WP-Safety

Buddypress Who clicked at my Profile? Security & Risk Analysis

wordpress.org/plugins/buddypress-who-clicked-at-my-profile

This plugin will notify your members about other members that visited their profile. This plugin also provides a widget that shows last profile visito …

40 active installs v3.6 PHP + WP 4.2+ Updated Jul 25, 2016
buddypressprofilesocial-network
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Buddypress Who clicked at my Profile? Safe to Use in 2026?

Generally Safe

Score 85/100

Buddypress Who clicked at my Profile? has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The "buddypress-who-clicked-at-my-profile" plugin v3.6 exhibits a concerning security posture due to several critical weaknesses identified in the static analysis. While the plugin boasts no known CVEs and utilizes prepared statements for its SQL queries, these positive aspects are overshadowed by significant vulnerabilities. The presence of two instances of the `unserialize` function, combined with a complete lack of output escaping, creates a high risk of cross-site scripting (XSS) and remote code execution (RCE) vulnerabilities. The unprotected AJAX handler further exacerbates this, as it provides an unauthenticated entry point that could be leveraged to trigger these dangerous functions. The absence of nonce checks and capability checks on this handler means any unauthenticated user could potentially exploit these flaws. The plugin's history of no reported vulnerabilities might suggest a lack of targeted attacks or that previous versions were not thoroughly audited, but it does not negate the immediate risks presented by the current codebase.

Key Concerns

  • Unprotected AJAX handler
  • Dangerous function 'unserialize' used
  • Output escaping completely missing
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

Buddypress Who clicked at my Profile? Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Buddypress Who clicked at my Profile? Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
16
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$trackingList = unserialize($meta);plugin.php:33
unserialize$trackingList = unserialize($meta);plugin.php:107

Output Escaping

0% escaped16 total outputs
Attack Surface
1 unprotected

Buddypress Who clicked at my Profile? Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_bpwcamp_notificationplugin.php:280

Shortcodes 1

[buddypresswcamp_show_visits] plugin.php:83
WordPress Hooks 8
actionbp_includebuddypress-who-clicked-at-my-profile.php:23
actioninitplugin.php:5
actionbp_before_member_headerplugin.php:15
actionwidgets_initplugin.php:153
filterbp_notifications_get_registered_componentsplugin.php:232
filterbp_notifications_get_notifications_for_userplugin.php:249
actionall_admin_noticesplugin.php:251
actionadmin_enqueue_scriptsplugin.php:274
Maintenance & Trust

Buddypress Who clicked at my Profile? Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32
Last updatedJul 25, 2016
PHP min version
Downloads15K

Community Trust

Rating98/100
Number of ratings15
Active installs40
Alternatives

Buddypress Who clicked at my Profile? Alternatives

BuddyPress Edit Activity

BuddyPress Edit Activity

buddypress-edit-activity

A
85

BuddyPress Edit Activity allows your members to edit their activity posts on the front-end of your BuddyPress-powered site.

900 No CVEs
Advanced XProfile Fields for BuddyPress

Advanced XProfile Fields for BuddyPress

advanced-xprofile-fields-for-buddypress

A
85

Enhance your BuddyPress profile fields with Advanced XProfile Fields for BuddyPress. Manage fields labels, validation and show fields in admin.

100 No CVEs
Buddypress Xprofile Fields Custom Css Classes

Buddypress Xprofile Fields Custom Css Classes

bp-xprofile-fields-custom-css-classes

A
85

Add custom classes to xprofile fields for ease of styling.

20 No CVEs
MIF BP Customizer

MIF BP Customizer

mif-bp-customizer

A
100

Buddypress features extension plugin for creation of social network site.

10 No CVEs
Profiles Manager

Profiles Manager

profiles-manager-for-buddypress

A
85

This plugin is designed to help you monetize your social network by hiding the premium profile fields from non-paying members.

10 No CVEs
Developer Profile

Buddypress Who clicked at my Profile? Developer Profile

quan_flo

5 plugins · 290 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Buddypress Who clicked at my Profile?

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/buddypress-who-clicked-at-my-profile/buddypress-wcamp-widget.css/wp-content/plugins/buddypress-who-clicked-at-my-profile/buddypress-wcamp-widget.js/wp-content/plugins/buddypress-who-clicked-at-my-profile/js/jquery.countdown.min.js/wp-content/plugins/buddypress-who-clicked-at-my-profile/js/script.js
Version Parameters
/wp-content/plugins/buddypress-who-clicked-at-my-profile/buddypress-wcamp-widget.css?ver=/wp-content/plugins/buddypress-who-clicked-at-my-profile/buddypress-wcamp-widget.js?ver=/wp-content/plugins/buddypress-who-clicked-at-my-profile/js/jquery.countdown.min.js?ver=/wp-content/plugins/buddypress-who-clicked-at-my-profile/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
buddypresswcampbuddypresswcamp_visitors
HTML Comments
<!-- buddypresswcamp --><!-- buddypresswcamp_visitors -->
Data Attributes
rel="user_"
JS Globals
buddypresswcampbp_wcamp_data
Shortcode Output
<p>Your profile has not been visited yet by another member of the community.</p><p>Please log in to view the visitors of your profile</p>
FAQ

Frequently Asked Questions about Buddypress Who clicked at my Profile?