Does WC Builder – WooCommerce Page Builder for WPBakery have any unpatched vulnerabilities?

No. All known vulnerabilities in WC Builder – WooCommerce Page Builder for WPBakery have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WC Builder – WooCommerce Page Builder for WPBakery compatible with WordPress 6.9.4?

According to WordPress.org data, WC Builder – WooCommerce Page Builder for WPBakery 1.2.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WC Builder – WooCommerce Page Builder for WPBakery compatible with PHP 5.2.4+?

WC Builder – WooCommerce Page Builder for WPBakery requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is WC Builder – WooCommerce Page Builder for WPBakery's security score?

WC Builder – WooCommerce Page Builder for WPBakery has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WC Builder – WooCommerce Page Builder for WPBakery Security & Risk Analysis

wordpress.org/plugins/wc-builder

This plugin provides a full set of easy-to-use and customizable WooCommerce shortcodes as Page builder addon.

1K active installs v1.2.1 PHP 5.2.4+ WP 5.0+ Updated Dec 14, 2025

drag-and-dropwc-builderwoocommercewoocommerce-builderwpbakery

A · Safe

CVEs total3

Unpatched0

Last CVEDec 27, 2025

Plugin page Download

Safety Verdict

Is WC Builder – WooCommerce Page Builder for WPBakery Safe to Use in 2026?

Generally Safe

Score 96/100

WC Builder – WooCommerce Page Builder for WPBakery has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Dec 27, 2025Updated 3mo ago

Risk Assessment

The "wc-builder" plugin version 1.2.1 presents a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and having no known unpatched vulnerabilities. The presence of multiple capability checks across its AJAX handlers is also a strength. However, significant concerns arise from the attack surface analysis, particularly the four AJAX handlers that lack authentication checks. This directly exposes these entry points to potential abuse by unauthenticated users. While taint analysis shows no immediate exploitable flows, the presence of a dangerous `create_function` call, even if not directly exploited by current taint flows, is a code smell that could lead to vulnerabilities in the future. Furthermore, only 38% of output escaping is properly implemented, indicating a moderate risk of Cross-Site Scripting (XSS) vulnerabilities, a pattern corroborated by its vulnerability history which lists three medium severity XSS CVEs. The fact that the last vulnerability was recent (2025-12-27) and was of medium severity suggests ongoing issues with input sanitization and output escaping, despite the absence of unpatched vulnerabilities currently.

In conclusion, while the plugin avoids critical technical debt like unpatched CVEs or raw SQL queries, the significant number of unprotected AJAX handlers and the substantial percentage of improperly escaped output pose a moderate to high risk. The historical pattern of XSS vulnerabilities, coupled with the current lack of comprehensive output escaping, is the most concerning aspect. Developers should prioritize securing the AJAX endpoints and improving output escaping to mitigate these risks.

Key Concerns

4 AJAX handlers without auth checks
38% of outputs properly escaped
Dangerous function: create_function
3 medium severity XSS CVEs in history

Vulnerabilities

WC Builder – WooCommerce Page Builder for WPBakery Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-68533medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WC Builder <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 27, 2025 Patched in 1.2.1 (10d)

CVE-2025-14054medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WC Builder <= 1.2.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'heading_color' Shortcode Attribute

Dec 20, 2025 Patched in 1.2.1 (1d)

CVE-2024-29926medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WC Builder <= 1.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 25, 2024 Patched in 1.0.19 (8d)

Code Analysis

Analyzed Mar 16, 2026

WC Builder – WooCommerce Page Builder for WPBakery Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

121

74 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_function$callback = create_function('', 'echo "' . str_replace( '"', '\"', $section['desc'] ) . '";');includes\admin\include\class.settings-api.php:105

Output Escaping

38% escaped195 total outputs

Attack Surface

4 unprotected

WC Builder – WooCommerce Page Builder for WPBakery Attack Surface

Entry Points19

Unprotected4

AJAX Handlers 4

authwp_ajax_wpbforwpbakery_ajax_add_to_cart_noticeincludes\single-add-to-cart-ajax.php:25

noprivwp_ajax_wpbforwpbakery_ajax_add_to_cart_noticeincludes\single-add-to-cart-ajax.php:26

authwp_ajax_wpbforwpbakery_ajax_add_to_cartincludes\single-add-to-cart-ajax.php:35

noprivwp_ajax_wpbforwpbakery_ajax_add_to_cartincludes\single-add-to-cart-ajax.php:36

Shortcodes 15

[wpbforwpbakery_product_archive] includes\addons\archive_product.php:11

[wpbforwpbakery_product_additional_information] includes\addons\product_additional_information.php:9

[wpbforwpbakery_product_add_to_cart] includes\addons\product_add_to_cart.php:10

[wpbforwpbakery_product_data_tab] includes\addons\product_data_tab.php:10

[wpbforwpbakery_product_description] includes\addons\product_description.php:9

[wpbforwpbakery_product_thumbnail] includes\addons\product_image.php:5

[wpbforwpbakery_product_meta] includes\addons\product_meta.php:5

[wpbforwpbakery_product_price] includes\addons\product_price.php:10

[wpbforwpbakery_product_rating] includes\addons\product_rating.php:10

[wpbforwpbakery_product_related] includes\addons\product_related.php:10

[wpbforwpbakery_product_reviews] includes\addons\product_reviews.php:10

[wpbforwpbakery_product_short_description] includes\addons\product_short_description.php:10

[wpbforwpbakery_product_stock] includes\addons\product_stock.php:10

[wpbforwpbakery_product_title] includes\addons\product_title.php:10

[wpbforwpbakery_product_upsell] includes\addons\product_upsell.php:10

WordPress Hooks 52

actionadmin_noticesincludes\activation-notice.php:14

actionvc_after_initincludes\addons\archive_product.php:14

actionvc_after_initincludes\addons\product_additional_information.php:12

actionvc_after_initincludes\addons\product_add_to_cart.php:13

actionvc_after_initincludes\addons\product_data_tab.php:13

actionvc_after_initincludes\addons\product_description.php:12

actionvc_after_initincludes\addons\product_image.php:8

actionvc_after_initincludes\addons\product_meta.php:8

actionvc_after_initincludes\addons\product_price.php:13

actionvc_after_initincludes\addons\product_rating.php:13

actionvc_after_initincludes\addons\product_related.php:13

actionvc_after_initincludes\addons\product_reviews.php:13

filtercomments_templateincludes\addons\product_reviews.php:28

actionvc_after_initincludes\addons\product_short_description.php:13

actionvc_after_initincludes\addons\product_stock.php:13

actionvc_after_initincludes\addons\product_title.php:13

actionvc_after_initincludes\addons\product_upsell.php:13

actionadmin_enqueue_scriptsincludes\admin\admin-init.php:11

actionadmin_initincludes\admin\include\admin-setting.php:14

actionadmin_menuincludes\admin\include\admin-setting.php:15

actionwsa_form_bottom_wpbforwpbakery_general_tabsincludes\admin\include\admin-setting.php:16

actionwsa_form_top_wpbforwpbakery_elements_tabsincludes\admin\include\admin-setting.php:17

actionwsa_form_bottom_wpbforwpbakery_buy_pro_tabsincludes\admin\include\admin-setting.php:19

actionadmin_enqueue_scriptsincludes\admin\include\class.settings-api.php:28

actionadmin_menuincludes\admin\recommended-plugins\class.recommended-plugins.php:80

actionadmin_enqueue_scriptsincludes\admin\recommended-plugins\class.recommended-plugins.php:81

actionpre_get_postsincludes\archive-product-render.php:64

actionpre_get_postsincludes\archive-product-render.php:79

actioninitincludes\custom-posts.php:3

actionadd_meta_boxesincludes\metaboxes.php:24

actionsave_postincludes\metaboxes.php:45

filterwoocommerce_product_add_to_cart_textincludes\rename_label.php:7

filterwoocommerce_product_single_add_to_cart_textincludes\rename_label.php:17

actionwp_enqueue_scriptsincludes\single-add-to-cart-ajax.php:3

actionwp_footerincludes\single-add-to-cart-ajax.php:15

actioninitincludes\woo_shop.php:17

actiontemplate_redirectincludes\woo_shop.php:21

filtertemplate_includeincludes\woo_shop.php:24

actionwpbforwpbakery_woocommerce_archive_product_contentincludes\woo_shop.php:27

actionwpbforwpbakery_woocommerce_archive_product_contentincludes\woo_shop.php:30

filtertemplate_includeincludes\woo_shop.php:33

filterwc_get_template_partincludes\woo_shop.php:36

actionwpbforwpbakery_woocommerce_product_contentincludes\woo_shop.php:39

actionafter_setup_themeinit.php:23

actionupdate_option_active_pluginswc-builder.php:30

actioninitwc-builder.php:45

actionplugins_loadedwc-builder.php:54

actionwp_enqueue_scriptswc-builder.php:60

actionadmin_menuwc-builder.php:89

actionplugins_loadedwc-builder.php:102

actionvc_before_initwc-builder.php:104

filterplugin_action_links_wc-builder/wc-builder.phpwc-builder.php:114

Maintenance & Trust

WC Builder – WooCommerce Page Builder for WPBakery Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 14, 2025

PHP min version5.2.4

Downloads48K

Community Trust

Rating76/100

Number of ratings6

Active installs1K

Alternatives

WC Builder – WooCommerce Page Builder for WPBakery Alternatives

ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution

shopengine

WooCommerce builder for Elementor and Gutenberg. It offers product templates, product sliders, shopping cart, quick view, Woo wishlist, product filter …

90K 4 CVEs

ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin

woolentor-addons

ShopLentor – More than a WooCommerce builder. A complete growth plugin to boost conversions, UX, and sales for your store.

90K 24 CVEs

Exclusive Addons for Elementor

exclusive-addons-for-elementor

Exclusive Addons is one of the Best Elementor Addons With 90+ Elementor Free & Pro Widgets with all the customizations options you ever imagined.

60K 24 CVEs

YayMail – WooCommerce Email Customizer

yaymail

Customize WooCommerce email templates with an advanced drag-and-drop email builder. Works great with 80+ WooCommerce Email Customizer Addons.

50K 4 CVEs

ShopBuilder – WooCommerce Builder For Elementor

shopbuilder

WooCommerce builder for Elementor includes 80+ widgets, WooCommerce templates, quick view, compare, wishlist, shop & archive page builder and more.

9K 3 CVEs

Developer Profile

WC Builder – WooCommerce Page Builder for WPBakery Developer Profile

HasThemes

14 plugins · 16K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

179 days

View full developer profile

Detection Fingerprints

How We Detect WC Builder – WooCommerce Page Builder for WPBakery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wc-builder/assets/css/main.css/wp-content/plugins/wc-builder/includes/admin/assets/css/admin_optionspanel.css/wp-content/plugins/wc-builder/includes/admin/assets/js/admin.js

Script Paths

/wp-content/plugins/wc-builder/includes/admin/assets/js/admin.js

Version Parameters

wc-builder/assets/css/main.css?ver=wc-builder/includes/admin/assets/css/admin_optionspanel.css?ver=wc-builder/includes/admin/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpbforwpbakery_archivewpbforwpbakery-single-productwpbforwpbakery-page-templatewpbforwpbakery_woo_template_tabs

Data Attributes

data-vc-full-width='true'

FAQ