Buddypress Notifications Manager Security & Risk Analysis
wordpress.org/plugins/buddypress-notifications-managerBuddyPress Notifications Manager is a plugin for BuddyPress plugin to manage the notifications system of buddypress for all users.
Is Buddypress Notifications Manager Safe to Use in 2026?
Generally Safe
Score 85/100Buddypress Notifications Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "buddypress-notifications-manager" v1.0 plugin exhibits a generally good security posture with zero known vulnerabilities and a well-controlled attack surface. Static analysis reveals no direct entry points like AJAX handlers, REST API routes, or shortcodes that are unprotected. The plugin also demonstrates good practices in output escaping and includes a nonce and capability check. However, the presence of two dangerous functions, `unserialize` and `create_function`, represents a significant potential risk. While no taint flows indicate immediate exploitation, the use of `unserialize` is inherently dangerous as it can lead to remote code execution if used with untrusted data. The absence of prepared statements for its single SQL query also increases the risk of SQL injection, although the lack of known vulnerabilities suggests this has not been exploited to date. Overall, the plugin's strengths lie in its limited attack surface and lack of known vulnerabilities. Its primary weaknesses are the use of dangerous functions and the un-prepared SQL query, which require careful consideration and potential mitigation.
Key Concerns
- Use of unserialize function
- Use of create_function
- SQL queries without prepared statements
Buddypress Notifications Manager Security Vulnerabilities
Buddypress Notifications Manager Release Timeline
Buddypress Notifications Manager Code Analysis
Dangerous Functions Found
SQL Query Safety
Data Flow Analysis
Buddypress Notifications Manager Attack Surface
WordPress Hooks 5
Maintenance & Trust
Buddypress Notifications Manager Maintenance & Trust
Maintenance Signals
Community Trust
Buddypress Notifications Manager Alternatives
BP default user noifications
bp-default-user-notifications
BP default user noifications allows you to change buddypress default notification for all users but Admins.
BuddyPress Admin Access Activity
buddypress-admin-access-activity
Allows BuddyPress admin to go directly to any activity they are linked to. Stops the problem of 'You do not have access to this activity' in …
BuddyPress Admin Notifications
buddypress-admin-notifications
This plugin adds a checkbox in the post/page admin (for the admins and editors) to tell members (notification & email) that an important post has …
ActiveCampaign Postmark for WordPress
postmark-approved-wordpress-plugin
The officially-supported ActiveCampaign Postmark plugin for Wordpress.
Disable Theme and Plugin Auto-Update Emails
disable-theme-and-plugin-auto-update-emails
Disables the default notification emails sent by a site after an automatic theme and/or plugin update. Simply activate the plugin to disable these ema …
Buddypress Notifications Manager Developer Profile
4 plugins · 160 total installs
How We Detect Buddypress Notifications Manager
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/buddypress-notifications-manager/bp-notifications-manager-admin.css/wp-content/plugins/buddypress-notifications-manager/bp-notifications-manager-admin.js/wp-content/plugins/buddypress-notifications-manager/bp-notifications-manager-admin.jsbuddypress-notifications-manager/bp-notifications-manager-admin.css?ver=buddypress-notifications-manager/bp-notifications-manager-admin.js?ver=HTML / DOM Fingerprints
bp-notifications-manager-wrapbp-notifications-manager-settings<!-- Buddypress Notifications Manager Admin Start --><!-- Buddypress Notifications Manager Admin End -->data-bp-notifications-manager-settingsbp_notifications_manager_vars