Does Grid have any unpatched vulnerabilities?

No. All known vulnerabilities in Grid have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Grid compatible with WordPress 5.9.13?

According to WordPress.org data, Grid 2.3.2 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

How often is Grid updated?

Grid was last updated on Dec 21, 2025. Frequent updates are generally a positive security signal.

What is Grid's security score?

Grid has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Grid Security & Risk Analysis

wordpress.org/plugins/grid

Grid is a containerist landingpage editor.

70 active installs v2.3.2 PHP + WP 4.0+ Updated Dec 21, 2025

admincontaineristeditorlandingpagepage

A · Safe

CVEs total1

Unpatched0

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is Grid Safe to Use in 2026?

Generally Safe

Score 99/100

Grid has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 22, 2025Updated 3mo ago

Risk Assessment

The 'grid' plugin v2.3.2 presents a mixed security posture. While it shows strengths in avoiding dangerous functions, file operations, and critical taint flows, significant concerns exist regarding its entry points and handling of SQL queries and output. The presence of two AJAX handlers without authentication checks creates a considerable attack surface that could be exploited by unauthenticated users. Furthermore, only 11% of SQL queries use prepared statements, and a mere 30% of output is properly escaped, indicating a high risk of SQL injection and Cross-Site Scripting (XSS) vulnerabilities. The vulnerability history, while showing no currently unpatched CVEs, includes one medium-severity vulnerability, which, combined with the static analysis findings, suggests a pattern of potential security weaknesses. The plugin's strengths lie in its lack of bundled libraries and the use of nonces and capability checks on some functionalities, but these are overshadowed by the critical unauthenticated entry points and the poor practices in handling sensitive data operations.

Key Concerns

Unprotected AJAX handlers
Low percentage of prepared SQL statements
Low percentage of properly escaped output
Medium severity vulnerability in history

Vulnerabilities

Grid Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-58657medium · 4.3Cross-Site Request Forgery (CSRF)

Grid <= 2.3.1 - Cross-Site Request Forgery

Sep 22, 2025 Patched in 2.3.2 (107d)

Code Analysis

Analyzed Mar 16, 2026

Grid Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

34 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

11% prepared9 total queries

Output Escaping

30% escaped113 total outputs

Data Flows

11 unsanitized

Data Flow Analysis

11 flows11 with unsanitized paths

edit_reuse_box (classes\ReuseBox.php:34)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Grid Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_gridfrontendCSSclasses\TheGrid.php:23

noprivwp_ajax_gridfrontendCSSclasses\TheGrid.php:24

WordPress Hooks 32

filtergrid_boxes_searchclasses\Boxes.php:33

filterposts_whereclasses\Boxes.php:35

actioninitclasses\Component\Plugin.php:31

actionadmin_menuclasses\ContainerFactory.php:15

filterpost_row_actionsclasses\Copy.php:23

filterpage_row_actionsclasses\Copy.php:24

actionadd_meta_boxesclasses\MetaBoxes.php:19

actionsave_postclasses\MetaBoxes.php:20

filterbody_classclasses\Post.php:18

actionthe_postclasses\Post.php:22

filterthe_contentclasses\Post.php:26

filterget_the_excerptclasses\Post.php:33

filterget_the_excerptclasses\Post.php:34

filterthe_contentclasses\Post.php:203

actionadmin_menuclasses\Privileges.php:23

actionadmin_menuclasses\ReuseBox.php:15

actionadmin_menuclasses\ReuseContainer.php:15

actionadmin_bar_menuclasses\Settings.php:22

actionadmin_menuclasses\Settings.php:23

actionadmin_initclasses\Settings.php:24

actionadmin_menuclasses\Styles.php:15

actionadmin_menuclasses\TheGrid.php:21

filterpost_row_actionsclasses\TheGrid.php:26

filterpage_row_actionsclasses\TheGrid.php:27

actionadmin_noticesclasses\Update.php:32

filterget_pagespublic-functions.php:121

actionwp_enqueue_scriptswordpress_plugin.php:194

actioninitwordpress_plugin.php:196

actionadmin_head-options-reading.phpwordpress_plugin.php:198

actionpre_get_postswordpress_plugin.php:199

actiongrid_grid_editor_styles_getwordpress_plugin.php:201

actiongrid_styles_editor_postwordpress_plugin.php:202

Maintenance & Trust

Grid Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedDec 21, 2025

PHP min version

Downloads41K

Community Trust

Rating76/100

Number of ratings4

Active installs70

Alternatives

Grid Alternatives

Grid Social Boxes

grid-social-boxes

Additional boxes for Grid Plugin

10 No CVEs

WP Table Tag Gen

wp-table-tag-gen

This plugin generates table tags with simple operations.

200 No CVEs

Admin Posts Navigation

admin-posts-navigation

100

Navigate between posts and pages without returning to the post list. Works with Classic Editor, Gutenberg, and all Custom Post Types.

80 No CVEs

Admin Setting

admin-setting

With Admin Setting you can easily customize the WordPress admin menu and toolbar and customize the admin and login interfaces Admin Setting provides a …

10 No CVEs

Elementor Website Builder – More Than Just a Page Builder

elementor

The Elementor Website Builder has it all: drag and drop page builder, pixel perfect design, mobile responsive editing, and more. Get started now!

10.0M 45 CVEs

Developer Profile

Grid Developer Profile

EdwardBock

22 plugins · 2K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

107 days

View full developer profile

Detection Fingerprints

How We Detect Grid

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/grid/core/css//wp-content/plugins/grid/core/js//wp-content/plugins/grid/editor/css//wp-content/plugins/grid/editor/js//wp-content/plugins/grid/frontend/css//wp-content/plugins/grid/frontend/js//wp-content/plugins/grid/admin/css//wp-content/plugins/grid/admin/js/

Script Paths

/wp-content/plugins/grid/core/js/grid.js/wp-content/plugins/grid/editor/js/grid-editor.js/wp-content/plugins/grid/frontend/js/grid-frontend.js

Version Parameters

grid/core/js/grid.js?ver=grid/editor/js/grid-editor.js?ver=grid/frontend/js/grid-frontend.js?ver=grid/core/css/grid.css?ver=grid/editor/css/grid-editor.css?ver=grid/frontend/css/grid-frontend.css?ver=

HTML / DOM Fingerprints

CSS Classes

grid-editor-containergrid-editor-slotgrid-editor-drag-handlergrid-rowgrid-columngrid-container

HTML Comments

grid editor: containergrid editor: slot

Data Attributes

data-grid-iddata-grid-container-iddata-grid-slot-iddata-grid-container-classdata-grid-container-styledata-grid-slot-class+1 more

JS Globals

grid_editor_configgrid_frontend_data

REST Endpoints

/wp-json/grid/v1/get_grid//wp-json/grid/v1/save_grid//wp-json/grid/v1/delete_grid//wp-json/grid/v1/get_containers//wp-json/grid/v1/save_container//wp-json/grid/v1/delete_container//wp-json/grid/v1/get_slots//wp-json/grid/v1/save_slot//wp-json/grid/v1/delete_slot/

Shortcode Output

<div class="grid-container<div class="grid-row<div class="grid-column

FAQ