WP-Safety

Wbcom Designs – BuddyPress Group Reviews Security & Risk Analysis

wordpress.org/plugins/review-buddypress-groups

BuddyPress Group Reviews allows members to add group reviews and rate groups with multiple criteria.

70 active installs v3.8.1 PHP 7.4+ WP 4.0+ Updated Mar 13, 2026
buddypressgroups
99
A · Safe
CVEs total3
Unpatched0
Last CVEJun 16, 2022
Plugin page Download
Safety Verdict

Is Wbcom Designs – BuddyPress Group Reviews Safe to Use in 2026?

Generally Safe

Score 99/100

Wbcom Designs – BuddyPress Group Reviews has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Jun 16, 2022Updated 2mo ago
Risk Assessment

The "review-buddypress-groups" plugin v3.8.1 presents a mixed security posture. On the positive side, the plugin demonstrates good practices with a high percentage of properly escaped outputs and a significant majority of SQL queries utilizing prepared statements. The presence of numerous nonce and capability checks also suggests an awareness of security principles. However, there are notable areas of concern.

The static analysis reveals a substantial attack surface with 29 total entry points, of which 2 are unprotected. This is further compounded by 4 REST API routes, 2 of which lack proper permission callbacks, making them potentially exploitable without authentication. While the taint analysis did not reveal critical or high-severity issues, a flow with unsanitized paths is a red flag that warrants investigation, as even lower-severity unsanitized flows can lead to vulnerabilities.

The plugin's vulnerability history is a significant concern. With 3 known medium-severity CVEs, specifically related to Missing Authorization and Cross-Site Scripting, the plugin has a track record of exploitable weaknesses. Although none are currently unpatched, the recurring nature of these vulnerability types suggests that developers may not have fully addressed the root causes in past fixes. The last vulnerability was identified in mid-2022, meaning recent versions haven't been independently vetted or have been vulnerable since then. In conclusion, while the plugin has strengths in output escaping and prepared statements, the unprotected entry points, the presence of unsanitized paths, and the history of authorization and XSS vulnerabilities necessitate caution.

Key Concerns

  • REST API routes without permission callbacks
  • Unprotected entry points (AJAX/REST)
  • Taint flow with unsanitized paths
  • Medium severity CVEs in history (x3)
Vulnerabilities
3 published

Wbcom Designs – BuddyPress Group Reviews Security Vulnerabilities

CVEs by Year

3 CVEs in 2022
2022
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2022-2108medium · 6.5Missing Authorization

Wbcom Designs – BuddyPress Group Reviews <= 2.8.3 - Unauthorized AJAX Actions due to Nonce Bypass

Jun 16, 2022 Patched in 2.8.4 (586d)
WF-8d7de93c-f642-4870-b2f9-5070fdccd26b-review-buddypress-groupsmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Wbcom Designs – BuddyPress Group Reviews <= 2.8.1 - Cross-Site Scripting

May 25, 2022 Patched in 2.8.2 (608d)
WF-74d222b9-22e9-485d-8111-d3bee505b200-review-buddypress-groupsmedium · 6.3Missing Authorization

Wbcom Designs Plugins (Various Versions) - Arbitrary Plugin Installation, Activation and Deactivation

Apr 13, 2022 Patched in 2.8.1 (1057d)
Version History

Wbcom Designs – BuddyPress Group Reviews Release Timeline

v3.8.1Current
v3.8.0
v3.7.0
v3.6.0
v3.5.0
v3.4.0
v3.3.0
v3.2.2
v3.2.1
v3.1.0
Code Analysis
Analyzed Mar 16, 2026

Wbcom Designs – BuddyPress Group Reviews Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
8 prepared
Unescaped Output
17
423 escaped
Nonce Checks
19
Capability Checks
14
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

80% prepared10 total queries

Output Escaping

96% escaped440 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths
bp_group_review_bulk_action_notices (includes\bgr-filters.php:537)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Wbcom Designs – BuddyPress Group Reviews Attack Surface

Entry Points29
Unprotected2

AJAX Handlers 22

authwp_ajax_wbcom_addons_cardsadmin\wbcom\wbcom-admin-settings.php:30
authwp_ajax_bp_group_review_save_admin_criteria_settingsincludes\bgr-ajax.php:37
authwp_ajax_bp_group_review_save_admin_display_settingsincludes\bgr-ajax.php:38
authwp_ajax_bp_group_review_save_admin_general_settingsincludes\bgr-ajax.php:39
authwp_ajax_bp_group_review_accept_reviewincludes\bgr-ajax.php:40
noprivwp_ajax_bp_group_review_accept_reviewincludes\bgr-ajax.php:41
authwp_ajax_bp_group_review_deny_reviewincludes\bgr-ajax.php:42
noprivwp_ajax_bp_group_review_deny_reviewincludes\bgr-ajax.php:43
authwp_ajax_bp_group_remove_reviewincludes\bgr-ajax.php:44
noprivwp_ajax_bp_group_remove_reviewincludes\bgr-ajax.php:45
authwp_ajax_bp_group_submit_reviewincludes\bgr-ajax.php:46
noprivwp_ajax_bp_group_submit_reviewincludes\bgr-ajax.php:47
authwp_ajax_bp_group_review_admin_approve_reviewincludes\bgr-ajax.php:50
authwp_ajax_bp_group_review_admin_deny_reviewincludes\bgr-ajax.php:52
authwp_ajax_bp_group_review_filter_ratingsincludes\bgr-ajax.php:54
noprivwp_ajax_bp_group_review_filter_ratingsincludes\bgr-ajax.php:55
authwp_ajax_bgr_save_group_criteria_settingsincludes\bgr-group-criteria-ajax.php:65
authwp_ajax_bgr_add_custom_criteriaincludes\bgr-group-criteria-ajax.php:114
authwp_ajax_bgr_archive_custom_criteriaincludes\bgr-group-criteria-ajax.php:152
authwp_ajax_bgr_delete_custom_criteriaincludes\bgr-group-criteria-ajax.php:190
authwp_ajax_bgr_toggle_global_criteriaincludes\bgr-group-criteria-ajax.php:229
authwp_ajax_bgr_get_group_criteriaincludes\bgr-group-criteria-ajax.php:261

REST API Routes 4

GET/wp-json/buddypress/v1/groups/(?P<group_id>\d+)/reviewsincludes\bgr-bp-rest-integration.php:232
GET/wp-json/buddypress/v1/groups/(?P<group_id>\d+)/reviews/(?P<review_id>\d+)includes\bgr-bp-rest-integration.php:291
GET/wp-json/bgr/v1/groups/(?P<id>\d+)/criteriaincludes\bgr-group-criteria-ajax.php:304
GET/wp-json/bgr/v1/groups/(?P<id>\d+)/criteriaincludes\bgr-group-criteria-ajax.php:337

Shortcodes 3

[wbcom_admin_setting_header] admin\wbcom\wbcom-admin-settings.php:27
[add_group_review_form] includes\bgr-shortcodes.php:32
[bgr_display_top_groups] includes\bgr-shortcodes.php:33
WordPress Hooks 76
actionadmin_initadmin\bgr-admin-feedback.php:75
actionadmin_initadmin\bgr-admin-feedback.php:76
actionadmin_noticesadmin\bgr-admin-feedback.php:91
actionadmin_menuadmin\bgr-admin.php:37
actionadmin_menuadmin\bgr-admin.php:38
actionin_admin_headeradmin\bgr-admin.php:39
actioninitadmin\bgr-admin.php:43
actioninitadmin\bgr-admin.php:44
actioninitadmin\bgr-admin.php:47
actionadmin_menuadmin\wbcom\wbcom-admin-settings.php:28
actionadmin_enqueue_scriptsadmin\wbcom\wbcom-admin-settings.php:29
actionbp_register_activity_actionsincludes\bgr-activity.php:66
actiontransition_post_statusincludes\bgr-activity.php:67
actionbgr_group_after_review_submitincludes\bgr-activity.php:68
filterbp_get_activity_content_bodyincludes\bgr-activity.php:69
filterbp_rest_groups_get_item_schemaincludes\bgr-bp-rest-integration.php:35
filterrest_prepare_buddypress_groupincludes\bgr-bp-rest-integration.php:36
actionrest_api_initincludes\bgr-bp-rest-integration.php:39
actionwp_enqueue_scriptsincludes\bgr-dynamic-css.php:56
actionwp_headincludes\bgr-dynamic-css.php:110
actionwpincludes\bgr-filters.php:37
actioninitincludes\bgr-filters.php:38
filterpost_row_actionsincludes\bgr-filters.php:39
filterbulk_actions-edit-reviewincludes\bgr-filters.php:40
filterhandle_bulk_actions-edit-reviewincludes\bgr-filters.php:41
actionadmin_noticesincludes\bgr-filters.php:42
actionrestrict_manage_postsincludes\bgr-filters.php:45
actionadmin_initincludes\bgr-filters.php:46
actionbp_before_group_header_metaincludes\bgr-filters.php:49
actionbb_group_single_top_header_actionincludes\bgr-filters.php:54
actionbp_group_header_actionsincludes\bgr-filters.php:56
actionbp_directory_groups_itemincludes\bgr-filters.php:60
actionyouzify_before_group_header_metaincludes\bgr-filters.php:64
actionyouzify_after_group_header_metaincludes\bgr-filters.php:65
filtergamipress_activity_triggersincludes\bgr-filters.php:72
filtergamipress_trigger_get_user_idincludes\bgr-filters.php:73
filterbp_nouveau_nav_has_countincludes\bgr-filters.php:76
filterbp_nouveau_get_nav_countincludes\bgr-filters.php:77
actionsave_post_reviewincludes\bgr-filters.php:80
actionbgr_group_accept_reviewincludes\bgr-filters.php:81
actionbgr_group_deny_reviewincludes\bgr-filters.php:82
actionbefore_delete_postincludes\bgr-filters.php:83
actionbp_template_contentincludes\bgr-filters.php:921
actionbp_template_contentincludes\bgr-filters.php:938
actionwp_headincludes\bgr-functions.php:40
actioninitincludes\bgr-globals.php:134
actionrest_api_initincludes\bgr-group-criteria-ajax.php:357
filterquery_varsincludes\bgr-grp-extn.php:108
actionbgr_group_add_reviewincludes\bgr-notifications.php:80
actionbgr_group_accept_reviewincludes\bgr-notifications.php:81
actionbgr_group_deny_reviewincludes\bgr-notifications.php:82
actionbp_actionsincludes\bgr-notifications.php:83
actionbgr_display_ratingsincludes\bgr-rating-display.php:39
actionbgr_display_widget_average_ratingsincludes\bgr-rating-display.php:40
actionbgr_display_group_average_ratingsincludes\bgr-rating-display.php:41
actionwp_headincludes\bgr-schema.php:30
actionwp_enqueue_scriptsincludes\bgr-scripts.php:39
actionadmin_enqueue_scriptsincludes\bgr-scripts.php:40
actionbgr_global_criteria_deletedincludes\class-bgr-group-criteria.php:82
actionbgr_global_criteria_archivedincludes\class-bgr-group-criteria.php:85
actionadmin_initincludes\class-bgr-multi-support.php:85
actionnetwork_admin_noticesincludes\class-bgr-multi-support.php:103
actionadmin_noticesincludes\class-bgr-multi-support.php:108
actionadmin_noticesincludes\class-bgr-multi-support.php:112
actionwidgets_initincludes\widgets\bgr-review.php:328
actionwidgets_initincludes\widgets\group-rating.php:289
actioninitreview-bp-grps.php:38
actionbp_loadedreview-bp-grps.php:71
actionadmin_noticesreview-bp-grps.php:82
actionbp_initreview-bp-grps.php:86
actionbp_initreview-bp-grps.php:89
actionadmin_noticesreview-bp-grps.php:109
actionadmin_initreview-bp-grps.php:112
actioninitreview-bp-grps.php:221
actionactivated_pluginreview-bp-grps.php:240
actionadmin_menureview-bp-grps.php:280
Maintenance & Trust

Wbcom Designs – BuddyPress Group Reviews Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 13, 2026
PHP min version7.4
Downloads19K

Community Trust

Rating76/100
Number of ratings4
Active installs70
Alternatives

Wbcom Designs – BuddyPress Group Reviews Alternatives

Registration Options for BuddyPress

Registration Options for BuddyPress

bp-registration-options

A
85

Moderate new BuddyPress members and fight BuddyPress spam.

1K No CVEs
BuddyPress Group Email Subscription

BuddyPress Group Email Subscription

buddypress-group-email-subscription

A
92

This powerful plugin allows users to receive email notifications of group activity. Weekly or daily digests are available.

1K No CVEs
Wbcom Designs – Shortcodes & Elementor Widgets For BuddyPress

Wbcom Designs – Shortcodes & Elementor Widgets For BuddyPress

shortcodes-for-buddypress

A
100

This plugin generates shortcodes for Listing Activity Streams, Members, and Groups on any website post or page.

700 No CVEs
BuddyPress Default Data

BuddyPress Default Data

bp-default-data

A
92

Plugin will create lots of users, messages, friends connections, groups, topics, activity items, profile data - useful for testing purpose.

400 No CVEs
BuddyPress Groups Extras

BuddyPress Groups Extras

buddypress-groups-extras

A
91

Introduce custom fields and custom pages to your BuddyPress-powered groups.

400 1 CVE
Developer Profile

Wbcom Designs – BuddyPress Group Reviews Developer Profile

wbcomdesigns

19 plugins · 10K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
807 days
View full developer profile
Detection Fingerprints

How We Detect Wbcom Designs – BuddyPress Group Reviews

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/review-buddypress-groups/assets/css/bgr-frontend.css/wp-content/plugins/review-buddypress-groups/assets/css/bgr-group-details.css/wp-content/plugins/review-buddypress-groups/assets/css/jquery.rateyo.min.css/wp-content/plugins/review-buddypress-groups/assets/css/review-buddy.css/wp-content/plugins/review-buddypress-groups/assets/js/bgr-admin.js/wp-content/plugins/review-buddypress-groups/assets/js/bgr-frontend.js/wp-content/plugins/review-buddypress-groups/assets/js/jquery.rateyo.min.js/wp-content/plugins/review-buddypress-groups/assets/js/review-buddy.js
Version Parameters
review-buddypress-groups/assets/css/bgr-frontend.css?ver=review-buddypress-groups/assets/css/bgr-group-details.css?ver=review-buddypress-groups/assets/css/jquery.rateyo.min.css?ver=review-buddypress-groups/assets/css/review-buddy.css?ver=review-buddypress-groups/assets/js/bgr-admin.js?ver=review-buddypress-groups/assets/js/bgr-frontend.js?ver=review-buddypress-groups/assets/js/jquery.rateyo.min.js?ver=review-buddypress-groups/assets/js/review-buddy.js?ver=

HTML / DOM Fingerprints

CSS Classes
bgr-group-rating-wrapbgr-group-rating-starbgr-group-rating-listbgr-single-group-ratingbgr-review-metabgr-review-contentbgr-review-titlebgr-user-review-form+6 more
HTML Comments
<!-- buddypress group reviews --><!-- group reviews --><!-- Reviews Tab Start --><!-- Reviews Tab End -->+2 more
Data Attributes
data-bp-group-reviews-ratingdata-group-iddata-user-iddata-review-iddata-criteria-name
JS Globals
BGR_Review_FrontEndBGR_Frontend_VarsBGR_Admin_Vars
REST Endpoints
/wp-json/bp-group-reviews/v1/reviews/wp-json/bp-group-reviews/v1/group/(?P<group_id>\d+)/reviews/wp-json/bp-group-reviews/v1/review/(?P<review_id>\d+)/wp-json/bp-group-reviews/v1/group/(?P<group_id>\d+)/criteria
Shortcode Output
[group_reviews][group_review_form][bp_group_reviews_stats]
FAQ

Frequently Asked Questions about Wbcom Designs – BuddyPress Group Reviews