WP-Safety

Inbox Widget Security & Risk Analysis

wordpress.org/plugins/inbox-widget

Adds a widget option showing the three most recent private messages to logged in users of a BuddyPress powered website.

10 active installs v1.5.01 PHP + WP + Updated Oct 1, 2011
buddypressinboxmessageswidget
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Inbox Widget Safe to Use in 2026?

Generally Safe

Score 85/100

Inbox Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago
Risk Assessment

The inbox-widget plugin version 1.5.01 exhibits a generally positive security posture based on the provided static analysis. There are no identified dangerous functions, SQL queries are all prepared, and there are no file operations or external HTTP requests, which are all good practices that limit potential attack vectors. The absence of known CVEs and a clean vulnerability history further suggests a well-maintained and secure plugin.

Key Concerns

  • All output is unescaped
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

Inbox Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Inbox Widget Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Inbox Widget Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped3 total outputs
Attack Surface

Inbox Widget Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actionwidgets_initbp-inbox-widget.php:78
actionwp_footerbp-inbox-widget.php:138
actionbp_includeloader.php:18
Maintenance & Trust

Inbox Widget Maintenance & Trust

Maintenance Signals

WordPress version tested
Last updatedOct 1, 2011
PHP min version
Downloads6K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Inbox Widget Alternatives

bbPress Login Register Links On Forum Topic Pages

bbPress Login Register Links On Forum Topic Pages

bbpress-login-register-links-on-forum-topic-pages

A
100

Add bbPress only sidebar, Add bbpress login link, bbpress register link, forget password link, log out link in bbpress forum index pages or bbpress si …

700 1 CVE
BuddyPress Notification Widget

BuddyPress Notification Widget

buddypress-notifications-widget

C
63

BuddyPress notification widget allow site admins to show BuddyPress user notification in widget.

700 1 unpatched
BP Group Documents

BP Group Documents

bp-group-documents

A
98

BP Group Documents creates a page within each BuddyPress group to upload and any type of file or document.

600 4 CVEs
Wbcom Designs – Birthday Widget for BuddyPress

Wbcom Designs – Birthday Widget for BuddyPress

birthday-widget-for-buddypress

A
100

Display upcoming birthdays of BuddyPress members with a beautiful, responsive widget that integrates seamlessly with any WordPress theme.

400 No CVEs
BuddyPress Default Data

BuddyPress Default Data

bp-default-data

A
92

Plugin will create lots of users, messages, friends connections, groups, topics, activity items, profile data - useful for testing purpose.

400 No CVEs
Developer Profile

Inbox Widget Developer Profile

David Carson

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Inbox Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
message-subjectmessage-bodymessage-metaunreadread
Data Attributes
id="message-threads"class="unread"class="read"id="message"class="info"
FAQ

Frequently Asked Questions about Inbox Widget