Does BuddyPress XMLRPC – Receiver have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

How often is BuddyPress XMLRPC – Receiver updated?

BuddyPress XMLRPC – Receiver was last updated on Jan 24, 2011. Frequent updates are generally a positive security signal.

What is BuddyPress XMLRPC – Receiver's security score?

BuddyPress XMLRPC – Receiver has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BuddyPress XMLRPC – Receiver Security & Risk Analysis

wordpress.org/plugins/buddypress-xmlrpc-receiver

This plugin allows certain XML-RPC commands for BuddyPress (Requires a client!)

10 active installs v0.1.0 PHP + WP + Updated Jan 24, 2011

activityactivity-streambuddypressxml-rpcxmlrpc

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BuddyPress XMLRPC – Receiver Safe to Use in 2026?

Generally Safe

Score 85/100

BuddyPress XMLRPC – Receiver has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The BuddyPress XML-RPC Receiver plugin v0.1.0 exhibits a generally strong security posture, with no registered vulnerabilities or critical taint flows. The static analysis reveals a very small attack surface, with zero unprotected entry points across AJAX, REST API, shortcodes, and cron events. The code also demonstrates good practices in using prepared statements for all SQL queries and includes nonce and capability checks in several areas. However, a significant concern arises from the extremely low percentage of properly escaped output (4%). This indicates a high likelihood of cross-site scripting (XSS) vulnerabilities, where user-supplied data could be injected and executed as malicious scripts in other users' browsers. While the plugin has no recorded vulnerability history, the presence of potential XSS issues warrants careful attention and remediation.

Key Concerns

Low percentage of proper output escaping

Vulnerabilities

None known

BuddyPress XMLRPC – Receiver Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

BuddyPress XMLRPC – Receiver Release Timeline

v0.1.0Current

Code Analysis

Analyzed Apr 16, 2026

BuddyPress XMLRPC – Receiver Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

4% escaped67 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

bp_xmlrpc_admin (admin/bp-xmlrpc-admin.php:74)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

BuddyPress XMLRPC – Receiver Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 19

actionbp_core_loadedbp-xmlrpc-loader.php:30

actionadmin_menubp-xmlrpc-loader.php:51

actionbp_initbp-xmlrpc-loader.php:53

actionadmin_menubp-xmlrpc-loader.php:57

actionbp_xmlrpc_bp_initincludes/bp-xmlrpc-functions.php:16

actionwp_login_failedincludes/bp-xmlrpc-limit-login-attempts.php:83

actionplugins_loadedincludes/bp-xmlrpc-limit-login-attempts.php:85

actionauth_cookie_bad_hashincludes/bp-xmlrpc-limit-login-attempts.php:86

actionauth_cookie_bad_usernameincludes/bp-xmlrpc-limit-login-attempts.php:87

filterwp_authenticate_userincludes/bp-xmlrpc-limit-login-attempts.php:89

actionwp_authenticateincludes/bp-xmlrpc-limit-login-attempts.php:90

actionlogin_headincludes/bp-xmlrpc-limit-login-attempts.php:91

actionlogin_errorsincludes/bp-xmlrpc-limit-login-attempts.php:92

actionadmin_menuincludes/bp-xmlrpc-limit-login-attempts.php:93

actionwpincludes/bp-xmlrpc-profile.php:43

actionxprofile_adminbar_menu_itemsincludes/bp-xmlrpc-profile.php:59

actionxprofile_setup_navincludes/bp-xmlrpc-profile.php:81

actionbp_template_titleincludes/bp-xmlrpc-profile.php:108

actionbp_template_contentincludes/bp-xmlrpc-profile.php:109

Maintenance & Trust

BuddyPress XMLRPC – Receiver Maintenance & Trust

Maintenance Signals

WordPress version tested

Last updatedJan 24, 2011

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

BuddyPress XMLRPC – Receiver Alternatives

BuddyPress XML-RPC Receiver

buddypress-xml-rpc-receiver

This plugin allows remote access to BuddyPress networks through an XML-RPC API.

10 No CVEs

Activity Plus Reloaded for BuddyPress

bp-activity-plus-reloaded

Note: This plugin will be discontinued by March 31st, 2025 in favor of BuddyPress Attachment plugin. Please migrate to the new plugin before that date …

1K 2 unpatched

BuddyKit – Additional features for BuddyPress

buddykit

BuddyKit adds several features like Live Notifications and Media Activities to your BuddyPress powered websites.

100 No CVEs

BuddyPress Edit Activity Stream

buddypress-edit-activity-stream

This plugin allows an user to edit their activity stream status update within a specified time period.

40 No CVEs

Buddypress Activity Plus Styling

bp-activity-plus-styling

Additional CSS styles for the Buddypress Activity Plus plugin.

30 No CVEs

Developer Profile

BuddyPress XMLRPC – Receiver Developer Profile

rich! @ etiviti

12 plugins · 240 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BuddyPress XMLRPC – Receiver

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ