Does WP phpBB Bridge have any unpatched vulnerabilities?

No. All known vulnerabilities in WP phpBB Bridge have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP phpBB Bridge compatible with WordPress 3.3.2?

According to WordPress.org data, WP phpBB Bridge 2.0.7 has been tested up to WordPress 3.3.2. Check the plugin's changelog for the latest compatibility information.

How often is WP phpBB Bridge updated?

WP phpBB Bridge was last updated on Oct 27, 2012. Frequent updates are generally a positive security signal.

What is WP phpBB Bridge's security score?

WP phpBB Bridge has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP phpBB Bridge Security & Risk Analysis

wordpress.org/plugins/wp-phpbb-bridge

Shares user authentication with phpBB3, by forcing phbBB to handle all the authentication.

20 active installs v2.0.7 PHP + WP 3.0.4+ Updated Oct 27, 2012

bridgeconnectionintegrationphpbbwordpress

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP phpBB Bridge Safe to Use in 2026?

Generally Safe

Score 85/100

WP phpBB Bridge has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The wp-phpbb-bridge v2.0.7 plugin exhibits a concerning security posture due to a significant number of unprotected AJAX handlers, presenting a broad attack surface. While the plugin demonstrates good practices by using prepared statements for all SQL queries and shows no recorded vulnerability history, the lack of proper output escaping for a large percentage of its outputs is a critical weakness. This could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled securely before being displayed.

The presence of dangerous functions like `unserialize` and `create_function` further amplifies the risk, especially when combined with unprotected entry points. The taint analysis showing flows with unsanitized paths, although not classified as critical or high severity, warrants attention. The absence of capability checks and a single nonce check on AJAX handlers, coupled with a high number of unprotected AJAX handlers, strongly suggests potential for unauthorized actions and privilege escalation if these entry points can be triggered with malicious input.

In conclusion, while the plugin benefits from a clean vulnerability history and secure database interactions, the numerous unprotected AJAX endpoints, lack of output escaping, and use of dangerous functions create a substantial risk. These factors, if exploited, could lead to severe security breaches. Addressing the output escaping and securing the AJAX handlers should be the highest priority.

Key Concerns

6 AJAX handlers without auth checks
0% output escaping properly
Dangerous functions: unserialize, create_function
6 flows with unsanitized paths
0 capability checks
1 Nonce check on 6 AJAX handlers

Vulnerabilities

None known

WP phpBB Bridge Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP phpBB Bridge Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

240

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializeif(!in_array($current_user->data->ID, (array)unserialize(get_option('wpbb_users_posting'))) && $postinc\wpbb_functions.php:518

unserialize$forum_categories = unserialize(get_option('wpbb_forums_categories'));inc\wpbb_functions.php:529

unserialize$forums_categories = unserialize(get_option('wpbb_forums_categories', ''));wp_phpbb_bridge.php:86

create_functioncreate_function(wp_phpbb_bridge.php:185

create_functioncreate_function(wp_phpbb_bridge.php:197

create_functioncreate_function(wp_phpbb_bridge.php:209

create_functioncreate_function(wp_phpbb_bridge.php:221

SQL Query Safety

100% prepared6 total queries

Output Escaping

0% escaped240 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

8 flows6 with unsanitized paths

widget (inc\widgets\wpbb_users_widget.php:84)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

WP phpBB Bridge Attack Surface

Entry Points6

Unprotected6

AJAX Handlers 6

authwp_ajax_save_forumswp_phpbb_bridge.php:144

authwp_ajax_save_authorswp_phpbb_bridge.php:145

authwp_ajax_do_wvwp_phpbb_bridge.php:158

noprivwp_ajax_do_wvwp_phpbb_bridge.php:159

authwp_ajax_get_infowp_phpbb_bridge.php:160

noprivwp_ajax_get_infowp_phpbb_bridge.php:161

WordPress Hooks 18

actionadmin_menuinc\wpbb_admin.php:142

filterget_avatarinc\wpbb_functions.php:191

actionplugins_loadedwp_phpbb_bridge.php:29

actionadmin_noticeswp_phpbb_bridge.php:82

actionwp_insert_postwp_phpbb_bridge.php:90

actionwp_headwp_phpbb_bridge.php:155

actioninitwp_phpbb_bridge.php:165

actioninitwp_phpbb_bridge.php:166

actioninitwp_phpbb_bridge.php:167

actioninitwp_phpbb_bridge.php:168

actionwp_headwp_phpbb_bridge.php:170

actiongenerate_rewrite_ruleswp_phpbb_bridge.php:173

filterquery_varswp_phpbb_bridge.php:175

actiontemplate_redirectwp_phpbb_bridge.php:177

actionwidgets_initwp_phpbb_bridge.php:183

actionwidgets_initwp_phpbb_bridge.php:195

actionwidgets_initwp_phpbb_bridge.php:207

actionwidgets_initwp_phpbb_bridge.php:219

Maintenance & Trust

WP phpBB Bridge Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2

Last updatedOct 27, 2012

PHP min version

Downloads36K

Community Trust

Rating52/100

Number of ratings11

Active installs20

Alternatives

WP phpBB Bridge Alternatives

BridgeDD

bridgedd

BridgeDD has been discontinued.

10 No CVEs

Edwiser Bridge – WordPress Moodle Integration

edwiser-bridge

Edwiser Bridge integrates WordPress with Moodle LMS & provides an easy option to import and sell Moodle courses using WordPress.

5K 7 CVEs

Event Tickets Manager for WooCommerce

event-tickets-manager-for-woocommerce

100

Use this powerful WordPress event plugin to create and sell events, manage tickets, check-ins, recurring schedules, venues, and attendee details with …

1K No CVEs

WP Gravity Forms Salesforce

gf-salesforce-crmperks

Gravity Forms Salesforce Add-on sends Gravity forms entries to salesforce CRM.

1K 3 CVEs

Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms

integration-for-contact-form-7-and-google-sheets

Send Contact Form 7, WPForms, Elementor, Ninja Forms, Contact Form Entries Plugin and many other contact form submissions to Google Sheets.

1K 2 CVEs

Developer Profile

WP phpBB Bridge Developer Profile

Nikos Merianos

1 plugin · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP phpBB Bridge

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-phpbb-bridge/css/wpbb_style.css/wp-content/plugins/wp-phpbb-bridge/js/wpbb_script.js

Script Paths

/wp-content/plugins/wp-phpbb-bridge/js/wpbb_script.js

Version Parameters

wp-phpbb-bridge/css/wpbb_style.css?ver=wp-phpbb-bridge/js/wpbb_script.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpbb-users-widgetwpbb-links-widgetwpbb-meta-widgetwpbb-topics-widget

Data Attributes

data-wpbb_noncedata-wpbb_ajax_url

JS Globals

wpbb_noncewpbb_ajax_url

REST Endpoints

/wp-json/wpbb_is_key_valid/wp-json/ajax_get_info

FAQ