Does Wbcom Designs – Private Community for BuddyPress have any unpatched vulnerabilities?

No. All known vulnerabilities in Wbcom Designs – Private Community for BuddyPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Wbcom Designs – Private Community for BuddyPress compatible with WordPress 6.8.5?

According to WordPress.org data, Wbcom Designs – Private Community for BuddyPress 2.1.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

What is Wbcom Designs – Private Community for BuddyPress's security score?

Wbcom Designs – Private Community for BuddyPress has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Wbcom Designs – Private Community for BuddyPress Security & Risk Analysis

wordpress.org/plugins/lock-my-bp

Create a private BuddyPress community by restricting access to non-members. Control who sees what with flexible privacy settings.

400 active installs v2.1.2 PHP + WP 4.0+ Updated Nov 28, 2025

buddypresslockprivacyprivaterestrict-access

A · Safe

CVEs total2

Unpatched0

Last CVEDec 15, 2025

Plugin page Download

Safety Verdict

Is Wbcom Designs – Private Community for BuddyPress Safe to Use in 2026?

Generally Safe

Score 98/100

Wbcom Designs – Private Community for BuddyPress has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 15, 2025Updated 4mo ago

Risk Assessment

The lock-my-bp v2.1.2 plugin exhibits a mixed security posture. While it demonstrates good practices by avoiding dangerous functions, file operations, and external HTTP requests, and by using prepared statements for a majority of its SQL queries, significant concerns remain regarding its attack surface. The presence of four unprotected AJAX handlers represents a considerable risk, as these are direct entry points that lack necessary authentication and authorization checks, potentially allowing unauthorized users to trigger plugin functionalities. The plugin's history of two medium-severity vulnerabilities, both related to missing authorization, further amplifies this concern and suggests a pattern of overlooking proper access control in its development. Although there are no currently unpatched CVEs and a decent percentage of output is properly escaped, the lack of robust authorization on critical entry points is a fundamental security flaw that needs immediate attention.

Key Concerns

Unprotected AJAX handlers
History of missing authorization vulnerabilities
Medium severity vulnerabilities in history

Vulnerabilities

Wbcom Designs – Private Community for BuddyPress Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-67582medium · 5.3Missing Authorization

Wbcom Designs <= 2.1.1 - Missing Authorization

Dec 15, 2025 Patched in 2.1.2 (6d)

WF-74d222b9-22e9-485d-8111-d3bee505b200-lock-my-bpmedium · 6.3Missing Authorization

Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation

Apr 13, 2022 Patched in 1.7.0 (1057d)

Code Analysis

Analyzed Mar 16, 2026

Wbcom Designs – Private Community for BuddyPress Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

142 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared12 total queries

Output Escaping

87% escaped163 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

wbcom_addons_cards_links (admin\wbcom\wbcom-admin-settings.php:43)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Wbcom Designs – Private Community for BuddyPress Attack Surface

Entry Points7

Unprotected4

AJAX Handlers 5

authwp_ajax_wbcom_addons_cardsadmin\wbcom\wbcom-admin-settings.php:34

authwp_ajax_bplock_get_all_pagesincludes\class-bp-lock.php:175

authwp_ajax_bplock_save_tab_settingsincludes\class-bp-lock.php:176

noprivwp_ajax_bplock_loginincludes\class-bp-lock.php:195

noprivwp_ajax_bplock_registerincludes\class-bp-lock.php:196

Shortcodes 2

[wbcom_admin_setting_header] admin\wbcom\wbcom-admin-settings.php:31

[bplock_login_form] includes\class-bp-lock.php:194

WordPress Hooks 23

actionadmin_initadmin\class-bp-lock-feedback.php:72

actionadmin_initadmin\class-bp-lock-feedback.php:73

actionadmin_noticesadmin\class-bp-lock-feedback.php:146

actioninitadmin\class-bp-lock-feedback.php:303

actionadmin_menuadmin\wbcom\wbcom-admin-settings.php:32

actionadmin_enqueue_scriptsadmin\wbcom\wbcom-admin-settings.php:33

actionplugins_loadedbp-lock.php:125

actionadmin_noticesbp-lock.php:146

actionadmin_initbp-lock.php:150

actionactivated_pluginbp-lock.php:187

actionadmin_initbp-lock.php:201

actionplugins_loadedincludes\class-bp-lock.php:151

actionadmin_enqueue_scriptsincludes\class-bp-lock.php:165

actionadmin_enqueue_scriptsincludes\class-bp-lock.php:166

actionadmin_initincludes\class-bp-lock.php:168

actionadmin_menuincludes\class-bp-lock.php:170

actionadmin_initincludes\class-bp-lock.php:171

actionin_admin_headerincludes\class-bp-lock.php:172

actionwp_enqueue_scriptsincludes\class-bp-lock.php:189

actionwp_enqueue_scriptsincludes\class-bp-lock.php:190

filtertemplate_includeincludes\class-bp-lock.php:191

filterbp_located_templateincludes\class-bp-lock.php:193

filterpre_get_postsincludes\class-bp-lock.php:197

Maintenance & Trust

Wbcom Designs – Private Community for BuddyPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 28, 2025

PHP min version

Downloads29K

Community Trust

Rating98/100

Number of ratings25

Active installs400

Alternatives

Wbcom Designs – Private Community for BuddyPress Alternatives

BP Simple Private

bp-simple-private

100

A simple Private Content settings plugin for BuddyPress or the BuddyBoss Platform.

500 No CVEs

LH Private BuddyPress

lh-private-buddypress

Protect your BuddyPress Installation from strangers. Only registered users will be allowed to view directory pages, activity and profile pages.

100 No CVEs

BP Custom Functionalities

bp-custom-functionalities

BP Custom Functionalities provides custom functionalities that regular BuddyPress users requires.

10 No CVEs

Force Login

wp-force-login

Force Login is a simple lightweight plugin that requires visitors to log in to interact with the website.

30K No CVEs

My Private Site

jonradio-private-site

Make your WordPress site private with one click for family, projects, or teams. Protection for content, login, and registration.

20K 2 CVEs

Developer Profile

Wbcom Designs – Private Community for BuddyPress Developer Profile

wbcomdesigns

19 plugins · 10K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

807 days

View full developer profile

Detection Fingerprints

How We Detect Wbcom Designs – Private Community for BuddyPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/lock-my-bp/admin/css/bootstrap.min.css/wp-content/plugins/lock-my-bp/admin/css/fontawesome.min.css/wp-content/plugins/lock-my-bp/admin/css/style.css/wp-content/plugins/lock-my-bp/admin/js/bootstrap.min.js/wp-content/plugins/lock-my-bp/admin/js/custom.js/wp-content/plugins/lock-my-bp/admin/js/jquery.min.js/wp-content/plugins/lock-my-bp/admin/js/sweetalert.min.js/wp-content/plugins/lock-my-bp/assets/css/lock-my-bp.css+1 more

Script Paths

/wp-content/plugins/lock-my-bp/admin/js/bootstrap.min.js/wp-content/plugins/lock-my-bp/admin/js/custom.js/wp-content/plugins/lock-my-bp/admin/js/jquery.min.js/wp-content/plugins/lock-my-bp/admin/js/sweetalert.min.js/wp-content/plugins/lock-my-bp/assets/js/lock-my-bp.js

Version Parameters

lock-my-bp/admin/css/style.css?ver=lock-my-bp/admin/js/custom.js?ver=lock-my-bp/assets/css/lock-my-bp.css?ver=lock-my-bp/assets/js/lock-my-bp.js?ver=

HTML / DOM Fingerprints

CSS Classes

bp-lock-content-wrapbp-lock-admin-pagebp-lock-main-sectionbp-lock-settings-sectionbp-lock-section-titlebp-lock-form-groupbp-lock-input-fieldbp-lock-toggle-switch+2 more

HTML Comments

<!-- Description: BuddyPress Private Community allows the site owner to lock the different BuddyPress components on the site for non-logged-in users. It also gives options to lockdown pages. -->

+19 more

Data Attributes

data-bp-lock-iddata-bp-lock-type

JS Globals

bp_lock_ajax_object

FAQ