Does Build a House have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Build a House compatible with WordPress 6.8.5?

According to WordPress.org data, Build a House 1.0.9 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Build a House compatible with PHP 8.0+?

Build a House requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Build a House updated?

Build a House was last updated on Jul 4, 2025. Frequent updates are generally a positive security signal.

What is Build a House's security score?

Build a House has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Build a House Security & Risk Analysis

wordpress.org/plugins/build-a-house

Easily track and manage your house construction expenses step-by-step, from permits to finishing touches, all within your WordPress dashboard.

0 active installs v1.0.9 PHP 8.0+ WP 6.0+ Updated Jul 4, 2025

budgetingbuildingconstructionexpensesproject-management

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Build a House Safe to Use in 2026?

Generally Safe

Score 100/100

Build a House has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago

Risk Assessment

The 'build-a-house' plugin version 1.0.9 exhibits a generally good security posture with several positive indicators. The absence of any known CVEs, critical taint flows, raw SQL queries, file operations, or external HTTP requests is commendable. Furthermore, the high percentage of properly escaped outputs and the presence of nonce and capability checks suggest a developer who is mindful of common security pitfalls. The use of prepared statements for SQL queries is a strong defense against SQL injection. The bundled Select2 library is also a common and generally safe component.

However, a significant concern arises from the static analysis revealing one unprotected AJAX handler out of a total of four entry points. This presents a direct attack vector that could be exploited if this AJAX handler performs sensitive operations or exposes information without proper authorization. While the taint analysis did not reveal any unsanitized paths, the unprotected AJAX handler is a potential blind spot that requires immediate attention and mitigation.

In conclusion, the plugin demonstrates a good foundation in secure coding practices, particularly regarding data handling and preventing common web vulnerabilities. The primary weakness lies in an exposed AJAX endpoint. Addressing this specific oversight is crucial to further strengthen the plugin's security and achieve a robust security profile. The lack of past vulnerabilities is positive but should not breed complacency, especially with the identified unprotected entry point.

Key Concerns

Unprotected AJAX handler

Vulnerabilities

None known

Build a House Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Build a House Release Timeline

v1.0.9Current

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 17, 2026

Build a House Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

254 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

Output Escaping

93% escaped272 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

update_taxonomy_options (includes\iworks\options\options.php:1485)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Build a House Attack Surface

Entry Points4

Unprotected1

AJAX Handlers 4

authwp_ajax_iworks_build_a_house_details_contractorincludes\iworks\build-a-house\posttypes\class-iworks-build-a-house-contractor.php:82

authwp_ajax_iworks_build_a_house_expences_listincludes\iworks\build-a-house\posttypes\class-iworks-build-a-house-expence.php:64

authwp_ajax_iworks_build_a_house_breakdowns_importincludes\iworks\build-a-house\posttypes\class-iworks-build-a-house-expence.php:65

authwp_ajax_iworks_rate_buttonincludes\iworks\rate\rate.php:87

WordPress Hooks 40

actionmanage_posts_custom_columnincludes\iworks\build-a-house\posttypes\class-iworks-build-a-house-contractor.php:87

actionpre_get_postsincludes\iworks\build-a-house\posttypes\class-iworks-build-a-house-contractor.php:91

actionrestrict_manage_postsincludes\iworks\build-a-house\posttypes\class-iworks-build-a-house-contractor.php:95

actionmanage_posts_custom_columnincludes\iworks\build-a-house\posttypes\class-iworks-build-a-house-event.php:53

actionpre_get_postsincludes\iworks\build-a-house\posttypes\class-iworks-build-a-house-event.php:57

filterthe_contentincludes\iworks\build-a-house\posttypes\class-iworks-build-a-house-expence.php:48

actionmanage_posts_custom_columnincludes\iworks\build-a-house\posttypes\class-iworks-build-a-house-expence.php:53

actionpre_get_postsincludes\iworks\build-a-house\posttypes\class-iworks-build-a-house-expence.php:57

actionadmin_enqueue_scriptsincludes\iworks\build-a-house\posttypes\class-iworks-build-a-house-expence.php:73

filterwp_localize_script_build_a_house_adminincludes\iworks\build-a-house\posttypes\class-iworks-build-a-house-expence.php:74

actioninitincludes\iworks\build-a-house\posttypes\class-iworks-build-a-house-expence.php:78

actioninitincludes\iworks\build-a-house\posttypes.php:61

actionadmin_enqueue_scriptsincludes\iworks\build-a-house\posttypes.php:62

actioninitincludes\iworks\build-a-house\posttypes.php:63

actionsave_postincludes\iworks\build-a-house\posttypes.php:67

actionadmin_initincludes\iworks\build-a-house.php:56

actioninitincludes\iworks\build-a-house.php:57

actioninitincludes\iworks\build-a-house.php:58

actioninitincludes\iworks\build-a-house.php:59

actionwp_enqueue_scriptsincludes\iworks\build-a-house.php:60

actionwp_enqueue_scriptsincludes\iworks\build-a-house.php:61

filteriworks_rate_notice_logo_styleincludes\iworks\build-a-house.php:67

actionadmin_enqueue_scriptsincludes\iworks\build-a-house.php:73

actionadmin_enqueue_scriptsincludes\iworks\build-a-house.php:74

filterplugin_row_metaincludes\iworks\build-a-house.php:75

actionadmin_enqueue_scriptsincludes\iworks\options\options.php:88

actionadmin_headincludes\iworks\options\options.php:89

actionadmin_menuincludes\iworks\options\options.php:90

actionadmin_noticesincludes\iworks\options\options.php:91

filterscreen_layout_columnsincludes\iworks\options\options.php:92

actionload-index.phpincludes\iworks\rate\rate.php:85

actioniworks-register-pluginincludes\iworks\rate\rate.php:86

actionadmin_initincludes\iworks\rate\rate.php:88

filteriworks_rate_assistanceincludes\iworks\rate\rate.php:92

filteriworks_rate_loveincludes\iworks\rate\rate.php:93

filteriworks_rate_advertising_ogincludes\iworks\rate\rate.php:99

actionadmin_enqueue_scriptsincludes\iworks\rate\rate.php:164

actionadmin_noticesincludes\iworks\rate\rate.php:165

actionadmin_enqueue_scriptsincludes\iworks\rate\rate.php:174

actionadmin_noticesincludes\iworks\rate\rate.php:175

Maintenance & Trust

Build a House Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 4, 2025

PHP min version8.0

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Build a House Alternatives

Under Construction

under-construction-page

Easy to use Under Construction Page & Coming Soon Page. Enable Under Construction Mode in seconds & show you're Under Construction!

600K 3 CVEs

CMP – Coming Soon & Maintenance Plugin by NiteoThemes

cmp-coming-soon-maintenance

Beautiful Coming soon, Maintenance or Landing page on your website, packed with premium features for free.

200K 7 CVEs

Internal Link Juicer: SEO Auto Linker for WordPress

internal-links

Improve your SEO and your user experience through internal linkbuilding. Automated links between your posts based on a smart keyword configuration.

90K 2 CVEs

WP Maintenance

wp-maintenance

Create and customize your maintenance page

50K 7 CVEs

underConstruction

underconstruction

Creates a 'Coming Soon' page that will show for all users who are not logged in

40K 5 CVEs

Developer Profile

Build a House Developer Profile

Marcin Pietrzak

23 plugins · 89K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

274 days

View full developer profile

Detection Fingerprints

How We Detect Build a House

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/build-a-house/assets/build-a-house-admin.js/wp-content/plugins/build-a-house/assets/build-a-house-public.css/wp-content/plugins/build-a-house/assets/build-a-house-public.js/wp-content/plugins/build-a-house/build-a-house.css/wp-content/plugins/build-a-house/build-a-house.js

Script Paths

/wp-content/plugins/build-a-house/assets/build-a-house-admin.js/wp-content/plugins/build-a-house/assets/build-a-house-public.js

Version Parameters

build-a-house/build-a-house.css?ver=build-a-house/build-a-house.js?ver=build-a-house/assets/build-a-house-admin.js?ver=build-a-house/assets/build-a-house-public.css?ver=build-a-house/assets/build-a-house-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

iworks-type

HTML Comments

Data Attributes

data-sourcedata-nonce-action

JS Globals

build_a_house_admin_paramsiworks_build_a_house_public

REST Endpoints

/wp-json/build-a-house/v1/get-options/wp-json/build-a-house/v1/get-post-types/wp-json/build-a-house/v1/get-breakdowns

Shortcode Output

[build_a_house_expenses][build_a_house_budget][build_a_house_plan]

FAQ