WP-Safety

Front Page Builder Security & Risk Analysis

wordpress.org/plugins/front-page-builder

Easily build beautiful home pages. Easy to use with any theme.

60 active installs v1.0.2 PHP 5.6+ WP 4.8+ Updated Jun 6, 2018
builderfront-pagehome-page
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Front Page Builder Safe to Use in 2026?

Generally Safe

Score 85/100

Front Page Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "front-page-builder" v1.0.2 plugin exhibits a significant security concern due to its large, unprotected attack surface. All six identified AJAX handlers lack authentication checks, presenting a direct pathway for unauthenticated users to trigger potentially sensitive actions. While the plugin utilizes prepared statements for a majority of its SQL queries and has a decent percentage of properly escaped output, this is overshadowed by the lack of authorization on its entry points.

The presence of the `unserialize` function is a red flag, especially when combined with unprotected AJAX handlers. Without proper validation and sanitization, unserialization of user-controlled data can lead to Remote Code Execution vulnerabilities. The static analysis does not reveal any critical or high severity taint flows, which is a positive sign, but the potential for such flows exists given the presence of `unserialize` and the lack of input validation on AJAX endpoints.

The plugin's vulnerability history is clean, with no recorded CVEs. This suggests that, historically, it may have been developed with some security considerations or that it hasn't been extensively targeted or analyzed for deep vulnerabilities. However, the current static analysis results indicate a concerning posture that could easily lead to future vulnerabilities if not addressed. The absence of capability checks on its AJAX handlers is a critical oversight. The plugin has a single recorded nonce check, which is insufficient given the number of unprotected AJAX handlers.

Key Concerns

  • 6 unprotected AJAX handlers
  • Presence of unserialize function
  • 0 capability checks on AJAX handlers
  • 1 nonce check for 6 AJAX handlers
  • Bundled library Select2 (potential for outdated versions)
Vulnerabilities
None known

Front Page Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Front Page Builder Code Analysis

Dangerous Functions
3
Raw SQL Queries
1
2 prepared
Unescaped Output
134
241 escaped
Nonce Checks
1
Capability Checks
0
File Operations
3
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

unserialize$options = unserialize(file_get_contents($_FILES["file"]["tmp_name"]));include\backup.php:30
unserializeupdate_option($option->option_name, unserialize($option->option_value));include\backup.php:33
unserialize$options = unserialize($this->_get_options());include\backup.php:68

Bundled Libraries

Select2

SQL Query Safety

67% prepared3 total queries

Output Escaping

64% escaped375 total outputs
Attack Surface
6 unprotected

Front Page Builder Attack Surface

Entry Points6
Unprotected6

AJAX Handlers 6

authwp_ajax_kirki_dynamic_cssinclude\framework\modules\css\class-kirki-modules-css.php:170
noprivwp_ajax_kirki_dynamic_cssinclude\framework\modules\css\class-kirki-modules-css.php:171
authwp_ajax_kirki_fonts_google_all_getinclude\framework\modules\webfonts\class-kirki-fonts-google.php:84
noprivwp_ajax_kirki_fonts_google_all_getinclude\framework\modules\webfonts\class-kirki-fonts-google.php:85
authwp_ajax_kirki_fonts_standard_all_getinclude\framework\modules\webfonts\class-kirki-fonts-google.php:86
noprivwp_ajax_kirki_fonts_standard_all_getinclude\framework\modules\webfonts\class-kirki-fonts-google.php:87
WordPress Hooks 81
actionplugins_loadedfront-page-builder.php:22
actionwp_enqueue_scriptsfront-page-builder.php:40
filtertemplate_includefront-page-builder.php:74
actionadmin_menuinclude\backup.php:6
actioncustomize_controls_print_footer_scriptsinclude\framework\controls\class-kirki-controls.php:54
actionafter_setup_themeinclude\framework\core\class-kirki-init.php:33
actionwp_loadedinclude\framework\core\class-kirki-init.php:34
filterkirki_control_typesinclude\framework\core\class-kirki-init.php:35
actioncustomize_registerinclude\framework\core\class-kirki-init.php:37
actioncustomize_registerinclude\framework\core\class-kirki-init.php:38
actioncustomize_registerinclude\framework\core\class-kirki-init.php:39
actioncustomize_registerinclude\framework\core\class-kirki-init.php:126
actioncustomize_registerinclude\framework\core\class-kirki-init.php:127
actioncustomize_registerinclude\framework\core\class-kirki-init.php:128
actioncustomize_registerinclude\framework\core\class-kirki-init.php:129
actionplugins_loadedinclude\framework\core\class-kirki-l10n.php:44
filteroverride_load_textdomaininclude\framework\core\class-kirki-l10n.php:50
actioncustomize_controls_print_footer_scriptsinclude\framework\core\class-kirki-sections.php:25
filterhttp_request_argsinclude\framework\core\class-kirki-util.php:26
filterkirki_values_get_valueinclude\framework\core\class-kirki-values.php:29
filterkirki_configinclude\framework\deprecated\filters.php:4
filterkirki_control_typesinclude\framework\deprecated\filters.php:8
filterkirki_section_typesinclude\framework\deprecated\filters.php:12
filterkirki_section_types_excludeinclude\framework\deprecated\filters.php:16
filterkirki_control_types_excludeinclude\framework\deprecated\filters.php:20
filterkirki_controlsinclude\framework\deprecated\filters.php:24
filterkirki_fieldsinclude\framework\deprecated\filters.php:28
filterkirki_modulesinclude\framework\deprecated\filters.php:32
filterkirki_panel_typesinclude\framework\deprecated\filters.php:36
filterkirki_setting_typesinclude\framework\deprecated\filters.php:40
filterkirki_variableinclude\framework\deprecated\filters.php:44
filterkirki_values_get_valueinclude\framework\deprecated\filters.php:48
actioninitinclude\framework\deprecated\filters.php:52
filterkirki_enqueue_google_fontsinclude\framework\deprecated\filters.php:82
filterkirki_styles_arrayinclude\framework\deprecated\filters.php:86
filterkirki_dynamic_css_methodinclude\framework\deprecated\filters.php:90
filterkirki_postmessage_scriptinclude\framework\deprecated\filters.php:94
filterkirki_fonts_allinclude\framework\deprecated\filters.php:98
filterkirki_fonts_standard_fontsinclude\framework\deprecated\filters.php:102
filterkirki_fonts_backup_fontsinclude\framework\deprecated\filters.php:106
filterkirki_fonts_google_fontsinclude\framework\deprecated\filters.php:110
filterkirki_googlefonts_load_methodinclude\framework\deprecated\filters.php:114
actioncustomize_save_afterinclude\framework\modules\css\class-kirki-css-to-file.php:40
actioninitinclude\framework\modules\css\class-kirki-modules-css.php:99
actionwp_enqueue_scriptsinclude\framework\modules\css\class-kirki-modules-css.php:144
actioncustomize_save_afterinclude\framework\modules\css\class-kirki-modules-css.php:149
actionwp_enqueue_scriptsinclude\framework\modules\css\class-kirki-modules-css.php:161
actionwp_enqueue_scriptsinclude\framework\modules\css\class-kirki-modules-css.php:169
actionwp_enqueue_scriptsinclude\framework\modules\css\class-kirki-modules-css.php:176
actionwp_headinclude\framework\modules\css-vars\class-kirki-modules-css-vars.php:46
actioncustomize_preview_initinclude\framework\modules\css-vars\class-kirki-modules-css-vars.php:47
filterkirki_section_typesinclude\framework\modules\custom-sections\class-kirki-modules-custom-sections.php:42
filterkirki_panel_typesinclude\framework\modules\custom-sections\class-kirki-modules-custom-sections.php:44
actioncustomize_registerinclude\framework\modules\custom-sections\class-kirki-modules-custom-sections.php:46
actioncustomize_controls_enqueue_scriptsinclude\framework\modules\custom-sections\class-kirki-modules-custom-sections.php:48
actioncustomize_controls_print_scriptsinclude\framework\modules\customizer-branding\class-kirki-modules-customizer-branding.php:42
actioncustomize_controls_print_stylesinclude\framework\modules\customizer-styling\class-kirki-modules-customizer-styling.php:44
actioncustomize_controls_enqueue_scriptsinclude\framework\modules\field-dependencies\class-kirki-modules-field-dependencies.php:40
actioncustomize_controls_enqueue_scriptsinclude\framework\modules\icons\class-kirki-modules-icons.php:48
actioninitinclude\framework\modules\loading\class-kirki-modules-loading.php:33
actionwp_footerinclude\framework\modules\loading\class-kirki-modules-loading.php:70
actionwp_headinclude\framework\modules\loading\class-kirki-modules-loading.php:71
actioncustomize_preview_initinclude\framework\modules\post-meta\class-kirki-modules-post-meta.php:47
actioncustomize_controls_enqueue_scriptsinclude\framework\modules\post-meta\class-kirki-modules-post-meta.php:48
actionwp_enqueue_scriptsinclude\framework\modules\post-meta\class-kirki-modules-post-meta.php:70
actioncustomize_preview_initinclude\framework\modules\postmessage\class-kirki-modules-postmessage.php:48
actioncustomize_controls_print_footer_scriptsinclude\framework\modules\preset\class-kirki-modules-preset.php:40
actioncustomize_registerinclude\framework\modules\selective-refresh\class-kirki-modules-selective-refresh.php:34
actioncustomize_controls_print_footer_scriptsinclude\framework\modules\tooltips\class-kirki-modules-tooltips.php:49
actionwp_headinclude\framework\modules\webfont-loader\class-kirki-modules-webfont-loader.php:51
actionwp_headinclude\framework\modules\webfonts\class-kirki-modules-webfonts-async.php:70
actionwp_headinclude\framework\modules\webfonts\class-kirki-modules-webfonts-async.php:71
filterwp_resource_hintsinclude\framework\modules\webfonts\class-kirki-modules-webfonts-async.php:73
actionwp_footerinclude\framework\modules\webfonts\class-kirki-modules-webfonts-local.php:68
actionwp_loadedinclude\framework\modules\webfonts\class-kirki-modules-webfonts.php:54
filterfpb_default_optionsinclude\options\slider-options.php:372
filterpage_attributes_dropdown_pages_argstemplate-builder.php:28
filtertheme_page_templatestemplate-builder.php:34
filterwp_insert_post_datatemplate-builder.php:39
filtertemplate_includetemplate-builder.php:45
actionplugins_loadedtemplate-builder.php:120
Maintenance & Trust

Front Page Builder Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedJun 6, 2018
PHP min version5.6
Downloads8K

Community Trust

Rating100/100
Number of ratings1
Active installs60
Alternatives

Front Page Builder Alternatives

Black Studio Homepage Builder for Genesis

Black Studio Homepage Builder for Genesis

black-studio-homepage-builder

A
85

Customize the home page of Genesis framework child themes using Page Builder by SiteOrigin.

70 No CVEs
Elementor Website Builder – More Than Just a Page Builder

Elementor Website Builder – More Than Just a Page Builder

elementor

A
88

The Elementor Website Builder has it all: drag and drop page builder, pixel perfect design, mobile responsive editing, and more. Get started now!

10.0M 46 CVEs
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

A
88

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 14 CVEs
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

A
89

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 22 CVEs
Ultimate Addons for Elementor

Ultimate Addons for Elementor

header-footer-elementor

A
96

Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa …

2.0M 12 CVEs
Developer Profile

Front Page Builder Developer Profile

Themes4WP

14 plugins · 26K total installs

90
trust score
Avg Security Score
94/100
Avg Patch Time
22 days
View full developer profile
Detection Fingerprints

How We Detect Front Page Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/front-page-builder/css/style.css/wp-content/plugins/front-page-builder/css/bootstrap.min.css/wp-content/plugins/front-page-builder/css/flexslider.css/wp-content/plugins/front-page-builder/css/animate.min.css/wp-content/plugins/front-page-builder/css/font-awesome.min.css/wp-content/plugins/front-page-builder/js/bootstrap.min.js/wp-content/plugins/front-page-builder/js/customscript.js/wp-content/plugins/front-page-builder/js/jquery.flexslider-min.js
Script Paths
/wp-content/plugins/front-page-builder/js/customscript.js/wp-content/plugins/front-page-builder/js/jquery.flexslider-min.js
Version Parameters
front-page-builder/css/style.css?ver=1.0front-page-builder/js/customscript.js?ver=1.0

HTML / DOM Fingerprints

JS Globals
front_page_builder_optionsfpb_get_optionfpb_default
FAQ

Frequently Asked Questions about Front Page Builder