WP-Safety

MiniComposer Security & Risk Analysis

wordpress.org/plugins/minicomposer

Build layouts with drag&drop for every page/post

10 active installs v1.6.1 PHP + WP 3.4.0+ Updated Unknown
composergridpage-builderresponsivevisual
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is MiniComposer Safe to Use in 2026?

Generally Safe

Score 100/100

MiniComposer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The minicomposer plugin v1.6.1 exhibits a concerning security posture due to a large attack surface comprised entirely of unprotected AJAX handlers. While the absence of dangerous functions, raw SQL queries, and external HTTP requests is positive, the lack of authorization checks on 10 out of 10 AJAX endpoints presents a significant risk. This means any unauthenticated user could potentially interact with these handlers, leading to unintended consequences or further exploitation if vulnerabilities exist within them.

The static analysis reveals a critical weakness in output escaping, with only 8% of outputs being properly escaped. This opens the door for Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the site that could then be executed in the browsers of other users. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive indicator. However, the current code analysis findings strongly suggest that the lack of proper security measures might be due to oversight rather than a consistently secure development practice.

In conclusion, while minicomposer v1.6.1 has a clean vulnerability history and avoids some common pitfalls like raw SQL queries, its security posture is weakened by a substantial number of unprotected AJAX endpoints and poor output escaping. These factors create significant avenues for attack, particularly XSS and potential unauthorized actions via AJAX. The plugin requires immediate attention to implement proper authorization checks and output sanitization to mitigate these risks.

Key Concerns

  • Unprotected AJAX handlers
  • Low output escaping rate
  • Missing nonce checks on AJAX
Vulnerabilities
None known

MiniComposer Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

MiniComposer Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
34
3 escaped
Nonce Checks
0
Capability Checks
6
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

8% escaped37 total outputs
Attack Surface
10 unprotected

MiniComposer Attack Surface

Entry Points12
Unprotected10

AJAX Handlers 10

authwp_ajax_getColumnContentadmin\InlineEdit.php:18
noprivwp_ajax_getcolumncontentadmin\InlineEdit.php:19
authwp_ajax_changeColumnContentadmin\InlineEdit.php:20
noprivwp_ajax_changeColumnContentadmin\InlineEdit.php:21
authwp_ajax_getTitleContentadmin\InlineEdit.php:23
noprivwp_ajax_getTitleContentadmin\InlineEdit.php:24
authwp_ajax_changeTitleContentadmin\InlineEdit.php:25
noprivwp_ajax_changeTitleContentadmin\InlineEdit.php:26
authwp_ajax_save_minicomposeradmin\MinicomposerAdmin.php:116
noprivwp_ajax_save_minicomposeradmin\MinicomposerAdmin.php:117

Shortcodes 2

[post] public\MinicomposerPublic.php:84
[br] public\MinicomposerPublic.php:85
WordPress Hooks 17
actionsave_postadmin\InlineEdit.php:188
actioncustomize_registeradmin\MinicomposerAdmin.php:87
actionadmin_menuadmin\MinicomposerAdmin.php:91
filteruse_block_editor_for_postadmin\MinicomposerAdmin.php:108
filtergutenberg_can_edit_post_typeadmin\MinicomposerAdmin.php:109
actionadd_meta_boxesadmin\MinicomposerAdmin.php:111
actionsave_postadmin\MinicomposerAdmin.php:112
filtertiny_mce_before_initadmin\MinicomposerAdmin.php:114
actionadmin_headadmin\MinicomposerAdmin.php:120
filtertiny_mce_versionadmin\MinicomposerAdmin.php:121
filtermce_external_pluginsadmin\MinicomposerAdmin.php:379
filtermce_buttonsadmin\MinicomposerAdmin.php:380
actionsave_postadmin\MinicomposerAdmin.php:474
filterthe_contentpublic\MinicomposerPublic.php:79
filterthe_titlepublic\MinicomposerPublic.php:80
actionwp_headpublic\MinicomposerPublic.php:81
actionwp_footerpublic\MinicomposerPublic.php:82
Maintenance & Trust

MiniComposer Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25
Last updatedUnknown
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

MiniComposer Alternatives

Page Builder by SiteOrigin

Page Builder by SiteOrigin

siteorigin-panels

A
88

Build responsive page layouts using the widgets you know and love using this simple drag and drop page builder.

500K 8 CVEs
Mega Addons For WPBakery Page Builder

Mega Addons For WPBakery Page Builder

mega-addons-for-visual-composer

D
41

34+ Addons WPBakery extension, Beautifully designed unique elements, Includes Premium quality addons For WPBakery Page Builder.

30K 2 unpatched
Video Background

Video Background

video-background

A
92

Easily assign a video background to any element on your WordPress pages or posts. Now compatible with WPBakery (Visual Composer) and SiteOrigin Page B …

10K 1 CVE
Ultimate Addons for SiteOrigin

Ultimate Addons for SiteOrigin

addon-so-widgets-bundle

A
85

An ultimate collection of addons for SiteOrigin. SiteOrigin Widgets Bundle is required.

7K No CVEs
Innovs WPBakery Visual Composer WHMCS Elements

Innovs WPBakery Visual Composer WHMCS Elements

void-visual-whmcs-element

C
54

🚀 This WordPress Plugin seamlessly integrates various WPBakery Page Builder widgets with WHMCS, the leading solution for hosting companies to bill and …

2K 2 unpatched
Developer Profile

MiniComposer Developer Profile

rtowebsites

5 plugins · 62K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
112 days
View full developer profile
Detection Fingerprints

How We Detect MiniComposer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/minicomposer/css/minicomposer-admin.css/wp-content/plugins/minicomposer/js/minicomposer-admin.js/wp-content/plugins/minicomposer/js/minicomposer-blocks.js/wp-content/plugins/minicomposer/js/minicomposer-loader.js/wp-content/plugins/minicomposer/js/minicomposer-post.js/wp-content/plugins/minicomposer/js/minicomposer.js
Script Paths
/wp-content/plugins/minicomposer/js/minicomposer-admin.js/wp-content/plugins/minicomposer/js/minicomposer-blocks.js/wp-content/plugins/minicomposer/js/minicomposer-loader.js/wp-content/plugins/minicomposer/js/minicomposer-post.js/wp-content/plugins/minicomposer/js/minicomposer.js
Version Parameters
minicomposer-admin.css?ver=minicomposer-admin.js?ver=minicomposer-blocks.js?ver=minicomposer-loader.js?ver=minicomposer-post.js?ver=minicomposer.js?ver=

HTML / DOM Fingerprints

CSS Classes
minicomposer-columns-containerminicomposer-columnmc-col
HTML Comments
<!-- BEGIN MINICOMPOSER --><!-- END MINICOMPOSER -->
Data Attributes
data-minicomposer-iddata-minicomposer-typedata-minicomposer-blockdata-minicomposer-col
JS Globals
minicomposer
Shortcode Output
[minicomposer][minicomposer_container]
FAQ

Frequently Asked Questions about MiniComposer