BuddyPress Global Search is a separate plugin that enables you to use some better search-functions. This plugin has been abandoned for a while and could be a security risk on your site. A lot of people still use it – what version do you have of the plugin?
You could just “ignore” the warning within your WordFence control panel, since you already know having this plugin is in itself a risk to your site.
The latest version I’ve been able to find (and use myself) is the 1.2.1 version – also have this as local copy if your version is older than this and needs an update.
Yes, my current version is 1.2.1. If I don’t choose to “ignore” it in Wordfence, how can I fix this issue? Could it pose a security risk to the site?
@varunkamani it’s not that simple.
The vulnerability issue in this case is Cross Site Scripting (XSS).
This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site.
It is a known risk in general to use outdated and unsupported plugins on any site.
In order to “fix this” the plugin itself would need to be updated to reach the security standard. You can also look online for solutions to manage this, but it might not be the only vulnerability about the plugin itself. Like mentioned – old and outdated plugins are a risk.
You could check out this link:
Cross Site Scripting
A solution could also be to use a different plugin that is updated and supported.
What theme are you using?
@varunkamani
This might also be worth looking into (might be worth it).
Prevent XSS Vulnerability
Personally I use the following (PRO version) – depends on what you want from your site and what your budget is. 🙂
The PRO version uses Security Headers that offers XSS Protection and other cool features too.
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)
The site is using a child theme. Should I look for new and similar plugins to find a better solution?
Hey @GyziieDK, can you provide me with a solution for this topic?
Hello @varunkamani
I already gave you a few options to choose from, so in the end it’s up to you.
1. Ignore error and keep plugin
Keep the plugin and accept the fact that it comes with some issues and risks.
The risk itself is pretty low when it comes to the XSS since this is pretty common.
Like mentioned before, old and unsupported plugins do come with some risk.
2. Find a different plugin
Find a different plugin that is updated that can provide you with the features you need/want.
You can search on both WordPress.Org or other sites like Google, CodeCanyon etc.
https://wordpress.org/plugins/
3. Use a third party security plugin
Download and install a third party security plugin that can help prevent the XSS attacks on your site. This could be either free or paid/premium depending on your budget and needs.
4. Get a developer to help you update current plugin
If you insist on keeping the BuddyPress Global Search and you want it updated to fix its current issues, you’d need to pay a developer to help you update the plugin itself. This might not be the best solution long term, and I would also assume BuddyBoss themselves would update this if they felt it was necessary. The fact that they talked about updating it for the past 3 years and now left it abandoned tells me that it’s not a priority for them.
From a quick search on the forums, this topic has been up several times before for the past many years, so don’t expect an easy or “free” solution for this.
Hope it helps! 🙂
