WP-Safety

Pilo'Press Security & Risk Analysis

wordpress.org/plugins/pilopress

The most advanced WordPress Page Builder using Advanced Custom Fields & TailwindCSS.

100 active installs v0.4.3.2 PHP 5.6+ WP 4.9+ Updated Apr 5, 2023
acfpage-buildertailwindcss
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Pilo'Press Safe to Use in 2026?

Generally Safe

Score 85/100

Pilo'Press has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

Pilopress v0.4.3.2 exhibits a generally good security posture with several strong indicators. The absence of any recorded vulnerabilities, including CVEs, and the complete lack of critical or high-severity taint flows suggest a mature development process and a history of secure coding. The plugin also demonstrates good practices by exclusively using prepared statements for its SQL queries and performing capability checks on its entry points. However, there are areas for improvement. The low percentage of properly escaped output (44%) is a significant concern, indicating a potential risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not adequately sanitized before being displayed. The presence of file operations without clear context on their security implications also warrants attention. While the attack surface is currently small and appears to be protected, the potential for issues with unescaped output remains the primary risk in this version.

Key Concerns

  • Low percentage of properly escaped output
  • File operations present, security context unclear
  • No nonce checks on entry points
Vulnerabilities
None known

Pilo'Press Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Pilo'Press Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
43
34 escaped
Nonce Checks
0
Capability Checks
5
File Operations
8
External Requests
0
Bundled Libraries
1

Bundled Libraries

TinyMCE

SQL Query Safety

100% prepared4 total queries

Output Escaping

44% escaped77 total outputs
Attack Surface

Pilo'Press Attack Surface

Entry Points6
Unprotected0

Shortcodes 6

[pip_breadcrumb] includes\classes\admin\editor\class-shortcodes.php:21
[pip_button] includes\classes\admin\editor\class-shortcodes.php:22
[pip_button_group] includes\classes\admin\editor\class-shortcodes.php:23
[pip_spacer] includes\classes\admin\editor\class-shortcodes.php:24
[pip_title] includes\classes\admin\editor\class-shortcodes.php:25
[pip_thumbnail] includes\classes\admin\editor\class-shortcodes.php:26
WordPress Hooks 153
actionadmin_noticesincludes\classes\admin\class-admin.php:13
actionadmin_enqueue_scriptsincludes\classes\admin\class-admin.php:14
actionadmin_menuincludes\classes\admin\class-admin.php:15
actionadmin_bar_menuincludes\classes\admin\class-admin.php:16
filterparent_fileincludes\classes\admin\class-admin.php:17
filtersubmenu_fileincludes\classes\admin\class-admin.php:18
filterposts_whereincludes\classes\admin\class-admin.php:19
filteradmin_urlincludes\classes\admin\class-admin.php:20
filterupload_mimesincludes\classes\admin\class-admin.php:21
actionin_admin_headerincludes\classes\admin\class-admin.php:22
actionin_admin_headerincludes\classes\admin\class-admin.php:23
actionadmin_noticesincludes\classes\admin\class-admin.php:24
actionacf/save_postincludes\classes\admin\class-admin.php:27
filteracf/load_valueincludes\classes\admin\class-options-single-meta.php:25
filteracf/pre_load_metadataincludes\classes\admin\class-options-single-meta.php:26
filteracf/update_valueincludes\classes\admin\class-options-single-meta.php:29
actionacf/save_postincludes\classes\admin\class-options-single-meta.php:30
actioninitincludes\classes\admin\editor\class-shortcodes.php:13
actionacf/save_postincludes\classes\admin\modules\class-tailwind.php:19
actionacf/options_page/submitbox_major_actionsincludes\classes\admin\modules\class-tailwind.php:20
actionwp_enqueue_scriptsincludes\classes\admin\modules\class-tailwind.php:25
actionwp_headincludes\classes\admin\modules\class-tailwind.php:26
filterpip/enqueue/removeincludes\classes\admin\modules\class-tailwind.php:28
actionwp_enqueue_scriptsincludes\classes\admin\modules\class-tinymce.php:19
actionadmin_enqueue_scriptsincludes\classes\admin\modules\class-tinymce.php:20
actionadmin_initincludes\classes\admin\modules\class-tinymce.php:21
actionadmin_enqueue_scriptsincludes\classes\admin\modules\class-tinymce.php:22
filtermce_external_pluginsincludes\classes\admin\modules\class-tinymce.php:23
filtermce_cssincludes\classes\admin\modules\class-tinymce.php:24
filtertiny_mce_before_initincludes\classes\admin\modules\class-tinymce.php:25
filteracf/fields/wysiwyg/toolbarsincludes\classes\admin\modules\class-tinymce.php:28
filteracfe/load_fieldsincludes\classes\admin\modules\class-tinymce.php:29
filteracf/pre_render_fieldsincludes\classes\admin\modules\class-tinymce.php:30
filteracf/load_field/type=wysiwygincludes\classes\admin\modules\class-tinymce.php:31
actionacf/render_field_settings/type=wysiwygincludes\classes\admin\modules\class-tinymce.php:32
actionadmin_menuincludes\classes\admin\options-pages\class-admin-options-page.php:112
filteracf/location/rule_valuesincludes\classes\admin\options-pages\class-admin-options-page.php:113
filteracfe/field_groups_third_party/sourceincludes\classes\admin\options-pages\class-admin-options-page.php:114
actionacf/input/admin_enqueue_scriptsincludes\classes\admin\options-pages\class-admin-options-page.php:202
actionacf/input/admin_headincludes\classes\admin\options-pages\class-admin-options-page.php:203
actioninitincludes\classes\admin\options-pages\class-options-pages.php:17
filterimage_size_names_chooseincludes\classes\admin\options-pages\class-options-pages.php:18
filteracf/load_value/name=pip_typographyincludes\classes\admin\options-pages\class-options-pages.php:21
filteracf/load_value/name=pip_screensincludes\classes\admin\options-pages\class-options-pages.php:22
filteracf/load_field/name=pip_native_colors_in_editorincludes\classes\admin\options-pages\class-options-pages.php:23
filteracf/load_value/name=pip_native_colors_in_editorincludes\classes\admin\options-pages\class-options-pages.php:24
filteracf/load_value/name=pip_wp_image_sizesincludes\classes\admin\options-pages\class-options-pages.php:25
filteracf/prepare_field/name=pip_wp_image_sizesincludes\classes\admin\options-pages\class-options-pages.php:26
actionacf/save_postincludes\classes\admin\options-pages\class-options-pages.php:27
actionload-post.phpincludes\classes\admin\patterns\class-locked-content.php:20
actionpost.phpincludes\classes\admin\patterns\class-locked-content.php:21
actionload-term.phpincludes\classes\admin\patterns\class-locked-content.php:22
actionterm.phpincludes\classes\admin\patterns\class-locked-content.php:23
filterpip/layouts/file_pathincludes\classes\admin\patterns\class-locked-content.php:29
filterpip/layouts/thumbnail/file_pathincludes\classes\admin\patterns\class-locked-content.php:30
filterpip/layouts/thumbnail/file_urlincludes\classes\admin\patterns\class-locked-content.php:31
actioninitincludes\classes\admin\patterns\class-patterns.php:32
actionadmin_initincludes\classes\admin\patterns\class-patterns.php:33
actionadmin_initincludes\classes\admin\patterns\class-patterns.php:34
actioninitincludes\classes\components\class-components.php:20
filteracf/location/rule_values/post_typeincludes\classes\components\class-components.php:23
filteracf/location/rule_values/postincludes\classes\components\class-components.php:24
filteracf/get_post_typesincludes\classes\components\class-components.php:25
filteracf/location/rule_typesincludes\classes\components\class-components.php:28
actionacf/initincludes\classes\core\class-upgrades.php:28
actionpip_delete_layouts_zipincludes\classes\main\class-cron.php:17
actioncurrent_screenincludes\classes\main\class-field-groups.php:13
actionload-edit.phpincludes\classes\main\class-field-groups.php:30
actionload-post.phpincludes\classes\main\class-field-groups.php:33
actionload-post-new.phpincludes\classes\main\class-field-groups.php:34
actionpre_get_postsincludes\classes\main\class-field-groups.php:58
filterviews_edit-acf-field-groupincludes\classes\main\class-field-groups.php:59
actionacf/field_group/admin_headincludes\classes\main\class-field-groups.php:77
actioncurrent_screenincludes\classes\main\class-flexible-mirror.php:37
actionload-post.phpincludes\classes\main\class-flexible-mirror.php:51
filteradmin_body_classincludes\classes\main\class-flexible-mirror.php:62
actionacf/input/admin_headincludes\classes\main\class-flexible-mirror.php:63
actionacf/form_dataincludes\classes\main\class-flexible-mirror.php:64
actioninitincludes\classes\main\class-flexible.php:58
filteracfe/flexible/layouts/iconsincludes\classes\main\class-flexible.php:65
filteracfe/flexible/layouts/iconsincludes\classes\main\class-flexible.php:66
filteradmin_urlincludes\classes\main\class-layouts-list.php:16
actioncurrent_screenincludes\classes\main\class-layouts-list.php:19
actionload-edit.phpincludes\classes\main\class-layouts-list.php:34
filtermanage_edit-acf-field-group_columnsincludes\classes\main\class-layouts-list.php:39
actionmanage_acf-field-group_posts_custom_columnincludes\classes\main\class-layouts-list.php:42
actionmanage_acf-field-group_posts_custom_columnincludes\classes\main\class-layouts-list.php:43
actionpre_get_postsincludes\classes\main\class-layouts-list.php:166
filterdisplay_post_statesincludes\classes\main\class-layouts-list.php:167
filterviews_edit-acf-field-groupincludes\classes\main\class-layouts-list.php:168
filterdisable_months_dropdownincludes\classes\main\class-layouts-list.php:169
actionrestrict_manage_postsincludes\classes\main\class-layouts-list.php:170
filtermanage_edit-acf-field-group_columnsincludes\classes\main\class-layouts-list.php:173
actioninitincludes\classes\main\class-layouts-single.php:16
actioncurrent_screenincludes\classes\main\class-layouts-single.php:17
actionacf/prepare_field/name=pip_layout_varincludes\classes\main\class-layouts-single.php:20
actionload-post.phpincludes\classes\main\class-layouts-single.php:35
actionload-post-new.phpincludes\classes\main\class-layouts-single.php:36
actionload-post-new.phpincludes\classes\main\class-layouts-single.php:39
filterget_user_option_meta-box-order_acf-field-groupincludes\classes\main\class-layouts-single.php:49
actionsave_postincludes\classes\main\class-layouts-single.php:50
actionuntrashed_postincludes\classes\main\class-layouts-single.php:51
filteracf/validate_field_groupincludes\classes\main\class-layouts-single.php:54
actionacf/update_field_groupincludes\classes\main\class-layouts-single.php:55
actionacf/field_group/admin_headincludes\classes\main\class-layouts-single.php:56
filteracf/validate_field_groupincludes\classes\main\class-layouts-single.php:64
filteracfe/repeater/remove_actions/name=pip_layout_varincludes\classes\main\class-layouts-single.php:476
filteracf/prepare_field/name=pip_layout_var_keyincludes\classes\main\class-layouts-single.php:479
filteracfe/settings/json_save/allincludes\classes\main\class-layouts-sync.php:13
filteracfe/settings/php_save/allincludes\classes\main\class-layouts-sync.php:14
filteracfe/settings/json_loadincludes\classes\main\class-layouts-sync.php:17
filteracfe/settings/php_loadincludes\classes\main\class-layouts-sync.php:18
actioninitincludes\classes\main\class-layouts-tax-categories.php:20
filterparent_fileincludes\classes\main\class-layouts-tax-categories.php:21
actioncurrent_screenincludes\classes\main\class-layouts-tax-categories.php:22
filteracf/get_taxonomiesincludes\classes\main\class-layouts-tax-categories.php:25
filteracf/prepare_field_group_for_exportincludes\classes\main\class-layouts-tax-categories.php:26
actionacf/import_field_groupincludes\classes\main\class-layouts-tax-categories.php:27
filtermanage_edit-acf-field-group_columnsincludes\classes\main\class-layouts-tax-categories.php:46
actionmanage_acf-field-group_posts_custom_columnincludes\classes\main\class-layouts-tax-categories.php:47
filterviews_edit-acf-field-groupincludes\classes\main\class-layouts-tax-categories.php:48
actioninitincludes\classes\main\class-layouts-tax-collections.php:23
filterparent_fileincludes\classes\main\class-layouts-tax-collections.php:24
actioncurrent_screenincludes\classes\main\class-layouts-tax-collections.php:25
filteracf/get_taxonomiesincludes\classes\main\class-layouts-tax-collections.php:28
filteracf/prepare_field_group_for_exportincludes\classes\main\class-layouts-tax-collections.php:29
actionacf/import_field_groupincludes\classes\main\class-layouts-tax-collections.php:30
filtermanage_edit-acf-field-group_columnsincludes\classes\main\class-layouts-tax-collections.php:49
actionmanage_acf-field-group_posts_custom_columnincludes\classes\main\class-layouts-tax-collections.php:50
filterviews_edit-acf-field-groupincludes\classes\main\class-layouts-tax-collections.php:51
actioncurrent_screenincludes\classes\main\class-layouts.php:16
filteracf/load_field_groupsincludes\classes\main\class-layouts.php:19
actionacf/update_field_groupincludes\classes\main\class-layouts.php:20
actionwp_enqueue_scriptsincludes\classes\main\class-main.php:17
actionadmin_enqueue_scriptsincludes\classes\main\class-main.php:18
filterscript_loader_srcincludes\classes\main\class-main.php:19
actioninitincludes\classes\pattern\class-flexible-footer.php:26
filteracfe/flexible/layouts/iconsincludes\classes\pattern\class-flexible-footer.php:35
filteracfe/flexible/layouts/iconsincludes\classes\pattern\class-flexible-footer.php:36
actioninitincludes\classes\pattern\class-flexible-header.php:26
filteracfe/flexible/layouts/iconsincludes\classes\pattern\class-flexible-header.php:36
filteracfe/flexible/layouts/iconsincludes\classes\pattern\class-flexible-header.php:37
actioninitincludes\classes\pattern\class-pattern-message.php:13
actionacf/prepare_field/name=pip_flexible_pattern_messageincludes\classes\pattern\class-pattern-message.php:16
actioninitincludes\classes\pattern\class-pattern.php:37
filteracf/location/rule_values/options_pageincludes\classes\pattern\class-pattern.php:40
filteracf/location/rule_typesincludes\classes\pattern\class-pattern.php:41
filteracf/location/rule_values/pip-patternincludes\classes\pattern\class-pattern.php:42
filteracf/location/match_rule/type=pip-patternincludes\classes\pattern\class-pattern.php:43
actioninitinit.php:23
actionacf/include_field_typespilopress.php:71
actionacf/initpilopress.php:88
actionacf/include_admin_toolspilopress.php:91
Maintenance & Trust

Pilo'Press Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9
Last updatedApr 5, 2023
PHP min version5.6
Downloads6K

Community Trust

Rating100/100
Number of ratings4
Active installs100
Alternatives

Pilo'Press Alternatives

ACF-VC Integrator

ACF-VC Integrator

acf-vc-integrator

A
92

ACF-VC Plugin puts a ACF element into your WPBakery Page Builder making it easier than ever to use your custom created fields in your own page design.

3K No CVEs
ACF Page Builder Field

ACF Page Builder Field

acf-page-builder-field

A
85

This plugin will add a Page Builder field type in Advanced Custom Fields.

300 No CVEs
Elementor Website Builder – More Than Just a Page Builder

Elementor Website Builder – More Than Just a Page Builder

elementor

A
88

The Elementor Website Builder has it all: drag and drop page builder, pixel perfect design, mobile responsive editing, and more. Get started now!

10.0M 45 CVEs
Advanced Custom Fields (ACF®)

Advanced Custom Fields (ACF®)

advanced-custom-fields

A
93

ACF helps customize WordPress with powerful, professional and intuitive fields. Proudly powering over 2 million sites, WordPress developers love ACF.

2.0M 9 CVEs
Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode

Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode

coming-soon

C
67

Easy Drag & Drop Page Builder. A complete solution to create a WordPress Website, Custom Themes, Landing Pages, Coming Soon & Maintenance Mode Pages.

700K 1 unpatched
Developer Profile

Pilo'Press Developer Profile

Pilot'in

1 plugin · 100 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Pilo'Press

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pilopress/assets/css/vendors/highlight.min.css/wp-content/plugins/pilopress/assets/css/vendors/prism.css/wp-content/plugins/pilopress/assets/css/pilopress.css/wp-content/plugins/pilopress/assets/css/vendors/swiper.min.css/wp-content/plugins/pilopress/assets/css/vendors/lity.min.css/wp-content/plugins/pilopress/assets/css/vendors/tippy.min.css/wp-content/plugins/pilopress/assets/js/vendors/jquery.min.js/wp-content/plugins/pilopress/assets/js/vendors/underscore.min.js+9 more
Script Paths
/wp-content/plugins/pilopress/assets/js/vendors/jquery.min.js/wp-content/plugins/pilopress/assets/js/vendors/underscore.min.js/wp-content/plugins/pilopress/assets/js/vendors/lodash.min.js/wp-content/plugins/pilopress/assets/js/vendors/swiper.min.js/wp-content/plugins/pilopress/assets/js/vendors/lity.min.js/wp-content/plugins/pilopress/assets/js/vendors/tippy.min.js+5 more
Version Parameters
/wp-content/plugins/pilopress/assets/css/vendors/highlight.min.css?ver=/wp-content/plugins/pilopress/assets/css/vendors/prism.css?ver=/wp-content/plugins/pilopress/assets/css/pilopress.css?ver=/wp-content/plugins/pilopress/assets/css/vendors/swiper.min.css?ver=/wp-content/plugins/pilopress/assets/css/vendors/lity.min.css?ver=/wp-content/plugins/pilopress/assets/css/vendors/tippy.min.css?ver=/wp-content/plugins/pilopress/assets/js/vendors/jquery.min.js?ver=/wp-content/plugins/pilopress/assets/js/vendors/underscore.min.js?ver=/wp-content/plugins/pilopress/assets/js/vendors/lodash.min.js?ver=/wp-content/plugins/pilopress/assets/js/vendors/swiper.min.js?ver=/wp-content/plugins/pilopress/assets/js/vendors/lity.min.js?ver=/wp-content/plugins/pilopress/assets/js/vendors/tippy.min.js?ver=/wp-content/plugins/pilopress/assets/js/vendors/prism.min.js?ver=/wp-content/plugins/pilopress/assets/js/pilopress.js?ver=/wp-content/plugins/pilopress/assets/js/pilopress-editor.js?ver=/wp-content/plugins/pilopress/assets/js/pilopress-flex-mirror.js?ver=/wp-content/plugins/pilopress/assets/js/pilopress-layout-sync.js?ver=

HTML / DOM Fingerprints

CSS Classes
pilopress-editor-wrapperpilopress-editor-fieldpilopress-btnpilopress-flex-layoutpilopress-layout-itempilopress-flex-content
HTML Comments
<!-- PiloPress Layout: Flexible --><!-- PiloPress Layout: Single --><!-- PiloPress Layout: Content --><!-- PiloPress Layout: Title -->+12 more
Data Attributes
data-pilopress-iddata-pilopress-layout-typedata-pilopress-layout-namedata-pilopress-field-typedata-pilopress-field-namedata-pilopress-field-settings
JS Globals
PiloPresspilopress_editor_paramspilopress_flex_paramspilopress_layout_sync_params
REST Endpoints
/wp-json/pilopress/v1/layouts/wp-json/pilopress/v1/layouts/(?P<id>[\d]+)/wp-json/pilopress/v1/layouts/sync/wp-json/pilopress/v1/field-groups/wp-json/pilopress/v1/field-groups/(?P<id>[\d]+)/wp-json/pilopress/v1/fields/wp-json/pilopress/v1/fields/(?P<id>[\d]+)/wp-json/pilopress/v1/patterns/wp-json/pilopress/v1/patterns/(?P<id>[\d]+)/wp-json/pilopress/v1/patterns/sync/wp-json/pilopress/v1/options/tailwind/wp-json/pilopress/v1/options/fonts/wp-json/pilopress/v1/options/image-sizes/wp-json/pilopress/v1/options/configuration/wp-json/pilopress/v1/options/modules
FAQ

Frequently Asked Questions about Pilo'Press