Does Turnkey bbPress by WeaverTheme have any unpatched vulnerabilities?

No. All known vulnerabilities in Turnkey bbPress by WeaverTheme have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Turnkey bbPress by WeaverTheme compatible with WordPress 6.7.5?

According to WordPress.org data, Turnkey bbPress by WeaverTheme 1.7.1 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Turnkey bbPress by WeaverTheme compatible with PHP 7.2+?

Turnkey bbPress by WeaverTheme requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Turnkey bbPress by WeaverTheme updated?

Turnkey bbPress by WeaverTheme was last updated on Dec 17, 2024. Frequent updates are generally a positive security signal.

What is Turnkey bbPress by WeaverTheme's security score?

Turnkey bbPress by WeaverTheme has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Turnkey bbPress by WeaverTheme Security & Risk Analysis

wordpress.org/plugins/weaver-for-bbpress

At last! Turnkey bbPress. Beautiful bbPress styles. Essential layout and user/admin usability options. No CSS or PHP coding required.

300 active installs v1.7.1 PHP 7.2+ WP 6.0+ Updated Dec 17, 2024

bbpressforumoptionsstyle

A · Safe

CVEs total1

Unpatched0

Last CVEJan 3, 2025

Plugin page Download

Safety Verdict

Is Turnkey bbPress by WeaverTheme Safe to Use in 2026?

Generally Safe

Score 91/100

Turnkey bbPress by WeaverTheme has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 3, 2025Updated 1yr ago

Risk Assessment

The weaver-for-bbpress plugin v1.7.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries, implementing numerous nonce and capability checks, and having no external HTTP requests or bundled libraries. The attack surface appears to be minimal, with no exposed AJAX handlers, REST API routes, shortcodes, or cron events without appropriate checks.

However, significant concerns arise from the static analysis. The presence of the `unserialize` function is a red flag, especially in conjunction with two identified taint flows with unsanitized paths, categorized as high severity. This combination suggests a potential for serious vulnerabilities, such as remote code execution or object injection, if user-controlled data is not properly sanitized before being unserialized. The output escaping also needs improvement, with only 39% of outputs being properly escaped, indicating a risk of cross-site scripting (XSS) vulnerabilities.

The vulnerability history shows one past medium-severity CVE related to cross-site scripting. While there are no currently unpatched vulnerabilities, the previous XSS issue, combined with the current code analysis findings regarding unsanitized taint flows and insufficient output escaping, points to a recurring pattern of input validation and output sanitization weaknesses. The plugin has strengths in its access control and query practices, but the identified issues with unserialization and taint analysis present a notable risk that requires attention.

Key Concerns

High severity unsanitized taint flows
Unescaped output detected
Use of dangerous unserialize function
Past medium severity CVE

Vulnerabilities

Turnkey bbPress by WeaverTheme Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-12221medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Turnkey bbPress by WeaverTheme <= 1.6.3 - Reflected Cross-Site Scripting via _wpnonce Parameter

Jan 3, 2025 Patched in 1.7.1 (1d)

Code Analysis

Analyzed Mar 16, 2026

Turnkey bbPress by WeaverTheme Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

28 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$restore = unserialize($contents);includes\wvrbbp-admin-lib.php:132

Output Escaping

39% escaped71 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

<downloader> (includes\downloader.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Turnkey bbPress by WeaverTheme Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 71

filterpost_row_actionsincludes\class-weaver-best-answer.php:30

actionload-edit.phpincludes\class-weaver-best-answer.php:31

filterbbp_reply_admin_linksincludes\class-weaver-best-answer.php:38

actionbbp_get_requestincludes\class-weaver-best-answer.php:41

actionbbp_theme_before_reply_contentincludes\class-weaver-best-answer.php:44

actionbbp_user_edit_after_contactincludes\wvrbbp-mentions.php:6

actionpersonal_options_updateincludes\wvrbbp-mentions.php:8

actionedit_user_profile_updateincludes\wvrbbp-mentions.php:10

actionbbp_edit_topic_post_extrasincludes\wvrbbp-mentions.php:12

actionbbp_edit_reply_post_extrasincludes\wvrbbp-mentions.php:13

actionbbp_new_topic_post_extrasincludes\wvrbbp-mentions.php:14

actionbbp_new_reply_post_extrasincludes\wvrbbp-mentions.php:15

actionbbp_theme_before_reply_form_submit_wrapperincludes\wvrbbp-private-reply.php:9

actionbbp_new_replyincludes\wvrbbp-private-reply.php:12

actionbbp_edit_replyincludes\wvrbbp-private-reply.php:13

filterbbp_get_reply_excerptincludes\wvrbbp-private-reply.php:16

filterbbp_get_reply_contentincludes\wvrbbp-private-reply.php:17

filterthe_contentincludes\wvrbbp-private-reply.php:18

filterthe_excerptincludes\wvrbbp-private-reply.php:19

filterbbp_subscription_mail_messageincludes\wvrbbp-private-reply.php:22

filterpost_classincludes\wvrbbp-private-reply.php:25

actionbbp_template_before_single_topicincludes\wvrbbp-resolve.php:45

actionbbp_theme_before_topic_titleincludes\wvrbbp-resolve.php:97

actiontemplate_redirectincludes\wvrbbp-resolve.php:136

actionbbp_initincludes\wvrbbp-runtime-actions.php:28

filterbbp_bypass_check_for_moderationincludes\wvrbbp-runtime-actions.php:33

actionbbp_new_reply_post_extrasincludes\wvrbbp-runtime-actions.php:38

actionbbp_template_after_replies_loopincludes\wvrbbp-runtime-actions.php:49

filterwp_mail_from_nameincludes\wvrbbp-runtime-actions.php:67

filterwp_mail_fromincludes\wvrbbp-runtime-actions.php:70

actionbbp_user_edit_after_contactincludes\wvrbbp-runtime-actions.php:102

actionpersonal_options_updateincludes\wvrbbp-runtime-actions.php:124

actionedit_user_profile_updateincludes\wvrbbp-runtime-actions.php:125

actionbbp_theme_after_topic_started_byincludes\wvrbbp-runtime-actions.php:159

filterbbp_get_reply_post_dateincludes\wvrbbp-runtime-actions.php:189

actionbbp_template_before_single_forumincludes\wvrbbp-runtime-actions.php:241

actionbbp_theme_before_reply_author_detailsincludes\wvrbbp-runtime-actions.php:258

filterbbp_before_get_author_link_parse_argsincludes\wvrbbp-runtime-actions.php:305

filterbbp_before_get_topic_author_link_parse_argsincludes\wvrbbp-runtime-actions.php:306

filterbbp_before_get_topic_author_link_parse_argsincludes\wvrbbp-runtime-actions.php:321

actionplugins_loadedincludes\wvrbbp-runtime-actions.php:356

actionbbp_theme_before_topic_titleincludes\wvrbbp-runtime-actions.php:358

filterbbp_before_list_forums_parse_argsincludes\wvrbbp-runtime-actions.php:385

filterbbp_before_bsp_list_forums_parse_argsincludes\wvrbbp-runtime-actions.php:386

filterbbp_before_list_forums_parse_argsincludes\wvrbbp-runtime-actions.php:403

filterbbp_before_bsp_list_forums_parse_argsincludes\wvrbbp-runtime-actions.php:404

actionbbp_template_before_single_forumincludes\wvrbbp-runtime-actions.php:418

filterbbp_get_breadcrumbincludes\wvrbbp-runtime-actions.php:426

actionbbp_register_theme_packagesincludes\wvrbbp-runtime-actions.php:462

filterbbp_get_topic_subscribe_linkincludes\wvrbbp-runtime-actions.php:482

filterbbp_after_get_the_content_parse_argsincludes\wvrbbp-runtime-actions.php:510

filterbbp_get_tiny_mce_pluginsincludes\wvrbbp-runtime-actions.php:519

filterbbp_kses_allowed_tagsincludes\wvrbbp-runtime-actions.php:522

filtershow_admin_barincludes\wvrbbp-runtime-actions.php:584

actionadmin_print_scripts-profile.phpincludes\wvrbbp-runtime-actions.php:585

actioninitincludes\wvrbbp-runtime-actions.php:589

filterbbp_default_stylesincludes\wvrbbp-runtime-actions.php:600

filterbbp_get_topic_titleincludes\wvrbbp-runtime-actions.php:671

filterbbp_get_forum_titleincludes\wvrbbp-runtime-actions.php:707

filterbbp_login_widget_titleincludes\wvrbbp-runtime-actions.php:731

filterbbp_get_logout_linkincludes\wvrbbp-runtime-actions.php:747

filterregister_urlincludes\wvrbbp-runtime-actions.php:785

actionbbp_spammed_topicincludes\wvrbbp-runtime-actions.php:832

actionbbp_unspammed_topicincludes\wvrbbp-runtime-actions.php:841

actionbbp_spammed_replyincludes\wvrbbp-runtime-actions.php:850

actionbbp_unspammed_replyincludes\wvrbbp-runtime-actions.php:859

actionbbp_theme_before_topic_form_noticesincludes\wvrbbp-runtime-actions.php:874

actionwp_headincludes\wvrbbp-runtime-actions.php:896

actionplugins_loadedweaver-for-bbpress.php:52

actionadmin_menuweaver-for-bbpress.php:62

actionwp_enqueue_scriptsweaver-for-bbpress.php:118

Maintenance & Trust

Turnkey bbPress by WeaverTheme Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedDec 17, 2024

PHP min version7.2

Downloads14K

Community Trust

Rating100/100

Number of ratings3

Active installs300

Alternatives

Turnkey bbPress by WeaverTheme Alternatives

bbp style pack

bbp-style-pack

For bbPress - Lets you style bbPress, and add display features

6K 2 CVEs

wpForo Forum

wpforo

Number one WordPress forum plugin. Full-fledged forum solution with modern and responsive forum design. Community builder WordPress forum plugin.

20K 34 CVEs

bbPress Notify (No-Spam)

bbpress-notify-nospam

Powerful, customizable email notifications for bbPress and BuddyBoss forums — without the spam.

3K 2 CVEs

Private groups

bbp-private-groups

100

For bbPress - Creates private forum groups

1K No CVEs

bbPress WP Tweaks

bbpress-wp-tweaks

100

Adds bbPress forum specific sidebar, wrapper, widgets, user columns, login links and other tweaks.

1K No CVEs

Developer Profile

Turnkey bbPress by WeaverTheme Developer Profile

wpweaver

6 plugins · 20K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

158 days

View full developer profile

Detection Fingerprints

How We Detect Turnkey bbPress by WeaverTheme

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/weaver-for-bbpress/wvrbbp-admin-style.min.css/wp-content/plugins/weaver-for-bbpress/wvrbbp-admin-style.css/wp-content/plugins/weaver-for-bbpress/js/yetii/yetii.min.js/wp-content/plugins/weaver-for-bbpress/js/yetii/yetii.js

Script Paths

/wp-content/plugins/weaver-for-bbpress/js/yetii/yetii.min.js/wp-content/plugins/weaver-for-bbpress/js/yetii/yetii.js

Version Parameters

weaver-for-bbpress/wvrbbp-admin-style.min.css?ver=weaver-for-bbpress/wvrbbp-admin-style.css?ver=weaver-for-bbpress/js/yetii/yetii.min.js?ver=weaver-for-bbpress/js/yetii/yetii.js?ver=

HTML / DOM Fingerprints

CSS Classes

bbp-template-notice

FAQ