WP-Safety

BuddyPress Group Email Subscription Security & Risk Analysis

wordpress.org/plugins/buddypress-group-email-subscription

This powerful plugin allows users to receive email notifications of group activity. Weekly or daily digests are available.

1K active installs v4.2.4 PHP 5.3+ WP 3.2+ Updated Oct 4, 2024
activitiesactivitybpbuddypressgroups
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is BuddyPress Group Email Subscription Safe to Use in 2026?

Generally Safe

Score 92/100

BuddyPress Group Email Subscription has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "buddypress-group-email-subscription" plugin version 4.2.4 exhibits a strong security posture based on the provided static analysis and vulnerability history. The plugin demonstrates good security practices by implementing nonce checks and capability checks for its entry points. The attack surface is relatively small, with all identified AJAX handlers protected by authentication. Furthermore, the extensive use of prepared statements for SQL queries (84%) and robust output escaping (95%) significantly mitigate common web vulnerabilities such as SQL injection and Cross-Site Scripting (XSS). The absence of any recorded CVEs, common vulnerability types, or recent vulnerabilities further reinforces its stable security history.

However, there are a couple of areas that warrant attention. The taint analysis revealed two flows with unsanitized paths. While these are not categorized as critical or high severity, any unsanitized path is a potential risk that could be exploited under specific circumstances. The presence of two cron events, while not inherently insecure, does represent potential execution points that should be monitored for any changes or vulnerabilities in future updates. Overall, the plugin is well-secured, but the identified unsanitized paths are the primary concern, suggesting a need for thorough review and sanitization in those specific code flows.

Key Concerns

  • Flows with unsanitized paths found
Vulnerabilities
None known

BuddyPress Group Email Subscription Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

BuddyPress Group Email Subscription Release Timeline

v4.2.4Current
v4.2.3
v4.2.2
v4.2.1
v4.2.0
v4.1.1
v4.1.0
v4.0.4
v4.0.3
v4.0.2
v4.0.1
v4.0.0
v3.9.4
v3.9.3
v3.9.2
v3.9.1
v3.9.0
v3.8.2
v3.8.1
v3.8.0
Code Analysis
Analyzed Mar 16, 2026

BuddyPress Group Email Subscription Code Analysis

Dangerous Functions
0
Raw SQL Queries
8
41 prepared
Unescaped Output
11
201 escaped
Nonce Checks
13
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

84% prepared49 total queries

Output Escaping

95% escaped212 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths
ass_update_dashboard_settings (admin.php:431)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

BuddyPress Group Email Subscription Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_ass_group_ajaxbp-activity-subscription-functions.php:1934
authwp_ajax_ass_ajaxlegacy-forums.php:487
WordPress Hooks 100
actionadmin_menuadmin.php:68
actionnetwork_admin_menuadmin.php:69
actionbp_groups_admin_manage_member_rowadmin.php:487
actionbp_core_install_emailsadmin.php:560
actionadmin_head-post.phpadmin.php:609
actionadmin_headadmin.php:670
filterbp_email_get_salutationbp-activity-subscription-digest.php:305
filterbp_email_get_propertybp-activity-subscription-digest.php:306
actionass_digest_eventbp-activity-subscription-digest.php:409
actionass_digest_event_weeklybp-activity-subscription-digest.php:414
actionbp_actionsbp-activity-subscription-digest.php:427
filterass_digest_contentbp-activity-subscription-digest.php:604
filterwp_mail_frombp-activity-subscription-digest.php:698
filterwp_mail_from_namebp-activity-subscription-digest.php:699
actionphpmailer_initbp-activity-subscription-digest.php:703
filtercron_schedulesbp-activity-subscription-digest.php:807
filterass_digest_message_htmlbp-activity-subscription-digest.php:961
filterbp_activity_content_before_savebp-activity-subscription-functions.php:100
actionbp_activity_after_savebp-activity-subscription-functions.php:294
filterbp_email_set_content_htmlbp-activity-subscription-functions.php:599
filterbp_email_set_content_htmlbp-activity-subscription-functions.php:930
filterbp_email_get_propertybp-activity-subscription-functions.php:1024
filterbp_email_get_propertybp-activity-subscription-functions.php:1025
actionbp_before_email_footerbp-activity-subscription-functions.php:1028
actionbp_after_email_footerbp-activity-subscription-functions.php:1029
actionbp_after_email_footerbp-activity-subscription-functions.php:1032
actionbp_after_email_footerbp-activity-subscription-functions.php:1033
actionbp_email_set_tokensbp-activity-subscription-functions.php:1037
filterbp_email_set_content_htmlbp-activity-subscription-functions.php:1074
filterbp_email_set_content_plaintextbp-activity-subscription-functions.php:1075
actionbp_activity_before_savebp-activity-subscription-functions.php:1493
actionbp_activity_deleted_activitiesbp-activity-subscription-functions.php:1515
actionbp_register_activity_actionsbp-activity-subscription-functions.php:1552
filterass_block_group_activity_typesbp-activity-subscription-functions.php:1652
filterass_this_activity_is_importantbp-activity-subscription-functions.php:1680
actionlogin_initbp-activity-subscription-functions.php:1719
actiongroups_member_before_removebp-activity-subscription-functions.php:1959
actionbp_groups_member_before_deletebp-activity-subscription-functions.php:1973
actiongroups_member_before_savebp-activity-subscription-functions.php:1990
actiondelete_userbp-activity-subscription-functions.php:2017
actiongroups_member_after_savebp-activity-subscription-functions.php:2079
actiongroups_group_after_savebp-activity-subscription-functions.php:2114
filterass_clean_contentbp-activity-subscription-functions.php:2221
filterass_clean_contentbp-activity-subscription-functions.php:2222
filterass_clean_contentbp-activity-subscription-functions.php:2223
filterass_clean_subjectbp-activity-subscription-functions.php:2280
filterass_clean_subjectbp-activity-subscription-functions.php:2281
filterass_clean_subjectbp-activity-subscription-functions.php:2282
actionbp_group_manage_members_admin_itembp-activity-subscription-functions.php:2373
actionbp_actionsbp-activity-subscription-functions.php:2443
actionbp_initbp-activity-subscription-functions.php:2575
actiongroups_join_groupbp-activity-subscription-functions.php:2671
actiongroups_accept_invitebp-activity-subscription-functions.php:2683
actiongroups_membership_acceptedbp-activity-subscription-functions.php:2684
filterbp_ass_activity_notification_contentbp-activity-subscription-functions.php:2756
actionbp_actionsbp-activity-subscription-functions.php:2844
actionwp_enqueue_scriptsbp-activity-subscription-main.php:97
actionwp_enqueue_scriptsbp-activity-subscription-main.php:98
actionbp_initbp-activity-subscription-main.php:168
actionadmin_noticesbp-activity-subscription.php:58
actionnetwork_admin_noticesbp-activity-subscription.php:59
actionbp_includebp-activity-subscription.php:67
actionplugins_loadedbp-activity-subscription.php:77
filterhttp_request_argsclasses\class-bpges-async-request.php:7
actionbb_new_postlegacy-forums.php:369
actionbp_activity_after_savelegacy-forums.php:394
actionbp_directory_forums_extra_celllegacy-forums.php:451
actionbp_before_group_forum_topic_postslegacy-forums.php:452
actionbp_after_group_forum_topic_postslegacy-forums.php:453
filterbp_directory_forums_extra_cell_headlegacy-forums.php:467
actionbp_after_group_settings_adminscreen-admin.php:19
actionbp_after_group_settings_creation_stepscreen-admin.php:20
actionbp_actionsscreen-admin.php:52
actionbp_after_group_manage_members_adminscreen-admin.php:76
actionbp_actionsscreen-admin.php:119
filterbp_ass_send_activity_notification_for_userscreen-admin.php:211
filterbp_ges_add_to_digest_queue_for_userscreen-admin.php:212
actionbp_activity_after_savescreen-admin.php:233
actionbp_actionsscreen-admin.php:260
actionbp_actionsscreen-admin.php:289
filterbbp_is_subscriptions_activescreen-bbpress.php:44
filterbbp_subscription_mail_titlescreen-bbpress.php:61
actionbbp_pre_notify_subscribersscreen-bbpress.php:62
filterbbp_forum_subscription_mail_titlescreen-bbpress.php:63
actionbbp_pre_notify_forum_subscribersscreen-bbpress.php:64
filterbbp_subscription_mail_messagescreen-bbpress.php:68
actionbbp_readyscreen-bbpress.php:71
filterbbp_get_topic_subscribersscreen-bbpress.php:124
filterbbp_get_forum_subscribersscreen-bbpress.php:128
actionbp_actionsscreen-notifications.php:87
actionbp_notification_settingsscreen-user-settings.php:106
actionbp_notification_settingsscreen-user-settings.php:143
actionbp_enqueue_scriptsscreen.php:43
actionbp_group_header_metascreen.php:158
actionbp_directory_groups_actionsscreen.php:159
actiongroups_join_groupscreen.php:177
actionbp_group_members_list_item_actionscreen.php:194
actionload-index.phpupdater.php:25
actionload-update-core.phpupdater.php:26
actionload-plugins.phpupdater.php:27

Scheduled Events 2

ass_digest_event
ass_digest_event_weekly
Maintenance & Trust

BuddyPress Group Email Subscription Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedOct 4, 2024
PHP min version5.3
Downloads231K

Community Trust

Rating80/100
Number of ratings32
Active installs1K
Alternatives

BuddyPress Group Email Subscription Alternatives

Wbcom Designs – Shortcodes & Elementor Widgets For BuddyPress

Wbcom Designs – Shortcodes & Elementor Widgets For BuddyPress

shortcodes-for-buddypress

A
100

This plugin generates shortcodes for Listing Activity Streams, Members, and Groups on any website post or page.

700 No CVEs
HashBuddy

HashBuddy

hashbuddy

A
85

Hashtags for WordPress, BuddyPress and bbPress. Adds hashtag links to BuddyPress activity and bbPress topics. Hashtags turn into links that are used t …

70 No CVEs
BP Devolved Authority

BP Devolved Authority

bp-devolved-authority

A
92

This plugin allows key aspects of BuddyPress administration to be devolved to non admin users.

20 No CVEs
Buddypress Avatar Hover

Buddypress Avatar Hover

bp-avatar-hover

A
85

BuddyPress Avatar Hover let's you add a pop box when hovering on the group/member avatars and gives you more information at a glance.

10 No CVEs
Bp Favorite Notifications

Bp Favorite Notifications

bp-favorite-notifications

A
85

Notifiction Favorite Activity.

10 No CVEs
Developer Profile

BuddyPress Group Email Subscription Developer Profile

Boone Gorges

28 plugins · 11K total installs

70
trust score
Avg Security Score
87/100
Avg Patch Time
1694 days
View full developer profile
Detection Fingerprints

How We Detect BuddyPress Group Email Subscription

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/buddypress-group-email-subscription/css/bp-activity-subscription-css.css/wp-content/plugins/buddypress-group-email-subscription/bp-activity-subscription-js.js
Script Paths
/wp-content/plugins/buddypress-group-email-subscription/bp-activity-subscription-js.js
Version Parameters
bp-activity-subscription-css.css?ver=20200623bp-activity-subscription-js.js?ver=20200623

HTML / DOM Fingerprints

CSS Classes
bp-group-email-subscription-settingsbp-group-email-subscription-admin-noticebp-group-email-subscription-admin-notice-wrap
HTML Comments
<!-- Hook in the CSS and JS --><!-- Admin > Email Options screen --><!-- Removed for now because it was broken --><!-- The remai -->+15 more
Data Attributes
data-bp-group-email-subscription-group-id
JS Globals
bp_ass
FAQ

Frequently Asked Questions about BuddyPress Group Email Subscription