WP-Safety

BuddyPress xProfile Checkout Manager for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woocommerce-buddypress-integration-xprofile-checkout-manager

BuddyPress xProfile Checkout Manager for WooCommerce extension where you can integrate BuddyPress xProfile into WooCommerce Checkout.

70 active installs v1.3.11 PHP + WP 3.9+ Updated May 19, 2023
buddypressmembersprofilesuserwoocommerce
85
A · Safe
CVEs total1
Unpatched0
Last CVEAug 18, 2022
Plugin page Download
Safety Verdict

Is BuddyPress xProfile Checkout Manager for WooCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

BuddyPress xProfile Checkout Manager for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 18, 2022Updated 2yr ago
Risk Assessment

The plugin 'woocommerce-buddypress-integration-xprofile-checkout-manager' v1.3.11 exhibits a generally good security posture with strong use of prepared statements for SQL queries, a high percentage of properly escaped output, and a significant number of capability and nonce checks. The attack surface is also commendably small, with no unprotected entry points identified in the static analysis. However, the presence of the dangerous `create_function` function is a notable concern. While the taint analysis did not reveal critical or high severity unsanitized paths, the identification of two flows with unsanitized paths, even if not reaching critical levels, warrants attention as they represent potential avenues for exploitation if not carefully handled. The vulnerability history shows one medium severity CVE related to Cross-Site Scripting, last identified in August 2022. While this vulnerability is no longer unpatched, its nature suggests that input sanitization and output escaping, particularly for user-supplied data, should remain a focus for developers.

Key Concerns

  • Presence of dangerous function create_function
  • Taint flows with unsanitized paths detected
  • Past medium severity XSS vulnerability
Vulnerabilities
1

BuddyPress xProfile Checkout Manager for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

WF-c5203a17-cc4f-4545-a231-dfbfb900f0fd-woocommerce-buddypress-integration-xprofile-checkout-managermedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BuddyPress xProfile Checkout Manager for WooCommerce <= 1.3.5 - Stored Cross-Site Scripting

Aug 18, 2022 Patched in 1.3.6 (523d)
Code Analysis
Analyzed Mar 16, 2026

BuddyPress xProfile Checkout Manager for WooCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
2 prepared
Unescaped Output
9
224 escaped
Nonce Checks
6
Capability Checks
13
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_action( 'admin_notices', create_function( '', 'printf(\'<div id="message" class="error"><p><stroadmin\admin-xprofile.php:19

SQL Query Safety

100% prepared2 total queries

Output Escaping

96% escaped233 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
wc4bp_xprofile_search_categories (admin\admin-xprofile-ajax.php:13)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

BuddyPress xProfile Checkout Manager for WooCommerce Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_wc4bp_xprofile_search_categoriesadmin\admin-xprofile-ajax.php:51
WordPress Hooks 47
actionwc4bp_add_submenu_pageadmin\admin-xprofile.php:13
actionadmin_enqueue_scriptsadmin\admin-xprofile.php:14
actionadmin_noticesadmin\admin-xprofile.php:19
actioninitincludes\class-tgm-plugin-activation.php:271
filterload_textdomain_mofileincludes\class-tgm-plugin-activation.php:272
actioninitincludes\class-tgm-plugin-activation.php:275
actionadmin_menuincludes\class-tgm-plugin-activation.php:424
actionadmin_headincludes\class-tgm-plugin-activation.php:425
filterinstall_plugin_complete_actionsincludes\class-tgm-plugin-activation.php:428
filterupdate_plugin_complete_actionsincludes\class-tgm-plugin-activation.php:429
actionadmin_noticesincludes\class-tgm-plugin-activation.php:432
actionadmin_initincludes\class-tgm-plugin-activation.php:433
actionadmin_enqueue_scriptsincludes\class-tgm-plugin-activation.php:434
actionload-plugins.phpincludes\class-tgm-plugin-activation.php:439
actionswitch_themeincludes\class-tgm-plugin-activation.php:442
actionswitch_themeincludes\class-tgm-plugin-activation.php:445
actionadmin_initincludes\class-tgm-plugin-activation.php:450
actionswitch_themeincludes\class-tgm-plugin-activation.php:455
actionload_textdomain_mofileincludes\class-tgm-plugin-activation.php:478
filterupgrader_source_selectionincludes\class-tgm-plugin-activation.php:892
actionplugins_loadedincludes\class-tgm-plugin-activation.php:2115
filterwc4bp_xprofile_tmpga_table_data_itemsincludes\class-tgm-plugin-activation.php:2239
filterupgrader_source_selectionincludes\class-tgm-plugin-activation.php:2980
actionadmin_initincludes\class-tgm-plugin-activation.php:3150
actionupgrader_process_completeincludes\class-tgm-plugin-activation.php:3245
filterupgrader_post_installincludes\class-tgm-plugin-activation.php:3304
filterupgrader_post_installincludes\class-tgm-plugin-activation.php:3449
actionwoocommerce_after_order_notesincludes\wc4bp-xprofile-checkout.php:15
filterwc4bp_custom_checkout_field_group_headingincludes\wc4bp-xprofile-checkout.php:87
filterwc4bp_custom_checkout_field_group_visibleincludes\wc4bp-xprofile-checkout.php:96
filterbp_xprofile_field_edit_html_elementsincludes\wc4bp-xprofile-checkout.php:223
actionwp_footerincludes\wc4bp-xprofile-checkout.php:271
actionwoocommerce_checkout_processincludes\wc4bp-xprofile-checkout.php:286
actionwoocommerce_checkout_update_user_metaincludes\wc4bp-xprofile-checkout.php:332
actionwoocommerce_checkout_update_order_metaincludes\wc4bp-xprofile-checkout.php:370
actionwoocommerce_admin_order_data_after_billing_addressincludes\wc4bp-xprofile-checkout.php:408
filterwoocommerce_email_order_meta_keysincludes\wc4bp-xprofile-checkout.php:444
filterwoocommerce_checkout_fieldsincludes\wc4bp-xprofile-checkout.php:476
actionbp_core_signup_userincludes\wc4bp-xprofile-checkout.php:520
actionbp_core_activated_userincludes\wc4bp-xprofile-checkout.php:521
actionwc4bp_core_fs_loadedincludes\wc4bp-xprofile-fs-integration.php:22
actioninitincludes\wc4bp-xprofile-required.php:23
actionwc4bp_xprofile_tmpga_registerincludes\wc4bp-xprofile-required.php:31
actionin_admin_footerincludes\wc4bp-xprofile-required.php:32
actioninitloader.php:72
actioninitloader.php:73
actionwc4bp_initloader.php:125
Maintenance & Trust

BuddyPress xProfile Checkout Manager for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9
Last updatedMay 19, 2023
PHP min version
Downloads15K

Community Trust

Rating74/100
Number of ratings3
Active installs70
Alternatives

BuddyPress xProfile Checkout Manager for WooCommerce Alternatives

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

youzify

D
47

The best BuddyPress plugin for building online communities, user profile, social networks, and membership sites on WordPress with tons of features.

6K 1 unpatched
BuddyForms Moderation ( Former: Review Logic )

BuddyForms Moderation ( Former: Review Logic )

buddyforms-review

A
85

Create new drafts or pending reviews from new or published posts without changing the live version.

40 1 CVE
BuddyForms Form Elements for WooCommerce

BuddyForms Form Elements for WooCommerce

buddyforms-woocommerce-form-elements

A
85

Let your WooCommerce Vendors Manage there Products from the Frontend

20 No CVEs
BP Profile Search

BP Profile Search

bp-profile-search

A
95

Member search and member directories for BuddyPress and the BuddyBoss Platform.

6K 3 CVEs
Bulk Edit and Create User Profiles – WP Sheet Editor

Bulk Edit and Create User Profiles – WP Sheet Editor

bulk-edit-user-profiles-in-spreadsheet

A
100

Modern Bulk Editor for Users and Profiles, create and edit hundreds of users in a spreadsheet inside wp-admin. Quick edits.

1K 1 CVE
Developer Profile

BuddyPress xProfile Checkout Manager for WooCommerce Developer Profile

Themekraft

12 plugins · 5K total installs

69
trust score
Avg Security Score
85/100
Avg Patch Time
375 days
View full developer profile
Detection Fingerprints

How We Detect BuddyPress xProfile Checkout Manager for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woocommerce-buddypress-integration-xprofile-checkout-manager/admin/css/wc4bp-admin.css/wp-content/plugins/woocommerce-buddypress-integration-xprofile-checkout-manager/admin/js/wc4bp-admin.js/wp-content/plugins/woocommerce-buddypress-integration-xprofile-checkout-manager/assets/css/wc4bp-xprofile-checkout.css
Script Paths
/wp-content/plugins/woocommerce-buddypress-integration-xprofile-checkout-manager/admin/js/wc4bp-admin.js
Version Parameters
/wp-content/plugins/woocommerce-buddypress-integration-xprofile-checkout-manager/admin/css/wc4bp-admin.css?ver=/wp-content/plugins/woocommerce-buddypress-integration-xprofile-checkout-manager/admin/js/wc4bp-admin.js?ver=/wp-content/plugins/woocommerce-buddypress-integration-xprofile-checkout-manager/assets/css/wc4bp-xprofile-checkout.css?ver=

HTML / DOM Fingerprints

CSS Classes
wc4bp-xprofile-conditional-fieldswc4bp-xprofile-checkout-manager-settings
HTML Comments
<!-- WC4BP xProfile fields -->
Data Attributes
data-xprofile-group-iddata-conditional-visibility-enabled
JS Globals
wc4bp_xprofile_admin_params
FAQ

Frequently Asked Questions about BuddyPress xProfile Checkout Manager for WooCommerce