WP-Safety

JetGridBuilder — Grid Builder for Elementor and Gutenberg Security & Risk Analysis

wordpress.org/plugins/jetgridbuilder

JetGridBuilder plugin for Elementor and Gutenberg free addon for creating wow-grids on your website. Forget about the limits of premade layouts.

5K active installs v1.1.5 PHP 7.2+ WP 5.4+ Updated Nov 29, 2024
custom-post-gridgridjustify-layoutmasonry-layoutposts-grid
90
A · Safe
CVEs total1
Unpatched0
Last CVEAug 9, 2024
Plugin page Download
Safety Verdict

Is JetGridBuilder — Grid Builder for Elementor and Gutenberg Safe to Use in 2026?

Generally Safe

Score 90/100

JetGridBuilder — Grid Builder for Elementor and Gutenberg has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 9, 2024Updated 1yr ago
Risk Assessment

The static analysis of jetgridbuilder v1.1.5 reveals a generally strong security posture in its code. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events without authentication checks significantly limits the plugin's attack surface. Furthermore, the code demonstrates good practices by avoiding dangerous functions, performing file operations, or making external HTTP requests. The use of prepared statements for all SQL queries is a significant strength, mitigating the risk of SQL injection vulnerabilities. Taint analysis also shows no critical or high-severity unsanitized flows. However, there are areas for concern. A notable weakness is the moderate percentage (60%) of properly escaped output, indicating that 40% of output operations may be vulnerable to Cross-Site Scripting (XSS) if user-supplied data is not sufficiently sanitized before display.

The plugin's vulnerability history, with one past high-severity CVE related to PHP Remote File Inclusion (RFI), is a significant red flag. Although this vulnerability is currently patched, the nature of RFI vulnerabilities can be severe and indicate potential weaknesses in how the plugin handles file inclusion logic. The fact that the last vulnerability was recent (August 2024) suggests a pattern of past security issues that require careful monitoring and ongoing scrutiny. While the current version's code analysis shows no immediate RFI-related issues, the historical pattern warrants caution and emphasizes the need for continued vigilance.

In conclusion, jetgridbuilder v1.1.5 exhibits strengths in its limited attack surface and secure handling of database operations and external interactions. However, the moderate output escaping and, more importantly, the history of a high-severity RFI vulnerability, introduce significant risks. While the current code appears to address past issues, the historical pattern suggests that developers should remain attentive to security best practices and potential future vulnerabilities, particularly around file handling and output sanitization.

Key Concerns

  • Moderate output escaping (60%)
  • History of 1 high-severity CVE (RFI)
Vulnerabilities
1

JetGridBuilder — Grid Builder for Elementor and Gutenberg Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2024-43221high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

JetGridBuilder <= 1.1.2 - Authenticated (Contributor+) Local File Inclusion

Aug 9, 2024 Patched in 1.1.3 (5d)
Code Analysis
Analyzed Mar 16, 2026

JetGridBuilder — Grid Builder for Elementor and Gutenberg Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
14
21 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

60% escaped35 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<class-taxonomy-thumbnail> (admin\class-taxonomy-thumbnail.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

JetGridBuilder — Grid Builder for Elementor and Gutenberg Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 14
actionload-term.phpadmin\class-taxonomy-thumbnail.php:24
actionedited_termadmin\class-taxonomy-thumbnail.php:25
actionadmin_enqueue_scriptsadmin\class-taxonomy-thumbnail.php:38
actionrest_api_initincludes\api.php:21
actionwp_enqueue_scriptsincludes\assets.php:25
actionelementor/editor/after_enqueue_scriptsincludes\assets.php:26
actionenqueue_block_editor_assetsincludes\assets.php:27
actionelementor/widgets/widgets_registeredincludes\elementor-manager.php:21
actionelementor/initincludes\elementor-manager.php:22
actioninitincludes\gutenberg-manager.php:21
actionafter_setup_themeincludes\plugin.php:38
actioninitincludes\plugin.php:40
actionadmin_noticesjet-grid-builder.php:36
actionadmin_noticesjet-grid-builder.php:38
Maintenance & Trust

JetGridBuilder — Grid Builder for Elementor and Gutenberg Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedNov 29, 2024
PHP min version7.2
Downloads163K

Community Trust

Rating56/100
Number of ratings5
Active installs5K
Alternatives

JetGridBuilder — Grid Builder for Elementor and Gutenberg Alternatives

AnWP Post Grid and Post Carousel Slider for Elementor

AnWP Post Grid and Post Carousel Slider for Elementor

anwp-post-grid-for-elementor

A
92

Easily create awesome post grids and post carousel sliders. Different widget types, powerful filters, "load more" button and many customizab &hellip;

20K No CVEs
Latest Post Shortcode

Latest Post Shortcode

latest-post-shortcode

A
98

The "Latest Post Shortcode" allows you to create a dynamic content selection from your posts by combining, limiting, and filtering what you need.

4K 2 CVEs
Post Sliders & Post Grids

Post Sliders & Post Grids

post-slider-carousel

A
100

Post Slider & Grid is beautiful responsive post thumbnail image slider and also support post grid display.It support post exclusion/inclusion, Cat &hellip;

1K 1 CVE
Simple Masonry Layout

Simple Masonry Layout

simple-masonry-layout

A
85

With simple shortcode, Masonry Layout in action.

1K No CVEs
Bokez – WordPress 5 Blocks

Bokez – WordPress 5 Blocks

bokez-awesome-gutenberg-blocks

A
85

Build a beautiful website in minutes with best 15 essential Wordpress blocks. Customizable and super easy to use.

90 No CVEs
Developer Profile

JetGridBuilder — Grid Builder for Elementor and Gutenberg Developer Profile

jetmonsters

33 plugins · 326K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
193 days
View full developer profile
Detection Fingerprints

How We Detect JetGridBuilder — Grid Builder for Elementor and Gutenberg

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/jetgridbuilder/includes/assets/css/frontend.css/wp-content/plugins/jetgridbuilder/includes/assets/css/backend.css/wp-content/plugins/jetgridbuilder/includes/assets/js/frontend.js/wp-content/plugins/jetgridbuilder/includes/assets/js/backend.js/wp-content/plugins/jetgridbuilder/admin/js/taxonomy-thumbnail.js/wp-content/plugins/jetgridbuilder/admin/css/taxonomy-thumbnail.css
Script Paths
/wp-content/plugins/jetgridbuilder/includes/assets/js/frontend.js/wp-content/plugins/jetgridbuilder/includes/assets/js/backend.js/wp-content/plugins/jetgridbuilder/admin/js/taxonomy-thumbnail.js
Version Parameters
jetgridbuilder/includes/assets/css/frontend.css?ver=jetgridbuilder/includes/assets/css/backend.css?ver=jetgridbuilder/includes/assets/js/frontend.js?ver=jetgridbuilder/includes/assets/js/backend.js?ver=jetgridbuilder/admin/js/taxonomy-thumbnail.js?ver=jetgridbuilder/admin/css/taxonomy-thumbnail.css?ver=

HTML / DOM Fingerprints

CSS Classes
jgb-grid-wrapperjet-grid-builder-grid
HTML Comments
<!-- Jet Grid Builder -->
Data Attributes
data-jgb-term-thumbnail-iddata-jgb-post-thumbnail-id
JS Globals
jetGridBuilderFrontend
REST Endpoints
/wp-json/jetgridbuilder/v1/get-terms-data
Shortcode Output
[jet_grid_builder]
FAQ

Frequently Asked Questions about JetGridBuilder — Grid Builder for Elementor and Gutenberg