WP-Safety

BuddyPress for Sensei Security & Risk Analysis

wordpress.org/plugins/sensei-buddypress

BuddyPress for Sensei integrates the WooThemes Sensei plugin with BuddyPress, so you can add groups, activity, members, and forums to your courses.

90 active installs v1.2.3 PHP + WP 3.8+ Updated Sep 18, 2018
buddypresslmssenseiwoothemeswoothemes-sensei
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is BuddyPress for Sensei Safe to Use in 2026?

Generally Safe

Score 85/100

BuddyPress for Sensei has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "sensei-buddypress" plugin v1.2.3 exhibits a mixed security posture. While it has a clean vulnerability history with no recorded CVEs, suggesting a generally well-maintained codebase, the static analysis reveals significant areas of concern. The presence of one unprotected AJAX handler is a critical finding, as it represents a direct entry point for attackers without any authentication or authorization checks. Furthermore, the taint analysis indicates two high-severity flows with unsanitized paths, implying potential for data manipulation or unauthorized access if these flows are exploited.

The plugin demonstrates good practices in areas like SQL query preparation and output escaping, with a substantial percentage of queries being prepared and a high percentage of outputs being escaped. However, the identified unprotected AJAX handler and high-severity taint flows significantly overshadow these positive aspects. The lack of previous vulnerabilities might indicate either a recent focus on security or that potential vulnerabilities have not been discovered or exploited. The current analysis highlights immediate risks that need to be addressed.

Key Concerns

  • Unprotected AJAX handler
  • High severity taint flows
Vulnerabilities
None known

BuddyPress for Sensei Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

BuddyPress for Sensei Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
8 prepared
Unescaped Output
36
92 escaped
Nonce Checks
1
Capability Checks
6
File Operations
2
External Requests
0
Bundled Libraries
0

SQL Query Safety

57% prepared14 total queries

Output Escaping

72% escaped128 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

7 flows7 with unsanitized paths
settings_screen_save (includes\bp-sensei-group-settings.php:83)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

BuddyPress for Sensei Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_migrate_member_typeincludes\bp-sensei-member-type-migration.php:21
WordPress Hooks 42
actionbp_template_titleincludes\bp-sensei-courses.php:10
actionbp_template_contentincludes\bp-sensei-courses.php:11
actionbp_template_titleincludes\bp-sensei-courses.php:26
actionbp_template_contentincludes\bp-sensei-courses.php:27
filterpost_type_archive_linkincludes\bp-sensei-functions.php:600
actionbp_has_activitiesincludes\bp-sensei-functions.php:762
actionbp_activity_register_activity_actionsincludes\bp-sensei-functions.php:858
actionbp_has_activitiesincludes\bp-sensei-functions.php:1023
actionmessages_message_before_saveincludes\bp-sensei-functions.php:1085
actionadd_meta_boxesincludes\bp-sensei-groups.php:45
actionsave_postincludes\bp-sensei-groups.php:46
actionbody_classincludes\bp-sensei-groups.php:47
actionsensei_user_course_startincludes\bp-sensei-groups.php:48
actionsensei_user_course_resetincludes\bp-sensei-groups.php:49
actionsensei_single_course_content_inside_beforeincludes\bp-sensei-groups.php:51
filterbp_get_group_typeincludes\bp-sensei-groups.php:53
actiongroups_before_delete_groupincludes\bp-sensei-groups.php:55
actionbp_initincludes\bp-sensei-loader.php:45
actionbp_members_directory_member_typesincludes\bp-sensei-loader.php:46
actionbp_pre_user_queryincludes\bp-sensei-loader.php:47
actionbp_setup_navincludes\bp-sensei-loader.php:50
actionbp_setup_admin_barincludes\bp-sensei-loader.php:51
filterauthor_linkincludes\bp-sensei-loader.php:54
actionuser_registerincludes\bp-sensei-loader.php:57
actionset_user_roleincludes\bp-sensei-loader.php:58
actionsensei_single_lesson_content_inside_afterincludes\bp-sensei-loader.php:67
actionsensei_single_quiz_questions_beforeincludes\bp-sensei-loader.php:68
actionsensei_user_course_startincludes\bp-sensei-loader.php:71
actionadded_post_metaincludes\bp-sensei-loader.php:72
actionsensei_user_lesson_endincludes\bp-sensei-loader.php:73
actionsensei_user_course_endincludes\bp-sensei-loader.php:74
actioncomment_postincludes\bp-sensei-loader.php:75
actionsensei_single_quiz_content_inside_beforeincludes\bp-sensei-loader.php:76
filterbbppt_eligible_post_typesincludes\bp-sensei-loader.php:79
actionadmin_enqueue_scriptsincludes\bp-sensei-member-type-migration.php:20
actionwp_enqueue_scriptsincludes\main-class.php:274
actionbp_initincludes\main-class.php:282
actionbp_initincludes\main-class.php:283
actioninitincludes\main-class.php:287
actionadmin_initincludes\requirements-class.php:9
actionadmin_noticesincludes\requirements-class.php:31
actionplugins_loadedsensei-buddypress.php:116
Maintenance & Trust

BuddyPress for Sensei Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedSep 18, 2018
PHP min version
Downloads21K

Community Trust

Rating94/100
Number of ratings12
Active installs90
Alternatives

BuddyPress for Sensei Alternatives

Sensei LMS Certificates

Sensei LMS Certificates

sensei-certificates

A
100

Award your students with a certificate of completion and a sense of accomplishment after finishing a course.

5K No CVEs
BuddyPress for LearnDash

BuddyPress for LearnDash

buddypress-learndash

A
85

BuddyPress for LearnDash integrates the LearnDash LMS plugin with BuddyPress, so you can add groups, activity, members, and forums to your courses.

2K No CVEs
Sensei LMS Post to Course Creator

Sensei LMS Post to Course Creator

sensei-post-to-course

A
85

Turn your blog posts into online courses!

1K No CVEs
Learning Management System (LMS) Chat Application

Learning Management System (LMS) Chat Application

lms-chat

A
85

WP LMS Conversation allow to conversation with LMS teacher or other student.

100 No CVEs
Element Lesson Timer for Sensei

Element Lesson Timer for Sensei

sensei-lesson-timer

A
85

Lesson Timer for Sensei - a Sensei LMS plugin that adds a countdown timer to the lesson, forcing the learner to stay in the lesson until time expires.

90 No CVEs
Developer Profile

BuddyPress for Sensei Developer Profile

Syed Balkhi

94 plugins · 23.5M total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
795 days
View full developer profile
Detection Fingerprints

How We Detect BuddyPress for Sensei

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sensei-buddypress/includes/requirements-class.php/wp-content/plugins/sensei-buddypress/includes/main-class.php/wp-content/plugins/sensei-buddypress/includes/admin.php/wp-content/plugins/sensei-buddypress/includes/bp-sensei-loader.php/wp-content/plugins/sensei-buddypress/includes/bp-sensei-groups.php/wp-content/plugins/sensei-buddypress/assets/css/style.css
Script Paths
/wp-content/plugins/sensei-buddypress/assets/js/script.js
Version Parameters
sensei-buddypress/assets/css/style.css?ver=sensei-buddypress/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
bp-sensei-settings
HTML Comments
<!-- BuddyPress for Sensei -->
Data Attributes
data-plugin-slug="sensei-buddypress"
JS Globals
SenseiBuddyPress
REST Endpoints
/wp-json/sensei-buddypress/v1/settings
Shortcode Output
[sensei_buddypress_courses]
FAQ

Frequently Asked Questions about BuddyPress for Sensei