WP-Safety

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages Security & Risk Analysis

wordpress.org/plugins/wc4bp

Integrate WooCommerce my account into BuddyPress member profiles. Bring your WooCommerce member pages into BuddyPress and BuddyBoss.

1K active installs v3.5.0 PHP + WP 4.9+ Updated Jun 4, 2025
buddybosswoocommerce-buddypresswoocommerce-member-pageswoocommerce-my-accountwoocommerce-profile
95
A · Safe
CVEs total5
Unpatched0
Last CVEFeb 28, 2025
Plugin page Download
Safety Verdict

Is BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages Safe to Use in 2026?

Generally Safe

Score 95/100

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

5 known CVEsLast CVE: Feb 28, 2025Updated 11mo ago
Risk Assessment

The "wc4bp" plugin v3.5.0 exhibits a mixed security posture, with some strengths overshadowed by notable weaknesses. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and has a high percentage of properly escaped output. Nonce and capability checks are also present, indicating an awareness of common WordPress security mechanisms. However, the presence of two AJAX handlers without authentication checks is a significant concern, creating a direct attack vector. The taint analysis reveals one flow with unsanitized paths and a high severity, suggesting a potential for privilege escalation or data leakage if exploited.

The vulnerability history is a major red flag. With five known CVEs, including two high and three medium severity vulnerabilities, and a recent one recorded in early 2025, this plugin has a history of significant security flaws. The common vulnerability types, Missing Authorization and Deserialization of Untrusted Data, are particularly serious and align with the findings from the taint analysis and unprotected entry points.

In conclusion, while "wc4bp" v3.5.0 has some robust security implementations, the combination of unprotected entry points, a high-severity taint flow, and a history of critical and high-severity vulnerabilities points to a plugin that requires careful scrutiny and likely a higher risk of compromise. Users should proceed with caution and prioritize patching any known vulnerabilities.

Key Concerns

  • AJAX handlers without auth checks
  • High severity taint flow with unsanitized paths
  • 2 high severity CVEs
  • 3 medium severity CVEs
  • Bundled outdated library (Freemius v1.0)
Vulnerabilities
5 published

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages Security Vulnerabilities

CVEs by Year

1 CVE in 2019
2019
2 CVEs in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
2
Medium
3

5 total CVEs

CVE-2024-13358medium · 4.3Missing Authorization

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.24 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update

Feb 28, 2025 Patched in 3.4.25 (1d)
CVE-2025-1780medium · 4.3Missing Authorization

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limited Settings Update

Feb 28, 2025 Patched in 3.4.26 (1d)
CVE-2024-35726medium · 4.3Missing Authorization

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.19 - Missing Authorization

Jun 6, 2024 Patched in 3.4.20 (7d)
CVE-2024-2025high · 8.8Deserialization of Untrusted Data

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.20 - Authenticated (Subscriber+) PHP Object Injection in get_simple_request

Mar 22, 2024 Patched in 3.4.21 (34d)
WF-3fda31fa-efc9-44b9-99ba-9e3e23aa2ee0-wc4bphigh · 8.8Missing Authorization

Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update

Feb 25, 2019 Patched in 3.2.6.1 (1793d)
Version History

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages Release Timeline

v3.5.0Current
v3.4.26
v3.4.251 CVE
CVE-2025-1780
v3.4.242 CVEs
CVE-2024-13358 CVE-2025-1780
v3.4.232 CVEs
CVE-2024-13358 CVE-2025-1780
v3.4.222 CVEs
CVE-2024-13358 CVE-2025-1780
v3.4.212 CVEs
CVE-2024-13358 CVE-2025-1780
v3.4.203 CVEs
CVE-2024-13358 CVE-2024-2025 CVE-2025-1780
v3.4.194 CVEs
CVE-2024-13358 CVE-2024-2025 CVE-2024-35726 +1 more
v3.4.184 CVEs
CVE-2024-13358 CVE-2024-2025 CVE-2024-35726 +1 more
v3.4.174 CVEs
CVE-2024-13358 CVE-2024-2025 CVE-2024-35726 +1 more
v3.4.164 CVEs
CVE-2024-13358 CVE-2024-2025 CVE-2024-35726 +1 more
v3.4.154 CVEs
CVE-2024-13358 CVE-2024-2025 CVE-2024-35726 +1 more
v3.4.144 CVEs
CVE-2024-13358 CVE-2024-2025 CVE-2024-35726 +1 more
v3.4.134 CVEs
CVE-2024-13358 CVE-2024-2025 CVE-2024-35726 +1 more
v3.4.124 CVEs
CVE-2024-13358 CVE-2024-2025 CVE-2024-35726 +1 more
v3.4.114 CVEs
CVE-2024-13358 CVE-2024-2025 CVE-2024-35726 +1 more
v3.4.104 CVEs
CVE-2024-13358 CVE-2024-2025 CVE-2024-35726 +1 more
v3.4.94 CVEs
CVE-2024-13358 CVE-2024-2025 CVE-2024-35726 +1 more
v3.4.84 CVEs
CVE-2024-13358 CVE-2024-2025 CVE-2024-35726 +1 more
Code Analysis
Analyzed Mar 16, 2026

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
7 prepared
Unescaped Output
33
291 escaped
Nonce Checks
10
Capability Checks
17
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared7 total queries

Output Escaping

90% escaped324 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<class-request-helper> (class\includes\class-request-helper.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages Attack Surface

Entry Points13
Unprotected2

AJAX Handlers 10

authwp_ajax_wc4bp_edit_entryadmin\admin-ajax.php:17
noprivwp_ajax_wc4bp_edit_entryadmin\admin-ajax.php:18
authwp_ajax_wc4bp_add_pageadmin\admin-ajax.php:20
noprivwp_ajax_wc4bp_add_pageadmin\admin-ajax.php:21
authwp_ajax_wc4bp_delete_pageadmin\admin-ajax.php:23
noprivwp_ajax_wc4bp_delete_pageadmin\admin-ajax.php:24
authwp_ajax_wc4bp_shop_profile_sync_ajaxadmin\admin-ajax.php:26
authwp_ajax_wc4bp_revision_reviewadmin\wc4bp-revision.php:37
authwp_ajax_wc4bp_revision_lateradmin\wc4bp-revision.php:38
authwp_ajax_wc4bp_revision_alreadyadmin\wc4bp-revision.php:39

Shortcodes 3

[wc4bp_my_downloads] class\core\wc4bp-helpers.php:88
[wc4bp_my_addresses] class\core\wc4bp-helpers.php:94
[wc4bp_my_recent_orders] class\core\wc4bp-helpers.php:114
WordPress Hooks 90
actionadmin_menuadmin\admin.php:31
actionadmin_initadmin\admin.php:32
filtershow_admin_noticeadmin\admin.php:33
actionadmin_menuadmin\admin.php:45
actionadmin_enqueue_scriptsadmin\pricing-page\pricing-page.php:25
actionadmin_noticesadmin\wc4bp-revision.php:34
actionnetwork_admin_noticesadmin\wc4bp-revision.php:35
actionadmin_enqueue_scriptsadmin\wc4bp-revision.php:36
actionbp_register_activity_actionsclass\core\wc4bp-component.php:43
filterbp_located_templateclass\core\wc4bp-component.php:44
actionbp_template_contentclass\core\wc4bp-component.php:408
actiontemplate_redirectclass\core\wc4bp-redirect.php:24
filterpage_linkclass\core\wc4bp-redirect.php:25
actionbp_template_titleclass\core\wc4bp-screen.php:274
actionbp_template_contentclass\core\wc4bp-screen.php:275
actionwc4bp_after_track_bodyclass\core\wc4bp-screen.php:422
actionxprofile_profile_field_data_updatedclass\core\wc4bp-sync.php:23
actionpersonal_options_updateclass\core\wc4bp-sync.php:24
actionedit_user_profile_updateclass\core\wc4bp-sync.php:25
actionwoocommerce_checkout_update_user_metaclass\core\wc4bp-sync.php:26
actionwoocommerce_customer_save_addressclass\core\wc4bp-sync.php:27
actionshutdownclass\core\wc4bp-sync.php:105
filterbp_template_stackclass\core\wc4bp-template-compatibility.php:127
filterbp_get_template_stackclass\core\wc4bp-template-compatibility.php:177
actioninitclass\includes\class-tgm-plugin-activation.php:271
filterload_textdomain_mofileclass\includes\class-tgm-plugin-activation.php:272
actioninitclass\includes\class-tgm-plugin-activation.php:275
actionadmin_menuclass\includes\class-tgm-plugin-activation.php:424
actionadmin_headclass\includes\class-tgm-plugin-activation.php:425
filterinstall_plugin_complete_actionsclass\includes\class-tgm-plugin-activation.php:428
filterupdate_plugin_complete_actionsclass\includes\class-tgm-plugin-activation.php:429
actionadmin_noticesclass\includes\class-tgm-plugin-activation.php:432
actionadmin_initclass\includes\class-tgm-plugin-activation.php:433
actionadmin_enqueue_scriptsclass\includes\class-tgm-plugin-activation.php:434
actionload-plugins.phpclass\includes\class-tgm-plugin-activation.php:439
actionswitch_themeclass\includes\class-tgm-plugin-activation.php:442
actionswitch_themeclass\includes\class-tgm-plugin-activation.php:445
actionadmin_initclass\includes\class-tgm-plugin-activation.php:450
actionswitch_themeclass\includes\class-tgm-plugin-activation.php:455
actionload_textdomain_mofileclass\includes\class-tgm-plugin-activation.php:478
filterupgrader_source_selectionclass\includes\class-tgm-plugin-activation.php:892
actionplugins_loadedclass\includes\class-tgm-plugin-activation.php:2115
filterwc4bp_tgmpa_table_data_itemsclass\includes\class-tgm-plugin-activation.php:2239
filterupgrader_source_selectionclass\includes\class-tgm-plugin-activation.php:2980
actionadmin_initclass\includes\class-tgm-plugin-activation.php:3150
actionupgrader_process_completeclass\includes\class-tgm-plugin-activation.php:3245
filterupgrader_post_installclass\includes\class-tgm-plugin-activation.php:3304
filterupgrader_post_installclass\includes\class-tgm-plugin-activation.php:3449
actionadmin_menuclass\includes\class-wp-plugin-status.php:44
filterwp_plugin_status_view_valuesclass\includes\class-wp-plugin-status.php:45
actionnetwork_admin_noticesclass\includes\wc4bp_requirements.php:351
actionadmin_noticesclass\includes\wc4bp_requirements.php:358
actionwp_insert_commentclass\wc4bp-activity-stream.php:17
actionwoocommerce_order_status_completedclass\wc4bp-activity-stream.php:18
filterwc4bp_stream_order_completeclass\wc4bp-activity-stream.php:209
actionadmin_enqueue_scriptsclass\wc4bp-manage-admin.php:18
actioninitclass\wc4bp-manager.php:49
actionbp_includeclass\wc4bp-manager.php:50
actionnetwork_admin_noticesclass\wc4bp-manager.php:142
actionadmin_noticesclass\wc4bp-manager.php:146
actionwp_footerclass\wc4bp-myaccount-content.php:44
actionwp_enqueue_scriptsclass\wc4bp-myaccount-content.php:45
actionwp_enqueue_scriptsclass\wc4bp-myaccount-content.php:151
filterwp_headclass\wc4bp-myaccount-private.php:16
filterthe_contentclass\wc4bp-myaccount-private.php:24
filterwoocommerce_get_view_order_urlclass\wc4bp-myaccount.php:27
filterbp_notifications_get_registered_componentsclass\wc4bp-notifications.php:14
filterbp_notifications_get_notifications_for_userclass\wc4bp-notifications.php:28
actionwoocommerce_order_status_changedclass\wc4bp-notifications.php:59
filterwoocommerce_cart_item_nameclass\wc4bp-redefine-functions.php:62
actionwp_loadedclass\wc4bp-redefine-functions.php:94
actionwp_enqueue_scriptsclass\wc4bp-redefine-functions.php:116
actionwp_logoutclass\wc4bp-redefine-functions.php:132
filterwc_get_templateclass\wc4bp-redefine-functions.php:138
filterwoocommerce_account_menu_itemsclass\wc4bp-redefine-functions.php:166
actionbefore_woocommerce_initclass\wc4bp-redefine-functions.php:182
actioninitclass\wc4bp-required.php:18
actionwc4bp_tgmpa_registerclass\wc4bp-required.php:26
actionin_admin_footerclass\wc4bp-required.php:27
actioninitclass\wc4bp-status.php:24
filterwp_plugin_status_dataclass\wc4bp-status.php:25
actionupgrader_process_completeclass\wc4bp-upgrade.php:27
filterwoocommerce_is_checkoutclass\wc4bp-woocommerce.php:23
filterwoocommerce_is_account_pageclass\wc4bp-woocommerce.php:25
filterwoocommerce_get_endpoint_urlclass\wc4bp-woocommerce.php:27
filterwoocommerce_available_payment_gatewaysclass\wc4bp-woocommerce.php:28
filterwoocommerce_is_order_received_pageclass\wc4bp-woocommerce.php:32
actionplugins_loadedwc4bp-basic-integration.php:126
actionplugins_loadedwc4bp-basic-integration.php:127
actionafter_uninstallwc4bp-basic-integration.php:128
Maintenance & Trust

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 4, 2025
PHP min version
Downloads96K

Community Trust

Rating86/100
Number of ratings72
Active installs1K
Alternatives

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages Alternatives

WPML Multilingual for BuddyPress and BuddyBoss

WPML Multilingual for BuddyPress and BuddyBoss

buddypress-multilingual

A
100

WPML Multilingual for BuddyPress and BuddyBoss allows BuddyPress and BuddyBoss sites to run fully multilingual using the WPML plugin.

7K No CVEs
bbPress Notify (No-Spam)

bbPress Notify (No-Spam)

bbpress-notify-nospam

A
98

Powerful, customizable email notifications for bbPress and BuddyBoss forums — without the spam.

3K 2 CVEs
BuddyPress Builder for Elementor – BuddyBuilder

BuddyPress Builder for Elementor – BuddyBuilder

stax-buddy-builder

A
98

BuddyPress builder for Elementor — design member profiles, group pages, activity feeds and directories with drag & drop.

1K 3 CVEs
BuddyPress & BuddyBoss Member Profile Forms

BuddyPress & BuddyBoss Member Profile Forms

buddyforms-members

A
92

Create custom Member Profile Tabs and Registration Forms in BuddyPress and BuddyBoss. Allow your Members to create, edit, and delete any kind of data &hellip;

400 1 CVE
BuddyPress Simple Events

BuddyPress Simple Events

buddypress-simple-events

A
92

A simple Events plugin for BuddyPress or the BuddyBoss Platform.

200 No CVEs
Developer Profile

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages Developer Profile

Themekraft

12 plugins · 5K total installs

69
trust score
Avg Security Score
86/100
Avg Patch Time
375 days
View full developer profile
Detection Fingerprints

How We Detect BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wc4bp/assets/css/wc4bp-admin.css/wp-content/plugins/wc4bp/assets/css/wc4bp-frontend.css/wp-content/plugins/wc4bp/assets/js/wc4bp-admin.js/wp-content/plugins/wc4bp/assets/js/wc4bp-frontend.js
Script Paths
/wp-content/plugins/wc4bp/assets/js/wc4bp-admin.js/wp-content/plugins/wc4bp/assets/js/wc4bp-frontend.js
Version Parameters
wc4bp/assets/css/wc4bp-admin.css?ver=wc4bp/assets/css/wc4bp-frontend.css?ver=wc4bp/assets/js/wc4bp-admin.js?ver=wc4bp/assets/js/wc4bp-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
wc4bp_woocommerce_products_widget
HTML Comments
This script is free software; you can redistribute it and/or modifyThis program is distributed in the hope that it will be useful,You should have received a copy of the GNU General Public License
Data Attributes
data-wc4bp-product-id
JS Globals
wc4bp_params
FAQ

Frequently Asked Questions about BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages