Buddypress Profile Views Security & Risk Analysis
wordpress.org/plugins/buddypress-profile-viewsShow number of profile views count by other members.
Is Buddypress Profile Views Safe to Use in 2026?
Generally Safe
Score 85/100Buddypress Profile Views has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "buddypress-profile-views" v2.03 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices regarding database interactions, with all SQL queries utilizing prepared statements, and there are no indications of dangerous function usage, file operations, or external HTTP requests. The lack of any recorded vulnerabilities or CVEs is also a strong indicator of a well-maintained and secure codebase historically.
However, significant concerns arise from the output escaping and capability check signals. The analysis shows that 100% of the identified output points are not properly escaped. This presents a critical risk for Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed within the user's browser, potentially leading to session hijacking or defacement.
Furthermore, the complete absence of nonce checks and capability checks across all entry points, including the single shortcode, means that actions performed by the plugin are not protected against CSRF attacks or unauthorized access by less privileged users. While the attack surface is small, the lack of these fundamental security measures for the existing entry point is a notable weakness. The vulnerability history is clean, but the code signals reveal immediate and actionable security risks that need addressing.
Key Concerns
- Output not properly escaped (100%)
- No nonce checks
- No capability checks
Buddypress Profile Views Security Vulnerabilities
Buddypress Profile Views Release Timeline
Buddypress Profile Views Code Analysis
SQL Query Safety
Output Escaping
Buddypress Profile Views Attack Surface
Shortcodes 1
WordPress Hooks 4
Maintenance & Trust
Buddypress Profile Views Maintenance & Trust
Maintenance Signals
Community Trust
Buddypress Profile Views Alternatives
Buddypress Profile Visitors
buddypress-profile-visitors
Show number of profile views count by other members and recent visitors of member profile. And also show who is visiting the perticual member most.
Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages
bp-better-messages
Real-time messaging and chat rooms for WordPress ecosystem: private conversations, public and private chat rooms, video & audio calls, and more.
rtMedia for WordPress, BuddyPress and bbPress
buddypress-media
Add albums, photo, audio/video upload, privacy, sharing, front-end uploads & more. All this works on mobile/tablets devices.
BuddyPress Docs
buddypress-docs
Adds collaborative Docs to BuddyPress.
WPML Multilingual for BuddyPress and BuddyBoss
buddypress-multilingual
WPML Multilingual for BuddyPress and BuddyBoss allows BuddyPress and BuddyBoss sites to run fully multilingual using the WPML plugin.
Buddypress Profile Views Developer Profile
2 plugins · 60 total installs
How We Detect Buddypress Profile Views
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/buddypress-profile-views/bp-profile-views.phpHTML / DOM Fingerprints
bp_profile_viewsuk-contentuk-formuk-helpuk-footer Use "echo get_bp_userviews(userid);" function to print views count at any member loop.
* Use "[bp_profile_viewcount user_id='userid-here']" short code to get user views.name="df_displaytext"value="Total Profile Visits: "name="df_countviews"value="0"selected="selected"value="1"+2 more$_SESSION['profile_visit']$_SESSION['profile_visit']$_SESSION['profile_visit']Total Profile Visits: