Does Five Star Business Profile and Schema have any unpatched vulnerabilities?

No. All known vulnerabilities in Five Star Business Profile and Schema have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Five Star Business Profile and Schema compatible with WordPress 6.9.4?

According to WordPress.org data, Five Star Business Profile and Schema 2.3.17 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Five Star Business Profile and Schema updated?

Five Star Business Profile and Schema was last updated on Feb 3, 2026. Frequent updates are generally a positive security signal.

What is Five Star Business Profile and Schema's security score?

Five Star Business Profile and Schema has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Five Star Business Profile and Schema Security & Risk Analysis

wordpress.org/plugins/business-profile

Add structured data to any page or post type. Create an SEO friendly contact card with your business info and associated schema.

8K active installs v2.3.17 PHP + WP 5.3+ Updated Feb 3, 2026

addressbusiness-profilelocal-seoschemaseo

A · Safe

CVEs total1

Unpatched0

Last CVEJan 18, 2022

Plugin page Download

Safety Verdict

Is Five Star Business Profile and Schema Safe to Use in 2026?

Generally Safe

Score 100/100

Five Star Business Profile and Schema has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 18, 2022Updated 1mo ago

Risk Assessment

The "business-profile" plugin version 2.3.17 demonstrates a generally good security posture, with a strong adherence to secure coding practices like the use of prepared statements for all SQL queries and a high percentage of properly escaped output. The absence of dangerous functions, file operations, and external HTTP requests is also a positive indicator. However, the presence of one AJAX handler lacking authentication checks introduces a significant risk of unauthorized actions if an attacker can trigger this handler.

The static analysis did not reveal any critical or high-severity taint flows, which is reassuring. The plugin's vulnerability history shows one medium-severity CVE related to Cross-site Scripting, which was last documented in early 2022 and is reported as currently unpatched. While the immediate static analysis doesn't flag XSS, the historical context warrants caution, especially concerning the unprotected AJAX endpoint.

In conclusion, the plugin exhibits strengths in fundamental security practices. The primary concern stems from the unprotected AJAX handler, which can serve as an entry point for unauthorized operations. The historical medium-severity XSS vulnerability, although not actively present in the current code analysis, suggests a potential for input sanitization issues that should be carefully monitored. Addressing the unprotected AJAX handler is the most pressing security recommendation.

Key Concerns

AJAX handler without authentication checks
Medium severity CVE history

Vulnerabilities

Five Star Business Profile and Schema Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2021-25060medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Five Star Business Profile and Schema <= 2.1.6 - Subscriber+ Page Creation & Settings Update to Stored Cross-Site Scripting

Jan 18, 2022 Patched in 2.1.7 (735d)

Code Analysis

Analyzed Mar 16, 2026

Five Star Business Profile and Schema Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

336 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

88% escaped383 total outputs

Data Flows

All sanitized

Data Flow Analysis

5 flows

save_location_meta (includes\class-custom-post-types.php:998)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Five Star Business Profile and Schema Attack Surface

Entry Points10

Unprotected1

AJAX Handlers 9

authwp_ajax_bpfwp_hide_helper_noticebusiness-profile.php:196

authwp_ajax_bpfwp_hide_new_plugin_noticebusiness-profile.php:197

authwp_ajax_bpfwp_send_feature_suggestionincludes\class-about-us.php:14

authwp_ajax_bpfwp_get_schema_fieldsincludes\class-custom-post-types.php:71

authwp_ajax_bpfwp_welcome_add_contact_pageincludes\class-installation-walkthrough.php:24

authwp_ajax_bpfwp_welcome_set_contact_informationincludes\class-installation-walkthrough.php:25

authwp_ajax_bpfwp_welcome_set_opening_hoursincludes\class-installation-walkthrough.php:26

authwp_ajax_bpfwp_hide_review_askincludes\class-review-ask.php:16

authwp_ajax_bpfwp_send_feedbackincludes\class-review-ask.php:17

Shortcodes 1

[contact-card] includes\template-functions.php:149

WordPress Hooks 51

actionadmin_menubusiness-profile.php:58

actionadmin_bar_menubusiness-profile.php:61

actionplugins_loadedbusiness-profile.php:185

actionload_textdomainbusiness-profile.php:186

actionadmin_noticesbusiness-profile.php:187

actionadmin_noticesbusiness-profile.php:188

actionadmin_noticesbusiness-profile.php:189

actionwp_enqueue_scriptsbusiness-profile.php:190

actionadmin_enqueue_scriptsbusiness-profile.php:191

actionwidgets_initbusiness-profile.php:192

filterthe_contentbusiness-profile.php:193

filterplugin_action_linksbusiness-profile.php:194

actionadmin_menuincludes\class-about-us.php:16

actionadmin_menuincludes\class-admin-custom-fields.php:15

actioninitincludes\class-blocks.php:31

filterblock_categories_allincludes\class-blocks.php:33

actionadmin_initincludes\class-blocks.php:135

filterload_textdomain_mofileincludes\class-compatibility.php:35

filterbpfwp_default_display_settingsincludes\class-compatibility.php:38

actioninitincludes\class-custom-post-types.php:62

actionadd_meta_boxesincludes\class-custom-post-types.php:63

actionedit_form_after_titleincludes\class-custom-post-types.php:64

actioncurrent_screenincludes\class-custom-post-types.php:65

actionthe_contentincludes\class-custom-post-types.php:66

actionadmin_menuincludes\class-dashboard.php:16

actionadmin_enqueue_scriptsincludes\class-dashboard.php:18

actioncurrent_screenincludes\class-deactivation-survey.php:13

actionadmin_enqueue_scriptsincludes\class-deactivation-survey.php:18

actionadmin_footerincludes\class-deactivation-survey.php:19

actionadmin_menuincludes\class-installation-walkthrough.php:16

actionadmin_headincludes\class-installation-walkthrough.php:17

actionadmin_initincludes\class-installation-walkthrough.php:18

actionadmin_headincludes\class-installation-walkthrough.php:20

actioninitincludes\class-installation-walkthrough.php:22

filtersanitize_option_bpfwp-settingsincludes\class-integrations.php:31

filtersanitize_option_bpfwp-settingsincludes\class-integrations.php:33

actioninitincludes\class-patterns.php:28

actioninitincludes\class-patterns.php:29

actionadmin_noticesincludes\class-review-ask.php:14

actionadmin_enqueue_scriptsincludes\class-review-ask.php:19

actionadmin_initincludes\class-schema-cpt.php:96

actionwp_footerincludes\class-schema-cpt.php:97

actionedit_form_after_titleincludes\class-schema-cpt.php:134

actionadd_meta_boxesincludes\class-schema-cpt.php:135

actionsave_postincludes\class-schema-cpt.php:136

filterbpfwp_ld_json_outputincludes\class-schema-cpt.php:151

actioninitincludes\class-schemas-manager.php:40

actionwp_footerincludes\class-schemas-manager.php:42

actioninitincludes\class-settings.php:58

actioninitincludes\class-settings.php:60

filtersanitize_option_bpfwp-settingsincludes\class-settings.php:63

Maintenance & Trust

Five Star Business Profile and Schema Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 3, 2026

PHP min version

Downloads404K

Community Trust

Rating96/100

Number of ratings52

Active installs8K

Alternatives

Five Star Business Profile and Schema Alternatives

Post to Google My Business (Google Business Profile)

post-to-google-my-business

100

Auto-publish posts, pages & CPTs, plus manage Google Business Profile posts. All from your WordPress dashboard!

10K 1 CVE

Local Business Schema (JSON-LD) Lite

wpspeed-localbusiness-schema

100

Boost Local SEO with Smart Local Business Schema JSON-LD

3K No CVEs

Local Business Schema Generator

local-business-schema-generator

100

Add Google-friendly LocalBusiness and WebSite schema to your WordPress site—no coding required.

80 No CVEs

Local SEO By Ankit Rawat

local-seo-by-ankit-rawat

100

Boost Local Search Rankings with the ultimate Local SEO plugin. Add schema, integrate Google My Business, and attract more local customers easily.

50 No CVEs

hCard Widget for WordPress

hcard-widget

Creates a widget that outputs contact information for individuals or organizations with Schema.org compliant markup.

10 No CVEs

Developer Profile

Five Star Business Profile and Schema Developer Profile

Rustaurius

21 plugins · 66K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

716 days

View full developer profile

Detection Fingerprints

How We Detect Five Star Business Profile and Schema

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/business-profile/assets/css/contact-card.css/wp-content/plugins/business-profile/assets/js/map.js

Script Paths

/wp-content/plugins/business-profile/assets/js/map.js

Version Parameters

business-profile/assets/css/contact-card.css?ver=business-profile/assets/js/map.js?ver=

HTML / DOM Fingerprints

FAQ