Does Buoy have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Buoy compatible with WordPress 4.7.33?

According to WordPress.org data, Buoy 0.3.3 has been tested up to WordPress 4.7.33. Check the plugin's changelog for the latest compatibility information.

How often is Buoy updated?

Buoy was last updated on Dec 19, 2016. Frequent updates are generally a positive security signal.

What is Buoy's security score?

Buoy has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Buoy Security & Risk Analysis

wordpress.org/plugins/buoy

A community-based crisis response system. Buoy is a private, enhanced, cop-free alternative to 112 or 911.

10 active installs v0.3.3 PHP + WP 4.6+ Updated Dec 19, 2016

activismcommunityemergency-response

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Buoy Safe to Use in 2026?

Generally Safe

Score 85/100

Buoy has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "buoy" plugin exhibits a generally strong security posture with no recorded vulnerabilities and robust practices in its code. The static analysis indicates a very small attack surface with zero unprotected entry points across AJAX handlers, REST API routes, shortcodes, and cron events. SQL queries are exclusively handled with prepared statements, and a high percentage of output is properly escaped, indicating good defense against common injection and XSS vulnerabilities. The presence of nonces and capability checks further strengthens its security. However, the static analysis does reveal a concerning signal: the presence of dangerous functions like `system` and `shell_exec` within the code. While taint analysis did not reveal exploitable flows, the mere presence of these functions is a significant risk factor. Additionally, two taint flows with unsanitized paths were identified, though without critical or high severity. The complete lack of historical vulnerabilities is a positive indicator of past development practices. Despite the absence of known CVEs, the discovery of dangerous functions warrants caution and further investigation.

Key Concerns

Dangerous functions (system, shell_exec) present
Flows with unsanitized paths found

Vulnerabilities

None known

Buoy Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Buoy Release Timeline

v0.3.3Current

v0.3.2

v0.3.1

v0.3.0

v0.2

v0.1.2

v0.1.1

Code Analysis

Analyzed Apr 16, 2026

Buoy Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

378 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

systemsystem('crontab -l >/dev/null 2>&1', $ret_val);includes/crontab-manager.php:70

shell_execreturn array_filter(explode(PHP_EOL, shell_exec('crontab -l 2>/dev/null')));includes/crontab-manager.php:80

systemsystem('crontab -r');includes/crontab-manager.php:125

system$out = system('crontab ' . escapeshellarg($t), $ret_val);includes/crontab-manager.php:140

systemsystem($cmd, $s);includes/crontab-manager.php:149

SQL Query Safety

100% prepared2 total queries

Output Escaping

93% escaped408 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

renderMetaRefresh (includes/class-buoy-chat-room.php:186)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Buoy Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 52

actionplugins_loadedbuoy.php:70

actioninitbuoy.php:71

actionadmin_enqueue_scriptsbuoy.php:74

actionadmin_headbuoy.php:75

actionwp_dashboard_setupbuoy.php:77

actionadmin_noticesbuoy.php:228

actionadmin_noticesbuoy.php:234

actionadmin_noticesbuoy.php:251

actionsend_headersincludes/class-buoy-alert.php:483

actionwp_before_admin_bar_renderincludes/class-buoy-alert.php:485

actionadmin_menuincludes/class-buoy-alert.php:486

filtercomments_openincludes/class-buoy-alert.php:509

filtercomments_clausesincludes/class-buoy-alert.php:510

filterscreen_options_show_screenincludes/class-buoy-alert.php:1032

filterstyle_loader_tagincludes/class-buoy-alert.php:1188

filterscript_loader_tagincludes/class-buoy-alert.php:1189

filterduplicate_comment_idincludes/class-buoy-alert.php:1493

filtercomment_flood_filterincludes/class-buoy-alert.php:1494

filterpre_comment_approvedincludes/class-buoy-alert.php:1495

filtercomment_notification_recipientsincludes/class-buoy-alert.php:1496

filtercomment_post_redirectincludes/class-buoy-alert.php:1499

filtercomment_classincludes/class-buoy-chat-room.php:96

actionwp_headincludes/class-buoy-chat-room.php:284

actionwp_headincludes/class-buoy-chat-room.php:285

actionwp_headincludes/class-buoy-chat-room.php:286

actionwp_headincludes/class-buoy-chat-room.php:287

filterbody_classincludes/class-buoy-chat-room.php:307

filtercomment_textincludes/class-buoy-chat-room.php:308

actionadmin_initincludes/class-buoy-settings.php:295

actionadmin_initincludes/class-buoy-settings.php:296

actionadmin_menuincludes/class-buoy-settings.php:297

filtercustom_menu_orderincludes/class-buoy-settings.php:524

filtermenu_orderincludes/class-buoy-settings.php:525

actionload-post.phpincludes/class-buoy-team.php:385

actionload-post-new.phpincludes/class-buoy-team.php:386

actionload-edit.phpincludes/class-buoy-team.php:387

filterenter_title_hereincludes/class-buoy-team.php:389

actioncurrent_screenincludes/class-buoy-team.php:399

actionadmin_noticesincludes/class-buoy-team.php:401

actionadmin_menuincludes/class-buoy-team.php:403

actionpre_get_postsincludes/class-buoy-team.php:405

actionpost_updatedincludes/class-buoy-team.php:407

actiondeleted_post_metaincludes/class-buoy-team.php:410

filteruser_has_capincludes/class-buoy-team.php:414

actionwpincludes/class-buoy-team.php:418

actionuser_registerincludes/class-buoy-team.php:421

actionuser_registerincludes/class-buoy-team.php:422

filterpost_row_actionsincludes/class-buoy-team.php:1050

actionload-profile.phpincludes/class-buoy-user.php:273

actionshow_user_profileincludes/class-buoy-user.php:274

actionpersonal_options_updateincludes/class-buoy-user.php:275

filtercomments_openpages/chat-room-wordpress-comments.php:12

Maintenance & Trust

Buoy Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.33

Last updatedDec 19, 2016

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Buoy Alternatives

SpeakOut! Email Petitions

speakout

SpeakOut! Email Petitions makes it easy to add petitions to your website and rally your community to Speak Out about a cause by using direct action.

3K 5 CVEs

Petitioner

petitioner

Create, target, and track high-impact petitions with Petitioner: automate delivery to decision-makers, manage approvals, and export rich submission da …

100 1 CVE

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

ultimate-member

Membership & community plugin with user profiles, registration & login, member directories, content restriction, user roles and much more.

200K 1 unpatched

BuddyPress

buddypress

Get together safely, in your own way, in WordPress.

100K 24 CVEs

Ultimate Member – reCAPTCHA

um-recaptcha

Stop bots on your registration & login forms with Google reCAPTCHA

20K No CVEs

Developer Profile

Buoy Developer Profile

Meitar

15 plugins · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Buoy

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/buoy/build/css/buoy.css/wp-content/plugins/buoy/build/js/buoy.js

Script Paths

/wp-content/plugins/buoy/build/js/buoy.js

Version Parameters

buoy/build/css/buoy.css?ver=buoy/build/js/buoy.js?ver=

HTML / DOM Fingerprints

CSS Classes

buoy-notification-settingsbuoy-user-settingsbuoy-team-settingsbuoy-alert-settingsbuoy-dashboard-widget

Data Attributes

data-buoy-notification-settingsdata-buoy-user-settingsdata-buoy-team-settingsdata-buoy-alert-settings

JS Globals

buoy_admin_ajax_urlbuoy_user_settingsbuoy_notification_settingsbuoy_team_settingsbuoy_alert_settings

REST Endpoints

/wp-json/buoy/v1/notifications/wp-json/buoy/v1/users/wp-json/buoy/v1/teams/wp-json/buoy/v1/alerts

FAQ