Does BuddyPress Captcha have any unpatched vulnerabilities?

No. All known vulnerabilities in BuddyPress Captcha have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BuddyPress Captcha compatible with WordPress 4.1.42?

According to WordPress.org data, BuddyPress Captcha 1.2 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is BuddyPress Captcha updated?

BuddyPress Captcha was last updated on Oct 23, 2015. Frequent updates are generally a positive security signal.

What is BuddyPress Captcha's security score?

BuddyPress Captcha has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BuddyPress Captcha Security & Risk Analysis

wordpress.org/plugins/buddypress-captcha

This plugin adds Google's reCAPTCHA form to your BuddyPress' registration page to keep your community spam-free! You can use out simple opti …

200 active installs v1.2 PHP + WP 3.2+ Updated Oct 23, 2015

anti-spambuddypresscaptchagooglespam

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BuddyPress Captcha Safe to Use in 2026?

Generally Safe

Score 85/100

BuddyPress Captcha has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "buddypress-captcha" v1.2 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals no known critical vulnerabilities such as dangerous functions, raw SQL queries, or unsanitized taint flows. The complete absence of known CVEs in its history also suggests a generally stable and well-maintained codebase. However, a significant concern lies in the complete lack of output escaping, meaning that all 11 outputs are potentially vulnerable to Cross-Site Scripting (XSS) attacks. Furthermore, the absence of nonce checks and capability checks on any entry points, even though there are no listed entry points, raises a red flag. While the attack surface appears minimal (0 entry points), any future additions or modifications without proper security checks could introduce vulnerabilities. The presence of file operations and external HTTP requests also warrants careful review to ensure these are handled securely.

Key Concerns

No output escaping
No nonce checks
No capability checks

Vulnerabilities

None known

BuddyPress Captcha Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

BuddyPress Captcha Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped11 total outputs

Attack Surface

BuddyPress Captcha Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionadmin_noticesbp-recaptcha.php:28

actionadmin_initbp-recaptcha.php:39

actionbp_before_registration_submit_buttonsbp-recaptcha.php:104

actionbp_signup_validatebp-recaptcha.php:136

actionwp_headbp-recaptcha.php:158

actionadmin_initbpcapt-options.php:14

actionadmin_menubpcapt-options.php:21

Maintenance & Trust

BuddyPress Captcha Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedOct 23, 2015

PHP min version

Downloads19K

Community Trust

Rating82/100

Number of ratings12

Active installs200

Alternatives

BuddyPress Captcha Alternatives

BuddyPress reCAPTCHA

buddypress-recaptcha

This plugin utilizes reCAPTCHA to help your blog stay clear of spam-registrations.

200 No CVEs

Power Captcha reCAPTCHA

power-captcha-recaptcha

Protect WordPress/WooCommerce/Contact Form 7 forms from spam, brute-force attacks, fake comments, accounts, or registrations with Google reCAPTCHA.

1K No CVEs

WP reCaptcha

wprecaptcha

Add Google reCaptcha to WordPress forms. Easy to add, advanced security for your forms.

100 No CVEs

Hide Invisible Google reCAPTCHA Badge

hide-google-captcha-badge

Once installed, Hide Invisible Google reCAPTCHA Badge will remove immediately the annoying Google reCAPTCHA v3 badge that appears when using Google an …

10 No CVEs

CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7

contact-form-7-honeypot

100

Addons for Contact Form 7 — Honeypot, Database Entries, Redirection, Spam Protection, Webhooks, ACF integration for Contact Form 7, and more.

300K No CVEs

Developer Profile

BuddyPress Captcha Developer Profile

Hardeep Asrani

5 plugins · 101K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BuddyPress Captcha

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/buddypress-captcha/recaptcha/autoload.php

Script Paths

https://www.google.com/recaptcha/api.js

HTML / DOM Fingerprints

CSS Classes

g-recaptcha

Data Attributes

data-sitekeydata-theme

JS Globals

bp_recaptcha_configbp_recaptcha_init

FAQ