Does BuddyPress xProfiles ACL have any unpatched vulnerabilities?

No. All known vulnerabilities in BuddyPress xProfiles ACL have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BuddyPress xProfiles ACL compatible with WordPress 5.2.24?

According to WordPress.org data, BuddyPress xProfiles ACL 0.20.4 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is BuddyPress xProfiles ACL compatible with PHP 5.2+?

BuddyPress xProfiles ACL requires PHP 5.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is BuddyPress xProfiles ACL updated?

BuddyPress xProfiles ACL was last updated on Jun 5, 2019. Frequent updates are generally a positive security signal.

What is BuddyPress xProfiles ACL's security score?

BuddyPress xProfiles ACL has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BuddyPress xProfiles ACL Security & Risk Analysis

wordpress.org/plugins/buddypress-xprofiles-acl

BuddyPress xProfiles ACL creates access control over BuddyPress Extended Profile Groups.

10 active installs v0.20.4 PHP 5.2+ WP 4.5+ Updated Jun 5, 2019

buddypressextended-profilesextended-profiles-aclsocialnetwork

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BuddyPress xProfiles ACL Safe to Use in 2026?

Generally Safe

Score 85/100

BuddyPress xProfiles ACL has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "buddypress-xprofiles-acl" plugin version 0.20.4 exhibits a mixed security posture. On the positive side, the plugin demonstrates excellent practices regarding SQL query execution, utilizing prepared statements exclusively, and has no recorded vulnerability history, including CVEs. This suggests a diligent approach to secure coding and maintenance. However, significant concerns arise from the static analysis. The presence of the `unserialize()` function without any apparent input validation or sanitization presents a critical risk. Coupled with a complete lack of output escaping for all analyzed outputs and no nonce or capability checks on any entry points, the plugin is highly vulnerable to various attacks. These weaknesses create a substantial attack vector that, despite the lack of historical vulnerabilities, poses a serious threat.

Key Concerns

Dangerous function unserialize used without apparent checks
100% of outputs are not properly escaped
No nonce checks found
No capability checks found

Vulnerabilities

None known

BuddyPress xProfiles ACL Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

BuddyPress xProfiles ACL Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializeunserialize(get_option("allowed_xprofile_groups"));buddypress-xprofiles-acl.php:58

Output Escaping

0% escaped15 total outputs

Attack Surface

BuddyPress xProfiles ACL Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionadmin_noticesbuddypress-xprofiles-acl.php:72

actionxprofile_screen_edit_profilebuddypress-xprofiles-acl.php:299

actionxprofile_template_loop_startbuddypress-xprofiles-acl.php:300

actionbp_before_profile_field_contentbuddypress-xprofiles-acl.php:301

actionplugins_loadedbuddypress-xprofiles-acl.php:311

actionbp_initbuddypress-xprofiles-acl.php:312

actionadmin_menubuddypress-xprofiles-acl.php:313

Maintenance & Trust

BuddyPress xProfiles ACL Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedJun 5, 2019

PHP min version5.2

Downloads17K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

BuddyPress xProfiles ACL Alternatives

BP Favorite Groups

bp-favorite-groups

BP Favorite Groups is an easy way for users to bookmark the best groups. Users can filter activity by their favorite groups.

10 No CVEs

BP Mutual Friends

bp-mutual-friends

List users' mutual friends in BuddyPress easily. One click install and setup.

10 No CVEs

Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages

bp-better-messages

Real-time messaging and chat rooms for WordPress ecosystem: private conversations, public and private chat rooms, video & audio calls, and more.

10K 13 CVEs

rtMedia for WordPress, BuddyPress and bbPress

buddypress-media

Add albums, photo, audio/video upload, privacy, sharing, front-end uploads & more. All this works on mobile/tablets devices.

8K 12 CVEs

BP Classic

bp-classic

BP Classic, a BuddyPress (12.0.0 & up) backwards compatibility add-on

7K No CVEs

Developer Profile

BuddyPress xProfiles ACL Developer Profile

NetTantra

7 plugins · 140 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BuddyPress xProfiles ACL

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

xprofile_field_groupsadd_profile_group_formprofile_groupsdelete_profile_group_idxprofile_field_groups_block

HTML Comments

Data Attributes

data-role-keydata-profile-group-iddata-action

JS Globals

jQuerybp_xprofile_acl_edit_profile_group

FAQ