WP-Safety

myCred – BuddyBoss Integration Security & Risk Analysis

wordpress.org/plugins/mycred-buddyboss

Connect myCred with BuddyBoss

100 active installs v1.3.3 PHP 7.0+ WP 4.8+ Updated Apr 16, 2025
buddybosscommunitygamificationmycredsocial
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is myCred – BuddyBoss Integration Safe to Use in 2026?

Generally Safe

Score 100/100

myCred – BuddyBoss Integration has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago
Risk Assessment

The "mycred-buddyboss" plugin version 1.3.3 exhibits a generally good security posture due to its diligent use of prepared statements for SQL queries and high rate of output escaping. The absence of any recorded vulnerabilities or known CVEs is a significant strength, suggesting a history of secure development and timely patching if issues have arisen. The plugin also avoids common risky practices like performing file operations or making external HTTP requests, further contributing to its security.

However, a critical concern exists regarding its attack surface. The analysis reveals a single AJAX handler that lacks authentication checks. This unprotected entry point could be exploited by unauthenticated users to trigger plugin functionality, potentially leading to unintended consequences or the exposure of sensitive data if the handler's logic is not sufficiently robust against malicious input. The absence of nonce checks, which are typically used to validate AJAX requests, exacerbates this risk.

In conclusion, while the plugin demonstrates strong internal coding practices regarding data handling and sanitization, the presence of an unprotected AJAX endpoint represents a tangible security risk that should be addressed immediately. If this AJAX handler performs any sensitive operations or processes user-provided data without proper validation and authorization, it could be a significant vulnerability. The lack of past vulnerabilities is positive but does not negate the current identified risk.

Key Concerns

  • Unprotected AJAX handler
  • Missing nonce checks on AJAX
Vulnerabilities
None known

myCred – BuddyBoss Integration Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

myCred – BuddyBoss Integration Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
6 prepared
Unescaped Output
8
1089 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared6 total queries

Output Escaping

99% escaped1097 total outputs
Attack Surface
1 unprotected

myCred – BuddyBoss Integration Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_addremove_friendincludes\mycred-buddyboss-friendship-hook.php:50
WordPress Hooks 63
actionbp_activity_posted_updateincludes\mycred-buddyboss-activity-stream-hook.php:66
actionbp_before_activity_deleteincludes\mycred-buddyboss-activity-stream-hook.php:67
actionbp_activity_comment_postedincludes\mycred-buddyboss-activity-stream-hook.php:68
actionbp_activity_add_user_favoriteincludes\mycred-buddyboss-activity-stream-hook.php:69
actionbp_activity_remove_user_favoriteincludes\mycred-buddyboss-activity-stream-hook.php:70
actionbp_set_member_typeincludes\mycred-buddyboss-activity-stream-hook.php:72
actionadmin_enqueue_scriptsincludes\mycred-buddyboss-blockusers.php:24
actionwp_enqueue_scriptsincludes\mycred-buddyboss-blockusers.php:25
actionmycred_bp_before_settingsincludes\mycred-buddyboss-blockusers.php:26
filtermycred_bp_sanitize_settingsincludes\mycred-buddyboss-blockusers.php:27
filtermycred_bp_profile_headerincludes\mycred-buddyboss-blockusers.php:28
filterbp_member_members_list_itemincludes\mycred-buddyboss-blockusers.php:29
actionbp_before_member_header_metaincludes\mycred-buddyboss-blockusers.php:30
filterbp_get_activity_avatarincludes\mycred-buddyboss-blockusers.php:31
filterbbp_get_reply_author_avatarincludes\mycred-buddyboss-blockusers.php:32
actionbbp_theme_after_topic_author_detailsincludes\mycred-buddyboss-blockusers.php:33
filtermycred_addincludes\mycred-buddyboss-blockusers.php:34
actionbp_member_invite_submitincludes\mycred-buddyboss-email-invites-hook.php:59
actionbp_core_signup_userincludes\mycred-buddyboss-email-invites-hook.php:64
actionbp_core_signup_userincludes\mycred-buddyboss-email-invites-hook.php:72
actionbp_invites_member_invite_activate_userincludes\mycred-buddyboss-email-invites-hook.php:79
actionbp_invites_member_invite_activate_userincludes\mycred-buddyboss-email-invites-hook.php:83
actionbuddyboss_alter_user_resultincludes\mycred-buddyboss-events-hook.php:53
actionbp_start_followingincludes\mycred-buddyboss-events-hook.php:57
actionbp_stop_followingincludes\mycred-buddyboss-events-hook.php:61
actionbbp_new_topicincludes\mycred-buddyboss-forum-hook.php:75
actionbbp_new_forumincludes\mycred-buddyboss-forum-hook.php:78
actionbbp_add_user_favoriteincludes\mycred-buddyboss-forum-hook.php:81
actionbbp_delete_topicincludes\mycred-buddyboss-forum-hook.php:84
actionbbp_new_replyincludes\mycred-buddyboss-forum-hook.php:87
actionbbp_delete_forumincludes\mycred-buddyboss-forum-hook.php:90
actionbbp_delete_replyincludes\mycred-buddyboss-forum-hook.php:93
actionbbp_add_user_favoriteincludes\mycred-buddyboss-forum-hook.php:96
filterbbp_get_forum_author_idincludes\mycred-buddyboss-forum-hook.php:98
filterbp_get_add_friend_buttonincludes\mycred-buddyboss-friendship-hook.php:51
actionfriends_friendship_acceptedincludes\mycred-buddyboss-friendship-hook.php:55
actionfriends_friendship_deletedincludes\mycred-buddyboss-friendship-hook.php:59
actionfriends_friendship_requestedincludes\mycred-buddyboss-friendship-hook.php:62
actionbuddyboss_alter_user_resultincludes\mycred-buddyboss-group-hook.php:69
actiongroups_group_create_completeincludes\mycred-buddyboss-group-hook.php:72
filterbp_user_can_create_groupsincludes\mycred-buddyboss-group-hook.php:75
actiongroups_join_groupincludes\mycred-buddyboss-group-hook.php:78
actiongroups_leave_groupincludes\mycred-buddyboss-group-hook.php:82
actiongroups_membership_acceptedincludes\mycred-buddyboss-group-hook.php:87
actiongroups_invite_userincludes\mycred-buddyboss-group-hook.php:90
actionbp_groups_posted_updateincludes\mycred-buddyboss-group-hook.php:93
actionbp_activity_action_delete_activityincludes\mycred-buddyboss-group-hook.php:96
actiongroups_promote_memberincludes\mycred-buddyboss-group-hook.php:99
actionmessages_message_sentincludes\mycred-buddyboss-message-hook.php:39
actionbuddyboss_alter_user_resultincludes\mycred-buddyboss-profile-hook.php:61
actionxprofile_avatar_uploadedincludes\mycred-buddyboss-profile-hook.php:64
actionxprofile_cover_image_uploadedincludes\mycred-buddyboss-profile-hook.php:67
actionxprofile_updated_profileincludes\mycred-buddyboss-profile-hook.php:71
actionxprofile_updated_profileincludes\mycred-buddyboss-profile-hook.php:75
actionbp_core_activated_userincludes\mycred-buddyboss-profile-hook.php:79
actionbp_set_member_typeincludes\mycred-buddyboss-profile-hook.php:82
actionadmin_noticesmycred-buddyboss.php:66
actionwp_enqueue_scriptsmycred-buddyboss.php:100
actionadmin_enqueue_scriptsmycred-buddyboss.php:101
filtermycred_setup_hooksmycred-buddyboss.php:102
actionmycred_load_hooksmycred-buddyboss.php:103
filtermycred_all_referencesmycred-buddyboss.php:104
filtermycred_bp_change_textmycred-buddyboss.php:105
Maintenance & Trust

myCred – BuddyBoss Integration Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedApr 16, 2025
PHP min version7.0
Downloads8K

Community Trust

Rating100/100
Number of ratings5
Active installs100
Alternatives

myCred – BuddyBoss Integration Alternatives

FluentCommunity – Ultra-Fast High-Performance Social Network, Community, LMS & Online Courses

FluentCommunity – Ultra-Fast High-Performance Social Network, Community, LMS & Online Courses

fluent-community

A
93

Get a fast & all-in-one community plugin. Create unlimited communities, and courses with robust social networking and LMS features.

7K 2 CVEs
SpeakOut! Email Petitions

SpeakOut! Email Petitions

speakout

A
95

SpeakOut! Email Petitions makes it easy to add petitions to your website and rally your community to Speak Out about a cause by using direct action.

3K 4 CVEs
BuddyPress Builder for Elementor – BuddyBuilder

BuddyPress Builder for Elementor – BuddyBuilder

stax-buddy-builder

A
98

BuddyPress builder for Elementor — design member profiles, group pages, activity feeds and directories with drag & drop.

1K 3 CVEs
BuddyKit – Additional features for BuddyPress

BuddyKit – Additional features for BuddyPress

buddykit

A
85

BuddyKit adds several features like Live Notifications and Media Activities to your BuddyPress powered websites.

100 No CVEs
myCred Tutor LMS – Gamification in eLearning

myCred Tutor LMS – Gamification in eLearning

mycred-tutor-lms-gamification-in-elearning

A
100

Connect mycred with Tutor LMS

100 No CVEs
Developer Profile

myCred – BuddyBoss Integration Developer Profile

Saad Iqbal

84 plugins · 1.4M total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
287 days
View full developer profile
Detection Fingerprints

How We Detect myCred – BuddyBoss Integration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mycred-buddyboss/assets/js/script.js/wp-content/plugins/mycred-buddyboss/assets/css/style.css
Script Paths
mycred_buddyboss_admin_script
Version Parameters
mycred-buddyboss/assets/js/script.js?ver=mycred-buddyboss/assets/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
mycred_buddyboss_admin_scriptmycred_buddyboss_admin_style
HTML Comments
This plugin is now part of the myCred Toolkit and will no longer be updated independently.myCred BuddyBoss is now part of the myCred Toolkit and will no longer receive updates here. Only security fixes will be provided.
FAQ

Frequently Asked Questions about myCred – BuddyBoss Integration