WP-Safety

WP Layouts Security & Risk Analysis

wordpress.org/plugins/wp-layouts

Save, store and import layouts instantly, all in one place with the click of a button!

3K active installs v0.6.22 PHP + WP 5.0+ Updated May 14, 2024
exportimportlayoutlayoutstemplate
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Layouts Safe to Use in 2026?

Generally Safe

Score 92/100

WP Layouts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The wp-layouts plugin version 0.6.22 exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and a high percentage of properly escaped output, significant concerns arise from its attack surface. A substantial number of AJAX handlers (13 out of 19) lack authentication checks, creating potential entry points for unauthorized actions. The presence of the 'unserialize' function is also a notable risk, as improper handling of serialized data can lead to remote code execution vulnerabilities, although no specific flows were flagged as critical or high severity in the taint analysis.

The plugin's vulnerability history is exceptionally clean, with zero recorded CVEs across all severity levels. This absence of past vulnerabilities, coupled with the evident use of prepared statements and nonces (18 checks), suggests a development team that is at least aware of common security pitfalls. However, the static analysis clearly indicates that the attack surface, particularly the unprotected AJAX endpoints, represents the most immediate and concerning risk. The lack of any recorded vulnerabilities does not negate the potential for new ones to emerge, especially given the unprotected entry points.

In conclusion, while the plugin benefits from a clean vulnerability history and strong SQL and output sanitization, the large number of unprotected AJAX endpoints presents a significant weakness. The potential risk associated with the 'unserialize' function also warrants attention. Addressing the unprotected AJAX handlers should be a priority to improve the overall security posture.

Key Concerns

  • Unprotected AJAX handlers
  • Use of dangerous function: unserialize
Vulnerabilities
None known

WP Layouts Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP Layouts Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
6 prepared
Unescaped Output
23
116 escaped
Nonce Checks
18
Capability Checks
9
File Operations
21
External Requests
3
Bundled Libraries
1

Dangerous Functions Found

unserialize$job = @unserialize(@base64_decode( implode('', $jobChunks) ));includes\downloader.php:43
unserialize$options = @unserialize(@base64_decode($data));includes\site-import\aspen-importer.php:420

Bundled Libraries

DataTables

SQL Query Safety

100% prepared6 total queries

Output Escaping

83% escaped139 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

10 flows4 with unsanitized paths
run (includes\get_image.php:15)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
13 unprotected

WP Layouts Attack Surface

Entry Points19
Unprotected13

AJAX Handlers 19

authwp_ajax_ags_layouts_getags-layouts.php:124
authwp_ajax_ags_layouts_get_read_keyags-layouts.php:125
authwp_ajax_ags_layouts_get_imageags-layouts.php:126
authwp_ajax_ags-layouts-aiil-notice-dismissags-layouts.php:445
authwp_ajax_ags_layouts_exportincludes\export-ajax.php:8
authwp_ajax_ags_layouts_updateincludes\export-ajax.php:9
authwp_ajax_ags_layouts_deleteincludes\export-ajax.php:10
authwp_ajax_ags_layouts_listincludes\export-ajax.php:11
authwp_ajax_ags_layouts_packageincludes\export-ajax.php:12
authwp_ajax_ags_layouts_get_widgets_exportincludes\export-ajax.php:13
authwp_ajax_ags_layouts_get_caldera_forms_exportincludes\export-ajax.php:14
authwp_ajax_ags_layouts_get_theme_plugin_options_exportincludes\export-ajax.php:15
authwp_ajax_ags_layouts_get_menu_assignments_exportincludes\export-ajax.php:16
authwp_ajax_ags_layouts_get_divi_module_presets_exportincludes\export-ajax.php:17
authwp_ajax_ags_layouts_site_importincludes\site-import\functions.php:12
authwp_ajax_ags_layouts_bb_get_nodesintegrations\BeaverBuilder\BeaverBuilder.php:20
authwp_ajax_ags_layouts_get_temp_layout_contentsintegrations\Divi\Divi.php:21
authwp_ajax_ags_layouts_get_tb_templatesintegrations\Divi\Divi.php:22
authwp_ajax_ags_layouts_get_tb_idintegrations\Divi\Divi.php:23
WordPress Hooks 42
actionadmin_menuags-layouts.php:122
actionadmin_enqueue_scriptsags-layouts.php:123
actioninitags-layouts.php:128
filteret_builder_load_requestsags-layouts.php:130
actionwp_enqueue_scriptsags-layouts.php:141
filterthe_contentincludes\export-ajax.php:22
filteret_builder_load_requestsincludes\export-ajax.php:26
actionexport_wpincludes\export-ajax.php:37
filterthe_contentincludes\export-ajax.php:194
filterqueryincludes\export-ajax.php:226
actionwpincludes\previewer.php:14
filterthe_titleincludes\previewer.php:44
actionwp_footerincludes\previewer.php:47
actionadmin_print_footer_scriptsincludes\previewer.php:51
filterbody_classincludes\previewer.php:53
filteradmin_body_classincludes\previewer.php:54
actionadmin_print_footer_scriptsincludes\previewer.php:55
filterwp_revisions_to_keepincludes\previewer.php:139
actionpre_get_postsincludes\previewer.php:284
actiondeleted_userincludes\previewer.php:285
actionremove_user_from_blogincludes\previewer.php:286
filteradd_post_metadataincludes\site-import\aspen-importer.php:374
filterags_layouts_wp_import_dataincludes\site-import\compatibility\woocommerce\content_terms.php:10
filterimport_post_meta_keyincludes\site-import\wordpress-importer.php:67
actionwp_enqueue_scriptsintegrations\BeaverBuilder\BeaverBuilder.php:19
filterfl_builder_main_menuintegrations\BeaverBuilder\BeaverBuilder.php:21
filterfl_builder_ui_bar_buttonsintegrations\BeaverBuilder\BeaverBuilder.php:22
filterfl_builder_node_statusintegrations\BeaverBuilder\BeaverBuilder.php:122
actionadmin_enqueue_scriptsintegrations\Divi\Divi.php:18
actionwp_enqueue_scriptsintegrations\Divi\Divi.php:19
filteret_builder_library_modal_custom_tabsintegrations\Divi\Divi.php:25
actionelementor/editor/before_enqueue_scriptsintegrations\Elementor\Elementor.php:18
filterags_layouts_screenshot_content_unfilteredintegrations\Elementor\Elementor.php:20
filterags_layouts_screenshot_content_filteredintegrations\Elementor\Elementor.php:21
filterelementor/document/urls/previewintegrations\Elementor\Elementor.php:23
filterelementor/frontend/builder_content_dataintegrations\Elementor\Elementor.php:38
actionadmin_enqueue_scriptsintegrations\Gutenberg\Gutenberg.php:17
actionadd_meta_boxesintegrations\Gutenberg\Gutenberg.php:18
filterblock_categoriesintegrations\Gutenberg\Gutenberg.php:19
actioninitintegrations\SiteImporter\SiteImporter.php:169
actiondeleted_userintegrations\SiteImporter\SiteImporter.php:170
actionremove_user_from_blogintegrations\SiteImporter\SiteImporter.php:171
Maintenance & Trust

WP Layouts Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedMay 14, 2024
PHP min version
Downloads75K

Community Trust

Rating86/100
Number of ratings6
Active installs3K
Alternatives

WP Layouts Alternatives

Extendify

Extendify

extendify

A
100

The best WordPress templates, pattern, and layout library with 1,000+ designs built for the Gutenberg block editor.

500K No CVEs
Layouts for WPBakery

Layouts for WPBakery

layouts-for-wpbakery

A
100

Layouts for WPBakery is a beautifully designed free layout for famous WordPress WPBakery page builders.

3K No CVEs
Post Layouts for Gutenberg

Post Layouts for Gutenberg

post-layouts

B
79

A beautiful post layouts block to showcase your posts in grid and list layout with multiple templates availability.

2K 1 unpatched
Layouts for Divi

Layouts for Divi

layouts-for-divi

A
100

Layouts for Divi is a beautifully designed free layout for famous WordPress Divi page builders.

1K No CVEs
Timeline Blocks for Gutenberg

Timeline Blocks for Gutenberg

timeline-blocks

A
100

A beautiful timeline layout block to showcase your posts in timeline presentation.

500 No CVEs
Developer Profile

WP Layouts Developer Profile

WP Zone

21 plugins · 40K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
124 days
View full developer profile
Detection Fingerprints

How We Detect WP Layouts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-layouts/dist/assets/css/ags-layouts-admin.css/wp-content/plugins/wp-layouts/dist/assets/js/ags-layouts-admin.js/wp-content/plugins/wp-layouts/dist/assets/css/ags-layouts-frontend.css/wp-content/plugins/wp-layouts/dist/assets/js/ags-layouts-frontend.js/wp-content/plugins/wp-layouts/includes/previewer.js/wp-content/plugins/wp-layouts/includes/previewer.css
Script Paths
/wp-content/plugins/wp-layouts/dist/assets/js/ags-layouts-admin.js/wp-content/plugins/wp-layouts/dist/assets/js/ags-layouts-frontend.js/wp-content/plugins/wp-layouts/includes/previewer.js
Version Parameters
wp-layouts/dist/assets/css/ags-layouts-admin.css?ver=wp-layouts/dist/assets/js/ags-layouts-admin.js?ver=wp-layouts/dist/assets/css/ags-layouts-frontend.css?ver=wp-layouts/dist/assets/js/ags-layouts-frontend.js?ver=wp-layouts/includes/previewer.js?ver=

HTML / DOM Fingerprints

CSS Classes
ags-layouts-adminags-layouts-frontendags-layouts-previewer
HTML Comments
WP Layouts pluginCopyright (C) 2024 WP ZoneThis program is free software: you can redistribute it and/or modifyThis program is distributed in the hope that it will be useful,+10 more
Data Attributes
ags_layouts_previewags_layouts_export
JS Globals
AGSLayoutsAGSLayoutsPreviewerAGSLayoutsSiteImporterAGSLayoutsAccount
REST Endpoints
/wp-json/wp-layouts/v1/layouts
FAQ

Frequently Asked Questions about WP Layouts