Is "BuddyPress" safe?

WordPress Plugin security and safety information.

Rating: Good (current version safe) Recommendations

BuddyPress: Plugin Details

Type:	Plugin
Author:	The BuddyPress Community
URL:	https://wordpress.org/plugins/buddypress/
Latest Version:	14.3.3

BuddyPress: Security Information

Insecure versions:	Up To 14.1.0
Known since:	2024-10-30 02:00:38

Insecure versions:	Up To 12.5.0
Known since:	2024-10-29 15:30:10

Insecure versions:	Up To 12.4.0
Known since:	2024-06-11 12:30:23

Insecure versions:	Up To 11.3.1
Known since:	2024-01-05 02:00:29

Insecure versions:	Up To 9.0.0
Known since:	2021-08-18 18:00:58

Insecure versions:	Up To 9.0.0
Known since:	2021-08-18 18:00:25

Insecure versions:	Up To 7.2.1
Known since:	2021-04-14 13:36:04
Description:	Versions of BuddyPress before version 7.3.0 has a number of vulnerabilities allowing members to access and modify resources they should not have any access to using the REST API. Details: https://buddypress.org/2021/04/buddypress-7-3-0-maintenance-security-release/

Insecure versions:	Up To 7.2.0
Known since:	2021-03-18 10:54:17
Description:	The BuddyPress plugin versions prior to version 7.2.1 has multiple vulnerabilities in the BuddyPress REST API and some other parts of the plugin.

Insecure versions:	Up To 6.3.0
Known since:	2020-11-30 17:08:16

Insecure versions:	Up To 5.0.0
Known since:	2020-03-03 16:46:43

Insecure versions:	Up To 5.1.0
Known since:	2020-03-03 16:46:30

Insecure versions:	Up To 5.1.1
Known since:	2020-01-10 08:34:55
Description:	Certain REST API requests could result in the exposure of private data. https://buddypress.org/2020/01/buddypress-5-1-2/

Insecure versions:	Versions 2.0 - 2.7.3
Known since:	2017-01-19 23:50:24

Insecure versions:	Up To 1.2.9
Known since:	2015-11-25 04:38:31

Insecure versions:	Up To 1.5.4
Known since:	2015-11-25 04:38:30

Insecure versions:	Up To 2.3.4
Known since:	2015-11-18 09:19:21

Insecure versions:	Up To 1.2.9
Known since:	2014-06-02 21:12:09
Description:	BuddyPress 1.2.9 - groups/test-group/activity/ activity_ids Parameter SQL Injection

Insecure versions:	Up To 1.7.1
Known since:	2014-06-02 21:12:09
Description:	BuddyPress 1.7.1 - bp-core/bp-core-cache.php object_ids Parameter SQL Injection

Insecure versions:	Up To 1.7.1
Known since:	2014-06-02 21:12:09
Description:	BuddyPress 1.7.1 - bp-core/bp-core-filters.php user_ids Parameter SQL Injection

Insecure versions:	Up To 1.7.1
Known since:	2014-06-02 21:12:09
Description:	BuddyPress 1.7.1 - bp-core/bp-core-functions.php page_ids Parameter SQL Injection

Insecure versions:	Up To 1.7.1
Known since:	2014-06-02 21:12:09
Description:	BuddyPress 1.7.1 - bp-core/bp-core-classes.php Multiple Parameter SQL Injection

Insecure versions:	Up To 1.7.1
Known since:	2014-06-02 21:12:09
Description:	BuddyPress 1.7.1 - bp-friends/bp-friends-classes.php Multiple Parameter SQL Injection

Insecure versions:	Up To 1.7.1
Known since:	2014-06-02 21:12:09
Description:	BuddyPress 1.7.1 - bp-blogs-classes.php Multiple Parameter SQL Injection

Insecure versions:	Up To 1.7.1
Known since:	2014-06-02 21:12:09
Description:	BuddyPress 1.7.1 - bp-activity-classes.php Multiple Parameter SQL Injection

Insecure versions:	Up To 1.5.4
Known since:	2014-03-18 20:05:53
Description:	Buddypress <= 1.5.4 - wp-load.php exclude Parameter SQL Injection

Insecure versions:	Up To 1.9.1
Known since:	2014-03-18 20:05:53
Description:	Buddypress <= 1.9.1 - groups/create/step/group-details/ Group Name Field Stored XSS
More Information:
More Information:

Insecure versions:	Up To 1.9.1
Known since:	2014-03-18 20:05:53
Description:	Buddypress <= 1.9.1 - groups/create/step/group-details/ Group Name Field Stored XSS
More Information:
More Information:

BuddyPress: Safety Recommendations

We have rated BuddyPress as Good (current version safe) which means that we have found vulnerabilities in older versions.

We recommend that you only use the latest version of BuddyPress.

BuddyPress: Staying Up-to-date

Make sure your installation of BuddyPress is safe with the following free Jetpack services for WordPress sites:

Updates & Management
Turn on auto-updates for BuddyPress or manage in bulk.
Prevent Infiltrations
Automatic protection against brute force attacks and secure sign on.

Choose Your Plan

BuddyPress: Keeping Safe

If you're running a business, ecommerce, news, or other critical website, Jetpack also provides additional indispensable services:

Automated Backups
Full backup of your entire site with unlimited storage space.
Restores & Migrations
Restore or migrate your site from a backup with one click.
Security Scanning
Regular, automated scans of your site for malware, threats, and hacks.
Expert Support
Fast, priority support for any WordPress security issue.

Choose Your Plan

About this information

This WordPress security information is part of our security library and is brought to you by Jetpack as part of our committment to a safer WordPress experience.

If you have any questions, please do not hesitate to contact us.