WP-Safety

Match Me for BuddyPress & BuddyBoss Security & Risk Analysis

wordpress.org/plugins/match-me-for-buddypress

Turn your BuddyPress or BuddyBoss community into a matchmaking platform with weighted compatibility scoring and smart comparison.

200 active installs v2.0.0 PHP 7.4+ WP 5.9+ Updated Mar 5, 2026
buddybossbuddypresscompatibilitymatchmakingmember-matching
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Match Me for BuddyPress & BuddyBoss Safe to Use in 2026?

Generally Safe

Score 100/100

Match Me for BuddyPress & BuddyBoss has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 29d ago
Risk Assessment

The "match-me-for-buddypress" v2.0.0 plugin exhibits a generally strong security posture, characterized by good practices in code hygiene and vulnerability management. The static analysis reveals a comprehensive application of security checks, with all identified AJAX handlers and REST API routes appearing to have proper authorization mechanisms in place. The high percentage of prepared statements for SQL queries and properly escaped output further contribute to its defensive coding. The absence of file operations and external HTTP requests also reduces potential attack vectors.

However, the taint analysis highlights two flows with unsanitized paths, which represent a significant concern despite the absence of critical or high severity issues in this category. These unsanitized paths could potentially lead to vulnerabilities if user-supplied input is not handled carefully in subsequent processing. The plugin's vulnerability history, being completely clean, suggests a proactive approach to security or a lack of previous exploitation, but this does not negate the risks identified in the current code analysis.

In conclusion, while the plugin demonstrates commendable adherence to WordPress security best practices and has a clean vulnerability record, the two identified taint flows with unsanitized paths warrant attention. Addressing these specific code-level concerns should be a priority to further strengthen its security, complementing its otherwise robust security foundation.

Key Concerns

  • Taint flows with unsanitized paths (High severity)
  • Taint flows with unsanitized paths (High severity)
Vulnerabilities
None known

Match Me for BuddyPress & BuddyBoss Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Match Me for BuddyPress & BuddyBoss Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
32 prepared
Unescaped Output
4
190 escaped
Nonce Checks
9
Capability Checks
10
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

82% prepared39 total queries

Output Escaping

98% escaped194 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
save_settings (includes\class-match-ajax.php:165)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Match Me for BuddyPress & BuddyBoss Attack Surface

Entry Points11
Unprotected0

AJAX Handlers 9

authwp_ajax_matchme_calculateincludes\class-match-ajax.php:22
authwp_ajax_matchme_calculate_lazyincludes\class-match-ajax.php:23
authwp_ajax_matchme_save_settingsincludes\class-match-ajax.php:26
authwp_ajax_matchme_save_fieldsincludes\class-match-ajax.php:27
authwp_ajax_matchme_save_field_selectionincludes\class-match-ajax.php:28
authwp_ajax_matchme_purge_cacheincludes\class-match-ajax.php:29
authwp_ajax_matchme_recalculate_allincludes\class-match-ajax.php:30
authwp_ajax_matchme_reset_defaultsincludes\class-match-ajax.php:31
authwp_ajax_matchme_dismiss_v2_noticeloader.php:161

Shortcodes 2

[matchme] includes\class-match-shortcodes.php:20
[mp_match_percentage] includes\class-match-shortcodes.php:23
WordPress Hooks 20
actionadmin_menuincludes\class-match-admin.php:21
actionadmin_enqueue_scriptsincludes\class-match-admin.php:22
actionxprofile_updated_profileincludes\class-match-cache.php:33
actionmatchme_batch_recalculateincludes\class-match-cron.php:27
actionmatchme_cleanup_stale_cacheincludes\class-match-cron.php:28
actionmatchme_recalc_userincludes\class-match-cron.php:29
actionwp_enqueue_scriptsincludes\class-match-display.php:21
actionbp_before_member_header_metaincludes\class-match-display.php:24
actionbp_directory_members_itemincludes\class-match-display.php:27
actionbp_member_members_list_itemincludes\class-match-display.php:30
actionbp_setup_navincludes\class-match-display.php:33
actionbp_template_contentincludes\class-match-display.php:340
actioninitincludes\class-match-me.php:69
actionbp_before_profile_edit_contentincludes\class-match-nudges.php:22
actionrest_api_initincludes\class-match-rest-api.php:28
actionadmin_noticesloader.php:45
actionadmin_menuloader.php:46
actionplugins_loadedloader.php:53
actionadmin_noticesloader.php:133
actionadmin_enqueue_scriptsloader.php:148

Scheduled Events 4

matchme_cleanup_stale_cache
matchme_batch_recalculate
matchme_recalc_user
matchme_batch_recalculate
Maintenance & Trust

Match Me for BuddyPress & BuddyBoss Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 5, 2026
PHP min version7.4
Downloads18K

Community Trust

Rating92/100
Number of ratings12
Active installs200
Alternatives

Match Me for BuddyPress & BuddyBoss Alternatives

WPML Multilingual for BuddyPress and BuddyBoss

WPML Multilingual for BuddyPress and BuddyBoss

buddypress-multilingual

A
100

WPML Multilingual for BuddyPress and BuddyBoss allows BuddyPress and BuddyBoss sites to run fully multilingual using the WPML plugin.

7K No CVEs
BuddyPress Builder for Elementor – BuddyBuilder

BuddyPress Builder for Elementor – BuddyBuilder

stax-buddy-builder

A
98

BuddyPress builder for Elementor — design member profiles, group pages, activity feeds and directories with drag & drop.

1K 3 CVEs
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages

wc4bp

A
95

Integrate WooCommerce my account into BuddyPress member profiles. Bring your WooCommerce member pages into BuddyPress and BuddyBoss.

1K 5 CVEs
BuddyPress & BuddyBoss Member Profile Forms

BuddyPress & BuddyBoss Member Profile Forms

buddyforms-members

A
92

Create custom Member Profile Tabs and Registration Forms in BuddyPress and BuddyBoss. Allow your Members to create, edit, and delete any kind of data …

400 1 CVE
BuddyPress Simple Events

BuddyPress Simple Events

buddypress-simple-events

A
100

A simple Events plugin for BuddyPress or the BuddyBoss Platform.

200 No CVEs
Developer Profile

Match Me for BuddyPress & BuddyBoss Developer Profile

Muhammad Kashif

3 plugins · 310 total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Match Me for BuddyPress & BuddyBoss

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/match-me-for-buddypress/assets/css/admin.css/wp-content/plugins/match-me-for-buddypress/assets/js/admin.js
Script Paths
/wp-content/plugins/match-me-for-buddypress/assets/js/admin.js
Version Parameters
match-me-for-buddypress/style.css?ver=matchme-admin?ver=

HTML / DOM Fingerprints

CSS Classes
matchme-admin-wrap
HTML Comments
Admin settings page.Redux style left nav with section panels. Single menu page.Pro extends via matchme_admin_sections filter.Constructor.+2 more
Data Attributes
data-noncedata-nonce="matchme_admin_nonce"
JS Globals
matchmeAdmin
FAQ

Frequently Asked Questions about Match Me for BuddyPress & BuddyBoss