WP-Safety

Theme Blvd Layout Builder Security & Risk Analysis

wordpress.org/plugins/theme-blvd-layout-builder

When using a Theme Blvd theme, this plugin gives you slick interface to build custom layouts.

2K active installs v2.3.6 PHP + WP + Updated Jan 24, 2019
buildercustomhomepagelayoutstheme-blvd
85
A · Safe
CVEs total1
Unpatched0
Last CVENov 8, 2014
Download
Safety Verdict

Is Theme Blvd Layout Builder Safe to Use in 2026?

Generally Safe

Score 85/100

Theme Blvd Layout Builder has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 8, 2014Updated 7yr ago
Risk Assessment

The "theme-blvd-layout-builder" v2.3.6 plugin exhibits a mixed security posture. While it demonstrates strengths in avoiding dangerous functions, raw SQL queries, and external HTTP requests, significant concerns arise from its attack surface and output sanitization practices. The presence of 8 unprotected AJAX handlers represents a substantial risk, as these can be exploited by unauthenticated users to potentially trigger unintended actions or access sensitive information. This, combined with a low capability check count, points to a potential lack of robust access control mechanisms in critical areas. Furthermore, the taint analysis revealing 10 flows with unsanitized paths, even without critical or high severity designations, warrants attention as it suggests potential avenues for injection attacks if these paths are not carefully handled. The plugin's vulnerability history, though dated, primarily points to missing authorization, reinforcing the concern raised by the unprotected AJAX handlers. While the absence of currently unpatched CVEs is positive, the historical pattern and static analysis findings suggest that authorization and input sanitization are key areas for improvement to enhance the plugin's overall security.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Low percentage of properly escaped output
  • Low capability check count
Vulnerabilities
1

Theme Blvd Layout Builder Security Vulnerabilities

CVEs by Year

1 CVE in 2014
2014
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

WF-bb5178f4-356b-4352-96ca-500e49006f8a-theme-blvd-layout-buildermedium · 6.5Missing Authorization

ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks

Nov 8, 2014 Patched in 2.0.2 (3363d)
Code Analysis
Analyzed Mar 16, 2026

Theme Blvd Layout Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
80
173 escaped
Nonce Checks
15
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

68% escaped253 total outputs
Data Flows
10 unsanitized

Data Flow Analysis

11 flows10 with unsanitized paths
headers (inc\admin\class-tb-export-layout.php:33)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Theme Blvd Layout Builder Attack Surface

Entry Points16
Unprotected8

AJAX Handlers 16

authwp_ajax_themeblvd_add_templateinc\admin\class-tb-layout-builder-ajax.php:22
authwp_ajax_themeblvd_apply_templateinc\admin\class-tb-layout-builder-ajax.php:23
authwp_ajax_themeblvd_save_templateinc\admin\class-tb-layout-builder-ajax.php:24
authwp_ajax_themeblvd_clear_layoutinc\admin\class-tb-layout-builder-ajax.php:25
authwp_ajax_themeblvd_add_sectioninc\admin\class-tb-layout-builder-ajax.php:26
authwp_ajax_themeblvd_add_elementinc\admin\class-tb-layout-builder-ajax.php:27
authwp_ajax_themeblvd_add_blockinc\admin\class-tb-layout-builder-ajax.php:28
authwp_ajax_themeblvd_update_builder_tableinc\admin\class-tb-layout-builder-ajax.php:29
authwp_ajax_themeblvd_delete_layoutinc\admin\class-tb-layout-builder-ajax.php:30
authwp_ajax_themeblvd_edit_layoutinc\admin\class-tb-layout-builder-ajax.php:31
authwp_ajax_themeblvd_mini_edit_layoutinc\admin\class-tb-layout-builder-ajax.php:32
authwp_ajax_themeblvd_layout_toggleinc\admin\class-tb-layout-builder-ajax.php:33
authwp_ajax_themeblvd_dup_elementinc\admin\class-tb-layout-builder-ajax.php:34
authwp_ajax_themeblvd_dup_blockinc\admin\class-tb-layout-builder-ajax.php:35
authwp_ajax_themeblvd_get_metainc\admin\class-tb-layout-builder-ajax.php:36
authwp_ajax_themeblvd_save_screen_settingsinc\admin\class-tb-layout-builder-screen.php:38
WordPress Hooks 61
actionadmin_menuinc\admin\class-tb-import-layout.php:34
actionadmin_initinc\admin\class-tb-import-layout.php:37
actionadmin_initinc\admin\class-tb-import-layout.php:40
actionadmin_noticesinc\admin\class-tb-import-layout.php:99
actionadmin_noticesinc\admin\class-tb-import-layout.php:114
actionadmin_noticesinc\admin\class-tb-import-layout.php:123
actionthemeblvd_builder_updateinc\admin\class-tb-import-layout.php:173
actionenqueue_block_editor_assetsinc\admin\class-tb-layout-builder-editor.php:14
filterscreen_settingsinc\admin\class-tb-layout-builder-screen.php:37
actionin_plugin_update_message-theme-blvd-layout-builder/tb-builder.phpinc\admin\class-tb-layout-builder-upgrade-notice.php:40
actionafter_setup_themeinc\admin\class-tb-layout-builder.php:45
actionadmin_menuinc\admin\class-tb-layout-builder.php:48
actionthemeblvd_builder_updateinc\admin\class-tb-layout-builder.php:49
filterparent_fileinc\admin\class-tb-layout-builder.php:52
filtersubmenu_fileinc\admin\class-tb-layout-builder.php:53
filteradmin_titleinc\admin\class-tb-layout-builder.php:56
filterpage_row_actionsinc\admin\class-tb-layout-builder.php:59
actioncurrent_screeninc\admin\class-tb-layout-builder.php:62
filterthemeblvd_locals_jsinc\admin\class-tb-layout-builder.php:66
filteradmin_body_classinc\admin\class-tb-layout-builder.php:69
actioncurrent_screeninc\admin\class-tb-layout-builder.php:75
actioncurrent_screeninc\admin\class-tb-layout-builder.php:81
actioncurrent_screeninc\admin\class-tb-layout-builder.php:85
actioncurrent_screeninc\admin\class-tb-layout-builder.php:89
filterwp_save_post_revision_post_has_changedinc\admin\class-tb-layout-builder.php:124
actionsave_postinc\admin\class-tb-layout-builder.php:125
actionwp_restore_post_revisioninc\admin\class-tb-layout-builder.php:126
filterthemeblvd_sanitize_textinc\admin\class-tb-layout-builder.php:2378
filterthemeblvd_sanitize_textareainc\admin\class-tb-layout-builder.php:2379
filterthemeblvd_sanitize_uploadinc\admin\class-tb-layout-builder.php:2380
filterthemeblvd_sanitize_sliderinc\admin\class-tb-layout-builder.php:2381
filterthemeblvd_sanitize_logosinc\admin\class-tb-layout-builder.php:2382
filterthemeblvd_sanitize_background_videoinc\admin\class-tb-layout-builder.php:2383
filterthemeblvd_sanitize_sliderinc\admin\class-tb-layout-builder.php:2399
filterthemeblvd_sanitize_logosinc\admin\class-tb-layout-builder.php:2400
filterthemeblvd_sanitize_uploadinc\admin\class-tb-layout-builder.php:2401
actionsave_postinc\admin\class-tb-layout-builder.php:2502
actionedit_form_after_titleinc\admin\class-tb-layout-builder.php:2508
actionadmin_enqueue_scriptsinc\admin\class-tb-layout-builder.php:2510
actionadmin_enqueue_scriptsinc\admin\class-tb-layout-builder.php:2512
actionadmin_noticesinc\admin\class-tb-layout-builder.php:4395
actionin_admin_headerinc\admin\class-tb-layout-builder.php:4416
actionin_admin_headerinc\admin\class-tb-layout-builder.php:4437
actionin_admin_headerinc\admin\class-tb-layout-builder.php:4455
actionafter_setup_themeinc\api\class-tb-builder-api.php:159
actionafter_setup_themeinc\api\class-tb-builder-api.php:160
actionadmin_noticesinc\class-tb-layout-builder-notices.php:93
actionadmin_initinc\class-tb-layout-builder-notices.php:94
filtertemplate_includeinc\legacy.php:521
actioninittb-builder.php:58
actiontemplate_redirecttb-builder.php:61
actionwp_enqueue_scriptstb-builder.php:73
actionthemeblvd_builder_contenttb-builder.php:81
actionthemeblvd_builder_contenttb-builder.php:85
actionthemeblvd_featuredtb-builder.php:86
actionthemeblvd_featured_belowtb-builder.php:87
filterthemeblvd_frontend_configtb-builder.php:88
filterthemeblvd_sample_layoutstb-builder.php:98
actionafter_setup_themetb-builder.php:164
actionthemeblvd_apitb-builder.php:189
actioninittb-builder.php:199
Maintenance & Trust

Theme Blvd Layout Builder Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25
Last updatedJan 24, 2019
PHP min version
Downloads165K

Community Trust

Rating100/100
Number of ratings5
Active installs2K
Alternatives

Theme Blvd Layout Builder Alternatives

Theme Blvd Layouts to Posts

Theme Blvd Layouts to Posts

theme-blvd-layouts-to-posts

A
85

This plugin extends the Theme Blvd Layout Builder so you can assign your custom templates to standard posts and custom post types.

60 No CVEs
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

A
88

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 14 CVEs
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

B
82

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

600K 27 CVEs
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor

metform

A
87

The most popular Elementor forms builder to create WordPress forms like contact forms, booking forms, feedback form, survey forms, application forms a …

600K 26 CVEs
SureForms – Contact Form, Payment Form & Other Custom Form Builder

SureForms – Contact Form, Payment Form & Other Custom Form Builder

sureforms

A
88

The most beginner-friendly, AI Form Builder for WordPress to create contact forms, payment forms & other custom forms with advanced features, with …

400K 16 CVEs
Developer Profile

Theme Blvd Layout Builder Developer Profile

Jason

22 plugins · 8K total installs

69
trust score
Avg Security Score
86/100
Avg Patch Time
3363 days
View full developer profile
Detection Fingerprints

How We Detect Theme Blvd Layout Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/theme-blvd-layout-builder/inc/admin/assets/js/editor.js/wp-content/plugins/theme-blvd-layout-builder/inc/admin/assets/js/editor.min.js/wp-content/plugins/theme-blvd-layout-builder/inc/legacy.php/wp-content/plugins/theme-blvd-layout-builder/inc/general.php/wp-content/plugins/theme-blvd-layout-builder/inc/class-tb-layout-builder-notices.php/wp-content/plugins/theme-blvd-layout-builder/inc/class-tb-layout-builder-data.php/wp-content/plugins/theme-blvd-layout-builder/inc/admin/class-tb-layout-builder-upgrade-notice.php/wp-content/plugins/theme-blvd-layout-builder/inc/admin/builder-samples.php+6 more
Script Paths
/wp-content/plugins/theme-blvd-layout-builder/inc/admin/assets/js/editor.js/wp-content/plugins/theme-blvd-layout-builder/inc/admin/assets/js/editor.min.js
Version Parameters
theme-blvd-layout-builder/style.css?ver=theme-blvd-layout-builder/inc/admin/assets/js/editor.js?ver=theme-blvd-layout-builder/inc/admin/assets/js/editor.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
theme-blvd-layout-builder
HTML Comments
<!-- Theme Blvd Layout Builder Admin --><!-- Integrate into WordPress 5+ editor. --><!-- Theme Blvd Layout Builder --><!-- Theme Blvd Layout Builder API -->+3 more
Data Attributes
data-tb-builder
JS Globals
themeblvdLayoutBuilderEditorL10n
FAQ

Frequently Asked Questions about Theme Blvd Layout Builder