Does Draft – Tailwind CSS for WordPress. have any unpatched vulnerabilities?

Yes — Draft – Tailwind CSS for WordPress. currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Draft – Tailwind CSS for WordPress. compatible with WordPress 6.6.5?

According to WordPress.org data, Draft – Tailwind CSS for WordPress. 3.0.9 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Draft – Tailwind CSS for WordPress. compatible with PHP 5.6+?

Draft – Tailwind CSS for WordPress. requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Draft – Tailwind CSS for WordPress. updated?

Draft – Tailwind CSS for WordPress. was last updated on Sep 23, 2024. Frequent updates are generally a positive security signal.

What is Draft – Tailwind CSS for WordPress.'s security score?

Draft – Tailwind CSS for WordPress. has a WP-Safety security score of 70/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Draft – Tailwind CSS for WordPress. Security & Risk Analysis

wordpress.org/plugins/website-builder

Add Tailwind CSS to WordPress, in seconds.

700 active installs v3.0.9 PHP 5.6+ WP 5.0+ Updated Sep 23, 2024

blocksresponsivetailwindtailwind-csstailwindcss

B · Generally Safe

CVEs total1

Unpatched1

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is Draft – Tailwind CSS for WordPress. Safe to Use in 2026?

Mostly Safe

Score 70/100

Draft – Tailwind CSS for WordPress. is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Sep 22, 2025Updated 1yr ago

Risk Assessment

The "website-builder" plugin v3.0.9 exhibits a mixed security posture. On the positive side, the static analysis reveals a remarkably small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, the plugin demonstrates a strong commitment to database security by exclusively using prepared statements for all SQL queries, and it appears to avoid direct file operations and external HTTP requests.

However, significant concerns arise from the output escaping and vulnerability history. The fact that 100% of the single identified output is not properly escaped presents a clear Cross-Site Scripting (XSS) risk. This is further amplified by the plugin's vulnerability history, which shows one known medium-severity CVE for XSS that is currently unpatched. The recency of this vulnerability (2025-09-22) suggests ongoing issues with input sanitization and output encoding.

In conclusion, while the plugin has some foundational security strengths in its limited attack surface and SQL practices, the unpatched XSS vulnerability and the lack of proper output escaping are critical weaknesses that expose users to significant risk. The plugin needs immediate attention to address the identified XSS vulnerability and implement robust output escaping mechanisms.

Key Concerns

Unpatched CVE (Medium Severity)
100% of outputs unescaped

Vulnerabilities

Draft – Tailwind CSS for WordPress. Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-58033medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Draft <= 3.0.9 - Authenticated (Editor+) Stored Cross-Site Scripting

Sep 22, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Draft – Tailwind CSS for WordPress. Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped1 total outputs

Attack Surface

Draft – Tailwind CSS for WordPress. Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 12

actionadmin_menuincludes\Admin.php:23

actionenqueue_block_assetsincludes\EnqueueAssets.php:27

actionwp_enqueue_scriptsincludes\EnqueueAssets.php:29

actionadmin_enqueue_scriptsincludes\EnqueueAssets.php:30

actionwp_headincludes\EnqueueAssets.php:32

actioninitincludes\LoadTranslations.php:22

actionplugins_loadedincludes\LoadTranslations.php:23

actioninitincludes\RegisterPluginSettings.php:25

actionenqueue_block_assetsincludes\RegisterPluginSettings.php:28

actionadmin_enqueue_scriptsincludes\RegisterPluginSettings.php:29

actionrest_api_initincludes\RegisterRestAPI.php:25

filterrest_pre_dispatchincludes\RegisterRestAPI.php:26

Maintenance & Trust

Draft – Tailwind CSS for WordPress. Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedSep 23, 2024

PHP min version5.6

Downloads12K

Community Trust

Rating100/100

Number of ratings4

Active installs700

Alternatives

Draft – Tailwind CSS for WordPress. Alternatives

WindPress – Tailwind CSS integration for WordPress

windpress

100

Integrate Tailwind CSS 3 or 4 into WordPress easily, in seconds. Works well with the block editor, page builders, plugins, themes, and custom code.

3K No CVEs

Aspect Blocks

aspect-blocks

🌐 Aspect Blocks is a Gutenberg plugin that leverages Tailwind CSS for seamless style customization, providing a modern and responsive design. 🌟

0 No CVEs

Responsive Navigation Block

getdave-responsive-navigation-block

100

Complete control over your navigation menus based on screen size including styles and menu items.

1K No CVEs

Visibility Controls for Editor Blocks

visibility-controls-for-editor-blocks

100

Easily hide or show Gutenberg blocks on mobile, tablet, and desktop devices using customizable breakpoints for responsive design.

700 No CVEs

Block Enhancements – Extended styling for the Block Editor

block-enhancements

100

Add icon, responsive spacing, typography, alignment, shadow, transform, transition, color, hover style to blocks. Lightweight, fast, and clean.

600 No CVEs

Developer Profile

Draft – Tailwind CSS for WordPress. Developer Profile

leeshadle

1 plugin · 700 total installs

trust score

Avg Security Score

70/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Draft – Tailwind CSS for WordPress.

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/website-builder/build/index.js/wp-content/plugins/website-builder/build/admin.js/wp-content/plugins/website-builder/build/tailwind.cdn.js/wp-content/plugins/website-builder/build/admin.css/wp-content/plugins/website-builder/build/style-index.css/wp-content/plugins/website-builder/build/index.css

Script Paths

/wp-content/plugins/website-builder/build/index.js/wp-content/plugins/website-builder/build/admin.js/wp-content/plugins/website-builder/build/tailwind.cdn.js

Version Parameters

website-builder?ver=website-builder.css?ver=

HTML / DOM Fingerprints

CSS Classes

draft-component-wrapperdraft-page-builder-settings

Data Attributes

data-draft-settingsdata-draft-component

JS Globals

WebsiteBuilderdraftSettingsdraftComponent

REST Endpoints

/wp-json/website-builder/v1/settings/wp-json/website-builder/v1/get-site-settings/wp-json/website-builder/v1/get-page-settings/wp-json/website-builder/v1/get-all-posts

Shortcode Output

[website_builder][website_builder id=[website_builder title=[website_builder slug=

FAQ