Is "BuddyPress" safe?

WordPress Plugin security and safety information.

Rating: Unsafe Recommendations

BuddyPress: Plugin Details


Type: Plugin
Author: The BuddyPress Community
URL: https://wordpress.org/plugins/buddypress/
Latest Version: 2.7.4

 

BuddyPress: Security Information


Insecure versions: All Versions
Known since: 2017-01-19 23:50:24


Insecure versions: Up To 1.2.9
Known since: 2015-11-25 04:38:31


Insecure versions: Up To 1.5.4
Known since: 2015-11-25 04:38:30


Insecure versions: Up To 2.3.4
Known since: 2015-11-18 09:19:21


Insecure versions: Up To 1.2.9
Known since: 2014-06-02 21:12:09
Description: BuddyPress 1.2.9 - groups/test-group/activity/ activity_ids Parameter SQL Injection


Insecure versions: Up To 1.7.1
Known since: 2014-06-02 21:12:09
Description: BuddyPress 1.7.1 - bp-core/bp-core-cache.php object_ids Parameter SQL Injection


Insecure versions: Up To 1.7.1
Known since: 2014-06-02 21:12:09
Description: BuddyPress 1.7.1 - bp-core/bp-core-filters.php user_ids Parameter SQL Injection


Insecure versions: Up To 1.7.1
Known since: 2014-06-02 21:12:09
Description: BuddyPress 1.7.1 - bp-core/bp-core-functions.php page_ids Parameter SQL Injection


Insecure versions: Up To 1.7.1
Known since: 2014-06-02 21:12:09
Description: BuddyPress 1.7.1 - bp-core/bp-core-classes.php Multiple Parameter SQL Injection


Insecure versions: Up To 1.7.1
Known since: 2014-06-02 21:12:09
Description: BuddyPress 1.7.1 - bp-friends/bp-friends-classes.php Multiple Parameter SQL Injection


Insecure versions: Up To 1.7.1
Known since: 2014-06-02 21:12:09
Description: BuddyPress 1.7.1 - bp-blogs-classes.php Multiple Parameter SQL Injection


Insecure versions: Up To 1.7.1
Known since: 2014-06-02 21:12:09
Description: BuddyPress 1.7.1 - bp-activity-classes.php Multiple Parameter SQL Injection


Insecure versions: Up To 1.5.4
Known since: 2014-03-18 20:05:53
Description: Buddypress <= 1.5.4 - wp-load.php exclude Parameter SQL Injection


Insecure versions: Up To 1.9.1
Known since: 2014-03-18 20:05:53
Description: Buddypress <= 1.9.1 - groups/create/step/group-details/ Group Name Field Stored XSS
More Information:
More Information:


Insecure versions: Up To 1.9.1
Known since: 2014-03-18 20:05:53
Description: Buddypress <= 1.9.1 - Crafted bp_new_group_id Cookie Arbitrary Group Manipulation
More Information:
More Information:


 

BuddyPress: Safety Recommendations


We have rated BuddyPress as Unsafe which means that the current version has vulnerabilities.

We recommend that until an update is released do not use BuddyPress.

BuddyPress: Staying Up-to-date


Make sure your installation of BuddyPress is safe with the following free Jetpack services for WordPress sites:
  • Updates & Management
    Turn on auto-updates for BuddyPress or manage in bulk.
  • Prevent Infiltrations
    Automatic protection against brute force attacks and secure sign on.

Choose Your Plan

BuddyPress: Keeping Safe


If you're running a business, ecommerce, news, or other critical website, Jetpack also provides additional indispensable services:
  • Automated Backups
    Full backup of your entire site with unlimited storage space.
  • Restores & Migrations
    Restore or migrate your site from a backup with one click.
  • Security Scanning
    Regular, automated scans of your site for malware, threats, and hacks.
  • Expert Support
    Fast, priority support for any WordPress security issue.

Choose Your Plan

About this information


This WordPress security information is part of our security library and is brought to you by Jetpack as part of our committment to a safer WordPress experience.

If you have any questions, please do not hesitate to contact us.