Does Status Buddy have any unpatched vulnerabilities?

No. All known vulnerabilities in Status Buddy have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Status Buddy compatible with WordPress 4.7.32?

According to WordPress.org data, Status Buddy 1.0.0 has been tested up to WordPress 4.7.32. Check the plugin's changelog for the latest compatibility information.

How often is Status Buddy updated?

Status Buddy was last updated on May 6, 2017. Frequent updates are generally a positive security signal.

What is Status Buddy's security score?

Status Buddy has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Status Buddy Security & Risk Analysis

wordpress.org/plugins/status-buddy

Here is a short description of the plugin. This should be no more than 150 characters. No markup here.

10 active installs v1.0.0 PHP + WP 3.0.1+ Updated May 6, 2017

buddypressuser-availabilityuser-onlineuser-status

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Status Buddy Safe to Use in 2026?

Generally Safe

Score 85/100

Status Buddy has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "status-buddy" v1.0.0 plugin presents a mixed security posture. On the positive side, the plugin demonstrates good coding practices in several areas. It utilizes prepared statements exclusively for its SQL queries and ensures all output is properly escaped, which are crucial for preventing common web vulnerabilities. Furthermore, the absence of file operations, external HTTP requests, and bundled libraries reduces potential attack vectors. The plugin also has no recorded vulnerabilities in its history, suggesting a history of secure development or a lack of significant public exposure.

However, a significant concern arises from the plugin's attack surface. There is one AJAX handler that lacks any authentication or authorization checks. This is a critical weakness as it allows any unauthenticated user to trigger this functionality, potentially leading to unintended actions or information disclosure if the handler performs sensitive operations. The lack of nonce checks and capability checks on this entry point further exacerbates the risk, making it easier for attackers to exploit.

While the plugin's vulnerability history is clean, this does not negate the immediate risk posed by the unprotected AJAX handler. The lack of any taint analysis results is noted, but the presence of a single, unprotected entry point into the plugin's codebase is a tangible security flaw that requires immediate attention.

Key Concerns

AJAX handler without auth checks
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Status Buddy Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Status Buddy Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

1 unprotected

Status Buddy Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_sb_record_user_activityincludes\class-status-buddy.php:177

WordPress Hooks 12

actionplugins_loadedincludes\class-status-buddy.php:143

actionadmin_enqueue_scriptsincludes\class-status-buddy.php:158

actionadmin_enqueue_scriptsincludes\class-status-buddy.php:159

actionwp_enqueue_scriptsincludes\class-status-buddy.php:173

actionwp_enqueue_scriptsincludes\class-status-buddy.php:174

actionwp_loginincludes\class-status-buddy.php:175

actionclear_auth_cookieincludes\class-status-buddy.php:176

actionheartbeat_settingsincludes\class-status-buddy.php:178

filterheartbeat_receivedincludes\class-status-buddy.php:179

filterheartbeat_nopriv_receivedincludes\class-status-buddy.php:180

actionsb_user_statusincludes\class-status-buddy.php:181

filterbp_member_nameincludes\class-status-buddy.php:182

Maintenance & Trust

Status Buddy Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32

Last updatedMay 6, 2017

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

Status Buddy Alternatives

CBX User Online & Last Login

cbxuseronline

100

Shows online users based on cookie for guest and session for registered user. It also records the last login of user.

900 No CVEs

Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages

bp-better-messages

Real-time messaging and chat rooms for WordPress ecosystem: private conversations, public and private chat rooms, video & audio calls, and more.

10K 13 CVEs

rtMedia for WordPress, BuddyPress and bbPress

buddypress-media

Add albums, photo, audio/video upload, privacy, sharing, front-end uploads & more. All this works on mobile/tablets devices.

8K 12 CVEs

BP Classic

bp-classic

BP Classic, a BuddyPress (12.0.0 & up) backwards compatibility add-on

7K No CVEs

BuddyPress Docs

buddypress-docs

Adds collaborative Docs to BuddyPress.

7K 3 CVEs

Developer Profile

Status Buddy Developer Profile

Maulik Kanani

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Status Buddy

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/status-buddy/admin/css/status-buddy-admin.css/wp-content/plugins/status-buddy/admin/js/status-buddy-admin.js

Version Parameters

status-buddy-admin

HTML / DOM Fingerprints

FAQ