Backwards Compatibility Code Analysis

Dangerous Functions

Raw SQL Queries

24 prepared

Unescaped Output

225

15 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', 'return register_widget("BPBC_Activity_Widget");') );bp-activity\bp-activity-widgets.php:4

create_functionadd_filter( 'bp_activity_template_my_activity', create_function( '', 'return "activity/just-me";' ) bp-activity.php:17

create_functionadd_filter( 'bp_activity_template_friends_activity', create_function( '', 'return "activity/my-frienbp-activity.php:18

create_functionadd_filter( 'bp_activity_template_profile_activity_permalink', create_function( '', 'return "activitbp-activity.php:19

create_functionadd_filter( 'bp_blogs_template_directory_blogs_setup', create_function( '', 'return "directories/blobp-blogs.php:60

create_functionadd_filter( 'bp_blogs_template_my_blogs', create_function( '', 'return "blogs/my-blogs";' ) );bp-blogs.php:61

create_functionadd_filter( 'bp_blogs_template_recent_posts', create_function( '', 'return "blogs/recent-posts";' ) bp-blogs.php:62

create_functionadd_filter( 'bp_blogs_template_recent_comments', create_function( '', 'return "blogs/recent-commentsbp-blogs.php:63

create_functionadd_filter( 'bp_blogs_template_create_a_blog', create_function( '', 'return "blogs/create";' ) );bp-blogs.php:64

create_functionadd_action('widgets_init', create_function('', 'return register_widget("BP_Core_Welcome_Widget");') bp-core\bp-core-widgets.php:3

create_functionadd_filter( 'bp_core_template_directory_members', create_function( '', 'return "directories/members/bp-core.php:183

create_functionadd_filter( 'bp_core_template_plugin', create_function( '', 'return "plugin-template";' ) );bp-core.php:184

create_functionadd_filter( 'bp_forums_template_directory_forums_setup', create_function( '', 'return "directories/fbp-forums.php:14

create_functionadd_filter( 'friends_template_my_friends', create_function( '', 'return "friends/index";' ) );bp-friends.php:136

create_functionadd_filter( 'friends_template_requests', create_function( '', 'return "friends/requests";' ) );bp-friends.php:137

create_functionadd_filter( 'groups_template_directory_groups', create_function( '', 'return "directories/groups/indbp-groups.php:237

create_functionadd_filter( 'groups_template_my_groups', create_function( '', 'return "groups/index";' ) );bp-groups.php:238

create_functionadd_filter( 'groups_template_group_invites', create_function( '', 'return "groups/invites";' ) );bp-groups.php:239

create_functionadd_filter( 'groups_template_group_admin', create_function( '', 'return "groups/single/admin";' ) );bp-groups.php:240

create_functionadd_filter( 'groups_template_group_forum_topic_edit', create_function( '', 'return "groups/single/fobp-groups.php:241

create_functionadd_filter( 'groups_template_group_forum_topic', create_function( '', 'return "groups/single/forum/tbp-groups.php:242

create_functionadd_filter( 'groups_template_group_forum', create_function( '', 'return "groups/single/forum/index";bp-groups.php:243

create_functionadd_filter( 'groups_template_group_leave', create_function( '', 'return "groups/single/leave-confirmbp-groups.php:244

create_functionadd_filter( 'groups_template_group_request_membership', create_function( '', 'return "groups/single/bp-groups.php:245

create_functionadd_filter( 'groups_template_group_invite', create_function( '', 'return "groups/single/send-invite"bp-groups.php:246

create_functionadd_filter( 'groups_template_group_members', create_function( '', 'return "groups/single/members";' bp-groups.php:247

create_functionadd_filter( 'groups_template_group_admin_settings', create_function( '', 'return "groups/single/admibp-groups.php:248

create_functionadd_filter( 'groups_template_group_admin_avatar', create_function( '', 'return "groups/single/admin"bp-groups.php:249

create_functionadd_filter( 'groups_template_group_admin_manage_members', create_function( '', 'return "groups/singlbp-groups.php:250

create_functionadd_filter( 'groups_template_group_admin_requests', create_function( '', 'return "groups/single/admibp-groups.php:251

create_functionadd_filter( 'groups_template_group_admin_delete_group', create_function( '', 'return "groups/single/bp-groups.php:252

create_functionadd_filter( 'messages_template_compose', create_function( '', 'return "messages/compose";' ) );bp-messages.php:15

create_functionadd_filter( 'messages_template_sentbox', create_function( '', 'return "messages/sentbox";' ) );bp-messages.php:16

create_functionadd_filter( 'messages_template_inbox', create_function( '', 'return "messages/index";' ) );bp-messages.php:17

create_functionadd_filter( 'messages_template_notices', create_function( '', 'return "messages/notices";' ) );bp-messages.php:18

create_functionadd_filter( 'messages_template_view_message', create_function( '', 'return "messages/view";' ) );bp-messages.php:19

create_functionadd_filter( 'xprofile_template_display_profile', create_function( '', 'return "profile/index";' ) );bp-xprofile.php:259

create_functionadd_filter( 'xprofile_template_edit_profile', create_function( '', 'return "profile/edit";' ) );bp-xprofile.php:260

create_functionadd_filter( 'xprofile_template_change_avatar', create_function( '', 'return "profile/change-avatar";bp-xprofile.php:261

SQL Query Safety

100% prepared24 total queries

Output Escaping

6% escaped240 total outputs

Data Flows · Security

9 unsanitized

Data Flow Analysis

15 flows9 with unsanitized paths

bp_the_site_blog_hidden_fields (bp-blogs.php:34)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

14 unprotected

BuddyPress Backwards Compatibility Attack Surface

Entry Points26

Unprotected14

AJAX Handlers 26

authwp_ajax_activity_widget_filterbp-themes\bp-sn-parent\functions.php:305

authwp_ajax_aw_get_older_updatesbp-themes\bp-sn-parent\functions.php:311

authwp_ajax_directory_blogsbp-themes\bp-sn-parent\_inc\ajax.php:17

authwp_ajax_directory_membersbp-themes\bp-sn-parent\_inc\ajax.php:24

authwp_ajax_directory_groupsbp-themes\bp-sn-parent\_inc\ajax.php:31

authwp_ajax_addremove_friendbp-themes\bp-sn-parent\_inc\ajax.php:60

authwp_ajax_my_friends_searchbp-themes\bp-sn-parent\_inc\ajax.php:65

authwp_ajax_groups_invite_userbp-themes\bp-sn-parent\_inc\ajax.php:108

authwp_ajax_group_filterbp-themes\bp-sn-parent\_inc\ajax.php:117

authwp_ajax_get_group_membersbp-themes\bp-sn-parent\_inc\ajax.php:160

authwp_ajax_get_group_members_adminbp-themes\bp-sn-parent\_inc\ajax.php:204

authwp_ajax_joinleave_groupbp-themes\bp-sn-parent\_inc\ajax.php:256

authwp_ajax_messages_send_replybp-themes\bp-sn-parent\_inc\ajax.php:281

authwp_ajax_messages_autocomplete_resultsbp-themes\bp-sn-parent\_inc\ajax.php:303

authwp_ajax_messages_markunreadbp-themes\bp-sn-parent\_inc\ajax.php:318

authwp_ajax_messages_markreadbp-themes\bp-sn-parent\_inc\ajax.php:333

authwp_ajax_messages_deletebp-themes\bp-sn-parent\_inc\ajax.php:350

authwp_ajax_messages_close_noticebp-themes\bp-sn-parent\_inc\ajax.php:365

authwp_ajax_get_wire_postsbp-themes\bp-sn-parent\_inc\ajax.php:412

authwp_ajax_post_updatebp-themes\bp-sn-parent\_inc\ajax.php:484

authwp_ajax_new_activity_commentbp-themes\bp-sn-parent\_inc\ajax.php:546

authwp_ajax_delete_activity_commentbp-themes\bp-sn-parent\_inc\ajax.php:564

authwp_ajax_status_show_formbp-themes\bp-sn-parent\_inc\ajax.php:569

authwp_ajax_status_show_statusbp-themes\bp-sn-parent\_inc\ajax.php:575

authwp_ajax_status_new_statusbp-themes\bp-sn-parent\_inc\ajax.php:588

authwp_ajax_status_clear_statusbp-themes\bp-sn-parent\_inc\ajax.php:598

WordPress Hooks 112

actionwidgets_initbp-activity\bp-activity-widgets.php:4

actionplugins_loadedbp-activity\bp-activity-widgets.php:6

filterbp_activity_template_my_activitybp-activity.php:17

filterbp_activity_template_friends_activitybp-activity.php:18

filterbp_activity_template_profile_activity_permalinkbp-activity.php:19

actioninitbp-activity.php:21

actionbp_setup_navbp-blogs.php:28

filterbp_blogs_template_directory_blogs_setupbp-blogs.php:60

filterbp_blogs_template_my_blogsbp-blogs.php:61

filterbp_blogs_template_recent_postsbp-blogs.php:62

filterbp_blogs_template_recent_commentsbp-blogs.php:63

filterbp_blogs_template_create_a_blogbp-blogs.php:64

actioninitbp-blogs.php:66

actionwidgets_initbp-core\bp-core-widgets.php:3

actionbp_register_widgetsbp-core\bp-core-widgets.php:5

filterbp_core_welcome_widget_textbp-core\bp-core-widgets.php:55

filterbp_core_welcome_widget_textbp-core\bp-core-widgets.php:56

filterbp_core_welcome_widget_textbp-core\bp-core-widgets.php:57

filterbp_core_welcome_widget_textbp-core\bp-core-widgets.php:58

filterbp_core_welcome_widget_textbp-core\bp-core-widgets.php:59

filterbp_core_welcome_widget_textbp-core\bp-core-widgets.php:60

filterbp_core_welcome_widget_textbp-core\bp-core-widgets.php:61

actionadmin_menubp-core.php:54

actionadmin_menubp-core.php:74

filterbp_core_template_directory_membersbp-core.php:183

filterbp_core_template_pluginbp-core.php:184

actioninitbp-core.php:186

filterbp_forums_template_directory_forums_setupbp-forums.php:14

actioninitbp-forums.php:16

filterfriends_template_my_friendsbp-friends.php:136

filterfriends_template_requestsbp-friends.php:137

actioninitbp-friends.php:139

actiongroups_setup_navbp-groups.php:21

actiongroups_setup_globalsbp-groups.php:28

actiongroups_installbp-groups.php:52

actiongroups_register_activity_actionsbp-groups.php:63

actiongroups_new_wire_postbp-groups.php:162

actiongroups_deleted_wire_postbp-groups.php:163

actiongroups_screen_notification_settingsbp-groups.php:176

actionbp_groups_delete_groupbp-groups.php:186

actiongroups_settings_updatedbp-groups.php:197

filtergroups_template_directory_groupsbp-groups.php:237

filtergroups_template_my_groupsbp-groups.php:238

filtergroups_template_group_invitesbp-groups.php:239

filtergroups_template_group_adminbp-groups.php:240

filtergroups_template_group_forum_topic_editbp-groups.php:241

filtergroups_template_group_forum_topicbp-groups.php:242

filtergroups_template_group_forumbp-groups.php:243

filtergroups_template_group_leavebp-groups.php:244

filtergroups_template_group_request_membershipbp-groups.php:245

filtergroups_template_group_invitebp-groups.php:246

filtergroups_template_group_membersbp-groups.php:247

filtergroups_template_group_admin_settingsbp-groups.php:248

filtergroups_template_group_admin_avatarbp-groups.php:249

filtergroups_template_group_admin_manage_membersbp-groups.php:250

filtergroups_template_group_admin_requestsbp-groups.php:251

filtergroups_template_group_admin_delete_groupbp-groups.php:252

actioninitbp-groups.php:254

actionbp_initbp-loader.php:23

filtermessages_template_composebp-messages.php:15

filtermessages_template_sentboxbp-messages.php:16

filtermessages_template_inboxbp-messages.php:17

filtermessages_template_noticesbp-messages.php:18

filtermessages_template_view_messagebp-messages.php:19

actioninitbp-messages.php:21

filterthe_status_contentbp-status\bp-status-filters.php:3

filterbp_status_content_before_savebp-status\bp-status-filters.php:4

filterthe_status_contentbp-status\bp-status-filters.php:6

filterbp_status_content_before_savebp-status\bp-status-filters.php:7

filterthe_status_contentbp-status\bp-status-filters.php:9

filterbp_status_content_before_savebp-status\bp-status-filters.php:10

filterthe_status_contentbp-status\bp-status-filters.php:12

filterthe_status_contentbp-status\bp-status-filters.php:13

filterthe_status_contentbp-status\bp-status-filters.php:14

filterthe_status_contentbp-status\bp-status-filters.php:15

filterthe_status_contentbp-status\bp-status-filters.php:16

filterbp_get_the_statusbp-status\bp-status-filters.php:18

actionplugins_loadedbp-status.php:20

actionadmin_menubp-status.php:21

actionplugins_loadedbp-status.php:42

actioninitbp-status.php:100

actionwpbp-themes\bp-sn-parent\functions.php:68

actioninitbp-themes\bp-sn-parent\functions.php:321

filterbp_wire_post_content_before_savebp-wire\bp-wire-filters.php:4

filterbp_get_wire_post_contentbp-wire\bp-wire-filters.php:5

filterbp_get_wire_post_contentbp-wire\bp-wire-filters.php:7

filterbp_get_wire_post_contentbp-wire\bp-wire-filters.php:8

filterbp_get_wire_post_contentbp-wire\bp-wire-filters.php:9

filterbp_get_wire_post_contentbp-wire\bp-wire-filters.php:10

filterbp_get_wire_post_contentbp-wire\bp-wire-filters.php:11

filterbp_get_wire_post_contentbp-wire\bp-wire-filters.php:12

filterbp_wire_post_content_before_savebp-wire\bp-wire-filters.php:14

filterbp_get_wire_post_contentbp-wire\bp-wire-filters.php:15

actionbp_activity_filter_optionsbp-wire\bp-wire-templatetags.php:390

actionplugins_loadedbp-wire.php:28

actionadmin_menubp-wire.php:29

actionplugins_loadedbp-wire.php:57

actionadmin_menubp-wire.php:58

actionbp_wire_post_deletedbp-wire.php:134

actionbp_wire_post_postedbp-wire.php:135

actionbp_wire_post_postedbp-xprofile\bp-xprofile-notifications.php:57

actionxprofile_installbp-xprofile.php:7

actionxprofile_setup_globalsbp-xprofile.php:15

actionbp_notification_settingsbp-xprofile.php:72

actionwpbp-xprofile.php:141

actionwpbp-xprofile.php:188

actionxprofile_register_activity_actionsbp-xprofile.php:200

actionbp_wire_screen_latestbp-xprofile.php:245

filterxprofile_template_display_profilebp-xprofile.php:259

filterxprofile_template_edit_profilebp-xprofile.php:260

filterxprofile_template_change_avatarbp-xprofile.php:261

actioninitbp-xprofile.php:263

Maintenance & Trust

BuddyPress Backwards Compatibility Maintenance & Trust

Maintenance Signals

WordPress version tested2.9.2

Last updatedFeb 19, 2010

PHP min version

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

BuddyPress Backwards Compatibility Alternatives

Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages

bp-better-messages

Real-time messaging and chat rooms for WordPress ecosystem: private conversations, public and private chat rooms, video & audio calls, and more.

10K 13 CVEs

rtMedia for WordPress, BuddyPress and bbPress

buddypress-media

Add albums, photo, audio/video upload, privacy, sharing, front-end uploads & more. All this works on mobile/tablets devices.

8K 14 CVEs

BuddyPress Docs

buddypress-docs

Adds collaborative Docs to BuddyPress.

7K 3 CVEs

WPML Multilingual for BuddyPress and BuddyBoss

buddypress-multilingual

100

WPML Multilingual for BuddyPress and BuddyBoss allows BuddyPress and BuddyBoss sites to run fully multilingual using the WPML plugin.

7K No CVEs

BP Classic

bp-classic

BP Classic, a BuddyPress (12.0.0 & up) backwards compatibility add-on

6K No CVEs

Developer Profile

BuddyPress Backwards Compatibility Developer Profile

John James Jacoby

28 plugins · 331K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

1401 days

View full developer profile

Detection Fingerprints

How We Detect BuddyPress Backwards Compatibility

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/buddypress-backwards-compatibility/bp-core.php/wp-content/plugins/buddypress-backwards-compatibility/bp-activity.php/wp-content/plugins/buddypress-backwards-compatibility/bp-blogs.php/wp-content/plugins/buddypress-backwards-compatibility/bp-forums.php/wp-content/plugins/buddypress-backwards-compatibility/bp-friends.php/wp-content/plugins/buddypress-backwards-compatibility/bp-groups.php/wp-content/plugins/buddypress-backwards-compatibility/bp-messages.php/wp-content/plugins/buddypress-backwards-compatibility/bp-xprofile.php+2 more

HTML / DOM Fingerprints

CSS Classes

ajax-loader

Data Attributes

id="whats-new-form"name="whats-new-form"id="whats-new-avatar"id="whats-new-content"id="whats-new-textarea"id="whats-new"+6 more

FAQ