Does WPGraphQL BuddyPress have any unpatched vulnerabilities?

No. All known vulnerabilities in WPGraphQL BuddyPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WPGraphQL BuddyPress compatible with WordPress 6.5.8?

According to WordPress.org data, WPGraphQL BuddyPress 0.1.2 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

Is WPGraphQL BuddyPress compatible with PHP 8.0+?

WPGraphQL BuddyPress requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WPGraphQL BuddyPress updated?

WPGraphQL BuddyPress was last updated on Dec 13, 2025. Frequent updates are generally a positive security signal.

What is WPGraphQL BuddyPress's security score?

WPGraphQL BuddyPress has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPGraphQL BuddyPress Security & Risk Analysis

wordpress.org/plugins/wp-graphql-buddypress

Get together safely, in your own way, in WordPress.

10 active installs v0.1.2 PHP 8.0+ WP 6.1+ Updated Dec 13, 2025

buddypresscommunitygraphqlwp-graphql

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WPGraphQL BuddyPress Safe to Use in 2026?

Generally Safe

Score 100/100

WPGraphQL BuddyPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "wp-graphql-buddypress" v0.1.2 plugin exhibits an excellent security posture based on the provided static analysis and vulnerability history. The absence of any identified dangerous functions, raw SQL queries, file operations, or external HTTP requests is a significant strength. Furthermore, all identified outputs are properly escaped, and the code includes capability checks, demonstrating good secure coding practices.

The lack of any identified taint flows, or any previously recorded vulnerabilities, suggests a well-maintained and secure codebase. The minimal attack surface, with zero unprotected entry points, further reinforces this positive assessment. While the absence of nonce checks on AJAX handlers is noted, this is less of a concern given that there are no AJAX handlers present in the first place.

In conclusion, "wp-graphql-buddypress" v0.1.2 appears to be a highly secure plugin. Its strengths lie in its clean code signals, absence of known vulnerabilities, and minimal attack surface. The only potential area for slight improvement, albeit theoretical due to the absence of specific features, would be a more granular capability check system if the plugin were to expand its functionality in the future.

Vulnerabilities

None known

WPGraphQL BuddyPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WPGraphQL BuddyPress Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

139 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped139 total outputs

Attack Surface

WPGraphQL BuddyPress Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 13

filterbp_after_cover_image_upload_dir_parse_argssrc\Data\AttachmentHelper.php:136

filterbp_attachments_current_user_cansrc\Data\AttachmentHelper.php:373

filterbp_activity_maybe_truncate_entrysrc\Type\ObjectType\ActivityType.php:191

actiongraphql_register_typessrc\TypeRegistry.php:110

filtergraphql_data_loaderssrc\TypeRegistry.php:119

filtergraphql_interface_resolve_typesrc\TypeRegistry.php:122

filtergraphql_pre_resolve_urisrc\TypeRegistry.php:149

filterregister_taxonomy_argssrc\TypeRegistry.php:239

filtergraphql_object_visibilitysrc\TypeRegistry.php:262

actionadmin_noticeswp-graphql-buddypress.php:151

filtermap_meta_capwp-graphql-buddypress.php:197

filteruser_has_capwp-graphql-buddypress.php:243

actiongraphql_initwp-graphql-buddypress.php:303

Maintenance & Trust

WPGraphQL BuddyPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedDec 13, 2025

PHP min version8.0

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WPGraphQL BuddyPress Alternatives

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

youzify

The best BuddyPress plugin for building online communities, user profile, social networks, and membership sites on WordPress with tons of features.

6K 1 unpatched

BuddyPress Builder for Elementor – BuddyBuilder

stax-buddy-builder

BuddyPress builder for Elementor — design member profiles, group pages, activity feeds and directories with drag & drop.

1K 3 CVEs

RumbleTalk Live Group Chat – HTML5

rumbletalk-chat-a-chat-with-themes

Live group chat plugin for WordPress. Integrate it into your website in minutes. Create one or multiple rooms effortlessly.

800 3 CVEs

BP Search Block

bp-search-block

The BP Search Block is a BuddyPress Block to search for the content shared into your community site!

600 No CVEs

Wbcom Designs – Birthday Widget for BuddyPress

birthday-widget-for-buddypress

100

Display upcoming birthdays of BuddyPress members with a beautiful, responsive widget that integrates seamlessly with any WordPress theme.

400 No CVEs

Developer Profile

WPGraphQL BuddyPress Developer Profile

Renato Alves

2 plugins · 20 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WPGraphQL BuddyPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

/wp-content/plugins/wp-graphql-buddypress/vendor/autoload.php

HTML / DOM Fingerprints

JS Globals

is_graphql_request

FAQ