Does BuddyPress Like have any unpatched vulnerabilities?

No. All known vulnerabilities in BuddyPress Like have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BuddyPress Like compatible with WordPress 4.4.34?

According to WordPress.org data, BuddyPress Like 0.3.0 has been tested up to WordPress 4.4.34. Check the plugin's changelog for the latest compatibility information.

How often is BuddyPress Like updated?

BuddyPress Like was last updated on Dec 6, 2015. Frequent updates are generally a positive security signal.

What is BuddyPress Like's security score?

BuddyPress Like has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BuddyPress Like Security & Risk Analysis

wordpress.org/plugins/buddypress-like

Gives users the ability to 'like' content across your BuddyPress enabled site.

100 active installs v0.3.0 PHP + WP 3.8+ Updated Dec 6, 2015

buddypresslikepostratethumbs

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BuddyPress Like Safe to Use in 2026?

Generally Safe

Score 85/100

BuddyPress Like has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "buddypress-like" v0.3.0 plugin exhibits a concerning security posture primarily due to a significant number of unprotected AJAX handlers. While the plugin demonstrates good practices by not using dangerous functions, performing all SQL queries with prepared statements, and not making external HTTP requests, the lack of authentication checks on its entry points is a critical weakness.

The static analysis reveals three AJAX handlers, all of which lack proper authentication. This means any unauthenticated user could potentially interact with these endpoints, leading to unintended actions or information disclosure. Although taint analysis shows no critical or high severity unsanitized paths, the presence of unsanitized paths in all analyzed flows combined with the unprotected AJAX handlers creates a substantial risk.

The plugin's vulnerability history is clean, with no known CVEs. This is a positive indicator, suggesting that past development may have been diligent or that the plugin has not been a target. However, the absence of vulnerabilities does not negate the risks identified in the current code analysis. The lack of capability checks and a low percentage of properly escaped output are further weaknesses that, while not leading to immediate critical vulnerabilities in this specific version, represent potential vectors for future issues if not addressed.

Key Concerns

Unprotected AJAX handlers
Low percentage of properly escaped output
No capability checks on entry points
Unsanitized paths in taint analysis

Vulnerabilities

None known

BuddyPress Like Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

BuddyPress Like Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

11% escaped61 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths

bp_like_process_ajax (includes\ajax-functions.php:13)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

BuddyPress Like Attack Surface

Entry Points3

Unprotected3

AJAX Handlers 3

authwp_ajax_activity_likeincludes\ajax-functions.php:54

authwp_ajax_activity_likeincludes\ajax.php:44

authwp_ajax_bplike_get_likesincludes\ajax.php:59

WordPress Hooks 28

actionadmin_menuadmin\admin.php:18

actioninitadmin\admin.php:34

actionbp_includebp-like-loader.php:28

actionbp_activity_filter_optionsincludes\activity-functions.php:17

actionbp_member_activity_filter_optionsincludes\activity-functions.php:18

actionbp_group_activity_filter_optionsincludes\activity-functions.php:19

actionadmin_menuincludes\admin.php:19

actioninitincludes\admin.php:36

actionview_who_likesincludes\ajax-functions.php:20

actionplugins_loadedincludes\bplike.php:17

actionbp_activity_entry_metaincludes\button-functions.php:43

actionbp_before_blog_single_postincludes\button-functions.php:44

actionbp_activity_comment_optionsincludes\button-functions.php:45

actionadmin_noticesincludes\install-functions.php:201

actionadmin_menuincludes\install-functions.php:228

actionadmin_noticesincludes\install.php:189

actionview_who_likesincludes\like-functions.php:503

actionbp_activity_comment_postedincludes\notifications.php:412

actionbp_activity_sent_mention_emailincludes\notifications.php:540

actionbp_activity_screen_mentionsincludes\notifications.php:561

actionbp_activity_screen_single_activity_permalinkincludes\notifications.php:582

actionbp_activity_deleted_activitiesincludes\notifications.php:600

actionwp_enqueue_scriptsincludes\scripts.php:30

actioninitincludes\settings.php:23

filterbp_activity_can_favoriteincludes\settings.php:28

filterbp_get_total_favorite_count_for_userincludes\settings.php:29

actionwp_before_admin_bar_renderincludes\settings.php:36

filterthe_contentincludes\templates\blog-post.php:61

Maintenance & Trust

BuddyPress Like Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34

Last updatedDec 6, 2015

PHP min version

Downloads76K

Community Trust

Rating70/100

Number of ratings26

Active installs100

Alternatives

BuddyPress Like Alternatives

I Recommend This – Love/Like Button for WordPress Posts

i-recommend-this

Enable your visitors to easily like or recommend your posts with a single click, enhancing engagement without the need for comments.

5K 5 CVEs

Zaki Like Dislike Comments

zaki-like-dislike-comments

100

This plugin implements a "like/dislike" rating system for comments

40 No CVEs

Like And Who Likes

like-and-who-likes

Adds the 'Like' button and 'Who Likes' list for WordPress, BuddyPress and BBPress.

10 No CVEs

Managed posts rating ★ Like button

managed-posts-rating-like-button

100

Rating system for your WordPress site with a simple "like" button and advanced admin panel.

10 No CVEs

MIF BP Customizer

mif-bp-customizer

100

Buddypress features extension plugin for creation of social network site.

10 No CVEs

Developer Profile

BuddyPress Like Developer Profile

darrenmeehan

1 plugin · 100 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BuddyPress Like

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/buddypress-like/assets/js/bp-like.js

Script Paths

/wp-content/plugins/buddypress-like/assets/js/bp-like.js

HTML / DOM Fingerprints

CSS Classes

like-boxlike_blogpostunlike_blogpost

JS Globals

bplikeTerms

FAQ

BuddyPress Like Security & Risk Analysis

Is BuddyPress Like Safe to Use in 2026?

Generally Safe

Key Concerns

BuddyPress Like Security Vulnerabilities

BuddyPress Like Code Analysis

Output Escaping

Data Flow Analysis

BuddyPress Like Attack Surface

AJAX Handlers 3

BuddyPress Like Maintenance & Trust

Maintenance Signals

Community Trust

BuddyPress Like Alternatives

I Recommend This – Love/Like Button for WordPress Posts

Zaki Like Dislike Comments

Like And Who Likes

Managed posts rating ★ Like button

MIF BP Customizer

BuddyPress Like Developer Profile

How We Detect BuddyPress Like

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about BuddyPress Like