Does BuddyPress Builder for Elementor – BuddyBuilder have any unpatched vulnerabilities?

No. All known vulnerabilities in BuddyPress Builder for Elementor – BuddyBuilder have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BuddyPress Builder for Elementor – BuddyBuilder compatible with WordPress 6.9.4?

According to WordPress.org data, BuddyPress Builder for Elementor – BuddyBuilder 1.9.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is BuddyPress Builder for Elementor – BuddyBuilder compatible with PHP 7.4+?

BuddyPress Builder for Elementor – BuddyBuilder requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is BuddyPress Builder for Elementor – BuddyBuilder's security score?

BuddyPress Builder for Elementor – BuddyBuilder has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BuddyPress Builder for Elementor – BuddyBuilder Security & Risk Analysis

wordpress.org/plugins/stax-buddy-builder

BuddyPress builder for Elementor — design member profiles, group pages, activity feeds and directories with drag & drop.

1K active installs v1.9.1 PHP 7.4+ WP 5.0+ Updated Feb 24, 2026

buddybossbuddypressbuddypress-buildercommunity-builderelementor

A · Safe

CVEs total3

Unpatched0

Last CVENov 12, 2024

Plugin page Download

Safety Verdict

Is BuddyPress Builder for Elementor – BuddyBuilder Safe to Use in 2026?

Generally Safe

Score 98/100

BuddyPress Builder for Elementor – BuddyBuilder has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Nov 12, 2024Updated 1mo ago

Risk Assessment

The "stax-buddy-builder" plugin version 1.9.1 presents a mixed security posture. While it demonstrates good practices such as the exclusive use of prepared statements for SQL queries and a significant number of capability checks, there are notable areas of concern. The presence of an unprotected AJAX handler represents a direct entry point that could be exploited without proper authentication or authorization, posing a risk. Furthermore, the static analysis indicates that a substantial portion of output is not properly escaped, potentially opening the door for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is rendered directly.

The plugin's vulnerability history is a significant red flag, with three known medium-severity CVEs, all of which are reportedly patched. However, the common types of past vulnerabilities, including Authorization Bypass and Missing Authorization, are often related to how entry points are handled. This, combined with the unprotected AJAX handler, suggests a pattern where authorization checks may be inconsistently applied. Despite the absence of critical taint flows and the lack of raw SQL queries, the unprotected entry point and the output escaping issues warrant careful consideration. The plugin benefits from its SQL handling and nonce checks, but these strengths are currently outweighed by the identified risks.

Key Concerns

Unprotected AJAX handler
Low percentage of properly escaped output
Past medium vulnerabilities (3 total)

Vulnerabilities

BuddyPress Builder for Elementor – BuddyBuilder Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2023

2023

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2024-10778medium · 4.3Authorization Bypass Through User-Controlled Key

BuddyPress Builder for Elementor – BuddyBuilder <= 1.7.4 - Authenticated (Contributor+) Post Disclosure

Nov 12, 2024 Patched in 1.8.0 (3d)

WF-23924342-3b1d-4360-bd87-104091283e35-stax-buddy-buildermedium · 4.3Cross-Site Request Forgery (CSRF)

BuddyBuilder - BuddyPress Builder for Elementor <= 1.7.3 - Cross-Site Request Forgery

Jul 10, 2023 Patched in 1.7.4 (197d)

WF-84003388-c47c-41db-8d2d-4643aa375a89-stax-buddy-buildermedium · 4.3Missing Authorization

Appsero <= 1.2.1 - Missing Authorization

Dec 16, 2022 Patched in 1.7.2 (699d)

Code Analysis

Analyzed Mar 16, 2026

BuddyPress Builder for Elementor – BuddyBuilder Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

202 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

68% escaped298 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

<layout> (admin\layout.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

BuddyPress Builder for Elementor – BuddyBuilder Attack Surface

Entry Points3

Unprotected1

AJAX Handlers 1

authwp_ajax_bpb_admin_notice_viewedcore\Notices.php:19

Shortcodes 2

[elementor-template] core\library\module.php:55

[elementor-template-preview] core\library\module.php:59

WordPress Hooks 85

actioninitadmin\Admin.php:37

actionadmin_menuadmin\Admin.php:53

actionadmin_menuadmin\Admin.php:54

filteradmin_body_classadmin\Admin.php:55

actionadmin_enqueue_scriptsadmin\Admin.php:56

actionadmin_post_bpb_settingsadmin\pages\Settings.php:37

filterbuddy_builder/tpl/profile-member/content/rendercore\compat\rtmedia.php:4

filterbuddy_builder/tpl/profile-group/content/rendercore\compat\rtmedia.php:37

actionplugins_loadedcore\hooks\BuddypressHooks.php:29

actionbp_initcore\hooks\BuddypressHooks.php:30

filterbp_get_template_stackcore\hooks\BuddypressHooks.php:32

filterbp_get_theme_package_idcore\hooks\BuddypressHooks.php:33

filteroption__bp_theme_package_idcore\hooks\BuddypressHooks.php:34

filtertemplate_includecore\hooks\BuddypressHooks.php:35

filterrtmedia_located_templatecore\hooks\BuddypressHooks.php:43

filterbody_classcore\hooks\BuddypressHooks.php:45

filterbp_nouveau_customizer_controlscore\hooks\BuddypressHooks.php:46

filterbp_after_nouveau_appearance_settings_parse_argscore\hooks\BuddypressHooks.php:47

filterbp_nouveau_get_loop_classescore\hooks\BuddypressHooks.php:48

actionthe_contentcore\hooks\BuddypressHooks.php:49

filterbp_after_members_cover_image_settings_parse_argscore\hooks\BuddypressHooks.php:51

filterbp_after_groups_cover_image_settings_parse_argscore\hooks\BuddypressHooks.php:52

filterbp_ajax_querystringcore\hooks\BuddypressHooks.php:54

actionafter_setup_themecore\hooks\BuddypressHooks.php:84

actionafter_setup_themecore\hooks\BuddypressHooks.php:95

filterbp_nouveau_get_loop_classescore\hooks\BuddypressHooks.php:589

actioncustomize_save_aftercore\hooks\CustomizerHooks.php:26

actionelementor/initcore\hooks\ElementorHooks.php:29

actioninitcore\hooks\ElementorHooks.php:30

actionelementor/element/column/layout/before_section_endcore\hooks\ElementorHooks.php:32

actionelementor/elements/categories_registeredcore\hooks\ElementorHooks.php:53

actionelementor/widgets/widgets_registeredcore\hooks\ElementorHooks.php:54

actionelementor/editor/after_enqueue_stylescore\hooks\ElementorHooks.php:55

actionelementor/editor/after_savecore\hooks\ElementorHooks.php:56

filtertemplate_includecore\hooks\ElementorHooks.php:58

filterelementor/document/urls/exit_to_dashboardcore\hooks\ElementorHooks.php:59

actionwpcore\hooks\ElementorHooks.php:61

filterbuddy_builder/has_template/precore\hooks\ElementorHooks.php:75

actionelementor/element/common/_section_position/before_section_endcore\hooks\ElementorHooks.php:130

filtermanage_elementor_library_posts_columnscore\library\module.php:46

actionmanage_elementor_library_posts_custom_columncore\library\module.php:47

actionmanage_elementor_library_posts_custom_columncore\library\module.php:51

actionelementor/template-library/create_new_dialog_fieldscore\library\module.php:62

actionadmin_enqueue_scriptscore\library\module.php:70

actionadmin_post_bpb_admin_notice_viewedcore\Notices.php:20

actionplugins_loadedcore\Plugin.php:155

actionwp_enqueue_scriptscore\Plugin.php:156

actionbp_enqueue_scriptscore\Plugin.php:157

actionwp_enqueue_scriptscore\Plugin.php:158

filterbp_nouveau_enqueue_stylescore\Plugin.php:159

actionadmin_noticescore\Plugin.php:202

actionadmin_noticescore\Plugin.php:209

actionadmin_noticescore\Plugin.php:213

actionadmin_noticescore\Plugin.php:227

actionplugins_loadedcore\Plugin.php:316

actionelementor/ajax/register_actionscore\template\module.php:74

actionadmin_initcore\template\module.php:76

actionelementor/template-library/after_save_templatecore\template\module.php:79

actionadmin_noticescore\Upgrades.php:57

filterbuddy_builder/has_template/precore\widgets\general\ActivityListing.php:375

filterbp_current_componentcore\widgets\general\ActivityListing.php:377

filterbuddy_builder/has_template/precore\widgets\general\GroupsListing.php:596

filterbp_current_componentcore\widgets\general\GroupsListing.php:610

filterbp_nouveau_get_loop_classescore\widgets\general\GroupsListing.php:611

filterbp_get_groups_pagination_countcore\widgets\general\GroupsListing.php:615

filterbp_get_groups_pagination_linkscore\widgets\general\GroupsListing.php:616

filterbuddy_builder/has_template/precore\widgets\general\MembersListing.php:355

filterbp_current_componentcore\widgets\general\MembersListing.php:369

filterbp_nouveau_get_loop_classescore\widgets\general\MembersListing.php:370

filterbp_members_pagination_countcore\widgets\general\MembersListing.php:374

filterbp_get_members_pagination_linkscore\widgets\general\MembersListing.php:375

filterbuddy_builder/widget/filters/list_toggle/enabledcore\widgets\groups-directory\Filters.php:1093

filterbuddy_builder/widget/filters/list_toggle/enabledcore\widgets\members-directory\Filters.php:1095

actionbuddy_builder/widget/profile-group/leadership/settingscore\widgets\profile-group\leadership\BuddybossSettings.php:22

actionbuddy_builder/widget/profile-group/leadership/settingscore\widgets\profile-group\leadership\BuddypressSettings.php:20

actionbuddy_builder/widget/sitewide-activity/content/settingscore\widgets\sitewide-activity\content\BuddybossSettings.php:24

actionbuddy_builder/widget/sitewide-activity/content/settingscore\widgets\sitewide-activity\content\BuddypressSettings.php:22

actionbuddy_builder/widget/sitewide-activity/filters/settingscore\widgets\sitewide-activity\filters\BuddybossSettings.php:23

actionbuddy_builder/widget/sitewide-activity/filters/settingscore\widgets\sitewide-activity\filters\BuddypressSettings.php:21

actionbuddy_builder/widget/sitewide-activity/form/settingscore\widgets\sitewide-activity\form\BuddybossSettings.php:23

actionbuddy_builder/widget/sitewide-activity/form/settingscore\widgets\sitewide-activity\form\BuddypressSettings.php:21

actionbuddy_builder/widget/sitewide-activity/navigation/settingscore\widgets\sitewide-activity\navigation\BuddybossSettings.php:23

actionbuddy_builder/widget/sitewide-activity/navigation/settingscore\widgets\sitewide-activity\navigation\BuddypressSettings.php:21

actioninitfunctions.php:538

actioninitloader.php:50

Maintenance & Trust

BuddyPress Builder for Elementor – BuddyBuilder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 24, 2026

PHP min version7.4

Downloads94K

Community Trust

Rating92/100

Number of ratings56

Active installs1K

Alternatives

BuddyPress Builder for Elementor – BuddyBuilder Alternatives

WPML Multilingual for BuddyPress and BuddyBoss

buddypress-multilingual

100

WPML Multilingual for BuddyPress and BuddyBoss allows BuddyPress and BuddyBoss sites to run fully multilingual using the WPML plugin.

7K No CVEs

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages

wc4bp

Integrate WooCommerce my account into BuddyPress member profiles. Bring your WooCommerce member pages into BuddyPress and BuddyBoss.

1K 5 CVEs

BuddyPress & BuddyBoss Member Profile Forms

buddyforms-members

Create custom Member Profile Tabs and Registration Forms in BuddyPress and BuddyBoss. Allow your Members to create, edit, and delete any kind of data …

400 1 CVE

BuddyPress Simple Events

buddypress-simple-events

100

A simple Events plugin for BuddyPress or the BuddyBoss Platform.

200 No CVEs

Match Me for BuddyPress & BuddyBoss

match-me-for-buddypress

100

Turn your BuddyPress or BuddyBoss community into a matchmaking platform with weighted compatibility scoring and smart comparison.

200 No CVEs

Developer Profile

BuddyPress Builder for Elementor – BuddyBuilder Developer Profile

StaxWP

5 plugins · 32K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

351 days

View full developer profile

Detection Fingerprints

How We Detect BuddyPress Builder for Elementor – BuddyBuilder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/stax-buddy-builder/assets/css/frontend.css/wp-content/plugins/stax-buddy-builder/assets/js/frontend.js/wp-content/plugins/stax-buddy-builder/admin/assets/css/admin.css

Script Paths

/wp-content/plugins/stax-buddy-builder/assets/js/frontend.js

Version Parameters

stax-buddy-builder/assets/css/frontend.css?ver=stax-buddy-builder/assets/js/frontend.js?ver=stax-buddy-builder/admin/assets/css/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

stax-buddybuilder-admin-page

Data Attributes

data-id

JS Globals

Buddy_Builder_Frontend

FAQ