Does Mutual Buddies have any unpatched vulnerabilities?

No. All known vulnerabilities in Mutual Buddies have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Mutual Buddies compatible with WordPress 4.8.28?

According to WordPress.org data, Mutual Buddies 2.1.1 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is Mutual Buddies updated?

Mutual Buddies was last updated on Jul 22, 2017. Frequent updates are generally a positive security signal.

What is Mutual Buddies's security score?

Mutual Buddies has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Mutual Buddies Security & Risk Analysis

wordpress.org/plugins/mutual-buddies

Mutual buddies displays BuddyPress mutual friends of the logged in user & the user whose profile the user is looking at on the Profile page.

70 active installs v2.1.1 PHP + WP 4.0+ Updated Jul 22, 2017

buddypressfacebookfriendsmutual-friendssocial

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Mutual Buddies Safe to Use in 2026?

Generally Safe

Score 85/100

Mutual Buddies has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "mutual-buddies" plugin v2.1.1 exhibits a concerning security posture primarily due to its unprotected entry points. While the plugin shows strengths in its lack of dangerous functions, SQL injection vulnerabilities, file operations, and external HTTP requests, the presence of two AJAX handlers without any authentication or capability checks represents a significant risk. This allows any authenticated user, regardless of their role or permissions, to potentially trigger actions within the plugin, leading to unpredictable behavior or exploitation.

The absence of taint analysis results might indicate a limited scope of analysis or that no such vulnerabilities were detected in the specific flows analyzed. However, the lack of nonce checks and capability checks in the AJAX handlers leaves them exposed. The plugin's vulnerability history is clean, which is a positive indicator of its past development. Nonetheless, this does not negate the immediate risks identified in the static analysis. The overall security can be improved by implementing proper nonce and capability checks on all AJAX handlers.

Key Concerns

AJAX handlers without auth checks
AJAX handlers without capability checks
Half of output is not properly escaped
No nonce checks on AJAX handlers

Vulnerabilities

None known

Mutual Buddies Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Mutual Buddies Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

50% escaped8 total outputs

Attack Surface

2 unprotected

Mutual Buddies Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_bmf_mutual_friends_dialogincludes\bp-mutual-friends-ajax.php:17

authwp_ajax_bmf_friends_dialogincludes\bp-mutual-friends-ajax.php:27

WordPress Hooks 12

actionbp_includebuddypress-mutual-friends.php:36

filterload_textdomain_mofilebuddypress-mutual-friends.php:64

actionplugins_loadedbuddypress-mutual-friends.php:102

actionbp_before_members_loopincludes\bp-mutual-friends-cssjs.php:24

actionbp_before_member_friend_requests_contentincludes\bp-mutual-friends-cssjs.php:25

filterbp_after_core_get_users_parse_argsincludes\bp-mutual-friends-functions.php:38

actionbp_directory_members_itemincludes\bp-mutual-friends-functions.php:118

filterbp_get_member_latest_updateincludes\bp-mutual-friends-functions.php:199

filterbp_r_t_my_profile_urlincludes\bp-mutual-friends-functions.php:214

actionbp_loadedincludes\bp-mutual-friends-loader.php:149

actionbp_screensincludes\bp-mutual-friends-screens.php:31

actionbp_template_contentincludes\bp-mutual-friends-screens.php:38

Maintenance & Trust

Mutual Buddies Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedJul 22, 2017

PHP min version

Downloads15K

Community Trust

Rating100/100

Number of ratings7

Active installs70

Alternatives

Mutual Buddies Alternatives

BP Mutual Friends

bp-mutual-friends

List users' mutual friends in BuddyPress easily. One click install and setup.

10 No CVEs

WP Social AutoConnect

wp-fb-autoconnect

A lightweight but powerful Facebook login plugin, easy to setup and transparent to new and returning users alike. Supports Buddypress.

500 1 unpatched

BuddyPress Extended Friendship Request

buddypress-extended-friendship-request

100

BuddyPress Extended Friendship Request plugin allows users to send a personalized message with the friendship requests.

300 1 CVE

Buddypress Friend of a Friend (FOAF)

buddypress-foaf

This plugin includes a new block inside each user profile page and includes a "Friend of a Friend (FOAF)" display.

20 No CVEs

Share It for All Users on BuddyPress YR

buddy-share-it-allusers-fb-yr

100

For generate WP custom buttons, social share, Facebook Like, Buddypress Activity buttons, Viber Whatsapp Telegram Google and other buttons

10 No CVEs

Developer Profile

Mutual Buddies Developer Profile

Paresh Radadiya

1 plugin · 70 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Mutual Buddies

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mutual-buddies/assets/css/magnific-popup.min.css/wp-content/plugins/mutual-buddies/assets/css/bp-mutual-friends.min.css/wp-content/plugins/mutual-buddies/assets/js/jquery-magnific-popup.min.js/wp-content/plugins/mutual-buddies/assets/js/bp-mutual-friends.min.js/wp-content/plugins/mutual-buddies/assets/js/jquery-magnific-popup.js/wp-content/plugins/mutual-buddies/assets/js/bp-mutual-friends.js

Script Paths

/wp-content/plugins/mutual-buddies/assets/js/jquery-magnific-popup.min.js/wp-content/plugins/mutual-buddies/assets/js/bp-mutual-friends.min.js/wp-content/plugins/mutual-buddies/assets/js/jquery-magnific-popup.js/wp-content/plugins/mutual-buddies/assets/js/bp-mutual-friends.js

Version Parameters

mutual-buddies/assets/css/magnific-popup.min.css?ver=mutual-buddies/assets/css/bp-mutual-friends.min.css?ver=mutual-buddies/assets/js/jquery-magnific-popup.min.js?ver=mutual-buddies/assets/js/bp-mutual-friends.min.js?ver=mutual-buddies/assets/js/jquery-magnific-popup.js?ver=mutual-buddies/assets/js/bp-mutual-friends.js?ver=

HTML / DOM Fingerprints

FAQ