WP-Safety

Landera – Ultimate Page Builder Security & Risk Analysis

wordpress.org/plugins/wp-page-builder

Landera is a drag and drop page builder which makes you to design live any layout that you can imagine.

10 active installs v2.2 PHP 5.3+ WP 3.6+ Updated Feb 26, 2020
designerdrag-and-droplanding-pagepage-buildervisual-composer
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Landera – Ultimate Page Builder Safe to Use in 2026?

Generally Safe

Score 85/100

Landera – Ultimate Page Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The "wp-page-builder" v2.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and includes a reasonable number of nonce and capability checks for its entry points. The absence of any recorded vulnerabilities and CVEs in its history is a significant strength, suggesting a generally well-maintained and secure codebase. However, there are notable areas for improvement.

The most pressing concern is the presence of 4 AJAX handlers without authentication checks. This creates a significant attack surface that could be exploited by unauthenticated users, potentially leading to unintended actions or data exposure. The use of dangerous functions like `create_function` and `unserialize` also warrants careful attention, as these can be vectors for code injection or deserialization vulnerabilities if not handled with extreme caution and robust sanitization, although no specific taint flows were identified as critical or high. The low percentage of properly escaped output (10%) is another area of concern, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities.

Overall, while the plugin benefits from a clean vulnerability history and secure SQL practices, the unprotected AJAX endpoints, dangerous function usage, and insufficient output escaping present tangible risks. Addressing these specific weaknesses would significantly enhance the plugin's security posture. Continued vigilance in code development and a focus on secure coding practices, particularly around user input and output, will be crucial for maintaining its positive security record.

Key Concerns

  • 4 unprotected AJAX handlers
  • Low percentage of proper output escaping
  • Use of dangerous function: unserialize
  • Use of dangerous function: create_function
Vulnerabilities
None known

Landera – Ultimate Page Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Landera – Ultimate Page Builder Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Landera – Ultimate Page Builder Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
1 prepared
Unescaped Output
929
103 escaped
Nonce Checks
12
Capability Checks
6
File Operations
8
External Requests
3
Bundled Libraries
2

Dangerous Functions Found

create_function$this->utf8_strlen = create_function('$text', 'return preg_match_all(helpers\styles-font-menu\classes\markdown\markdown.php:1639
unserialize$dump_post = unserialize(Zgpbld_Form_Helper::base64url_decode($imp_form));modules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:324

Bundled Libraries

DataTablesjQuery

SQL Query Safety

100% prepared1 total queries

Output Escaping

10% escaped1032 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

4 flows
ajax_save_options (modules\pagebuilder\controllers\zgpbld-fb-controller-backend.php:101)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Landera – Ultimate Page Builder Attack Surface

Entry Points23
Unprotected4

AJAX Handlers 23

authwp_ajax_zgpb_f_notice_dismissclasses\zigapage-notice.php:27
authwp_ajax_zgpb_f_notice_ratedclasses\zigapage-notice.php:28
authwp_ajax_styles-font-previewhelpers\styles-font-menu\classes\sfm-image-preview.php:28
authwp_ajax_zgpb_builder_setting_saveoptsmodules\pagebuilder\controllers\zgpbld-fb-controller-backend.php:51
authwp_ajax_zgpb_builder_blocked_getmessagemodules\pagebuilder\controllers\zgpbld-fb-controller-backend.php:55
authwp_ajax_zgpb_dismiss_upgrade_noticemodules\pagebuilder\controllers\zgpbld-fb-controller-backend.php:58
authwp_ajax_zgpb_builder_field_optionsmodules\pagebuilder\controllers\zgpbld-fb-controller-fields.php:52
authwp_ajax_zgpb_builder_save_pagemodules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:93
noprivwp_ajax_zgpb_builder_save_pagemodules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:94
authwp_ajax_zgpb_builder_exportmodules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:97
noprivwp_ajax_zgpb_builder_exportmodules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:98
authwp_ajax_zgpb_builder_refresh_menuoptionsmodules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:101
noprivwp_ajax_zgpb_builder_refresh_menuoptionsmodules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:102
authwp_ajax_zgpb_builder_importmodules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:105
noprivwp_ajax_zgpb_builder_importmodules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:106
authwp_ajax_zgpb_builder_import_processmodules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:107
noprivwp_ajax_zgpb_builder_import_processmodules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:108
authwp_ajax_zgpb_builder_get_postcontentmodules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:112
noprivwp_ajax_zgpb_builder_get_postcontentmodules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:113
authwp_ajax_zgpb_builder_get_templatemodules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:116
noprivwp_ajax_zgpb_builder_get_templatemodules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:117
authwp_ajax_zgpb_tool_replaceurlmodules\tools\controllers\backend.php:60
authwp_ajax_zgpb_tool_replaceurl_processmodules\tools\controllers\backend.php:63
WordPress Hooks 55
actionadmin_menuclasses\zgpbld-bootstrap.php:53
filterrockfm_languages_directoryclasses\zgpbld-bootstrap.php:56
filterrockfm_languages_domainclasses\zgpbld-bootstrap.php:57
filterplugin_localeclasses\zgpbld-bootstrap.php:58
actioninitclasses\zgpbld-bootstrap.php:69
actioninitclasses\zgpbld-bootstrap.php:72
actionadmin_noticesclasses\zgpbld-bootstrap.php:87
filtersite_transient_update_pluginsclasses\zgpbld-bootstrap.php:518
actionadmin_enqueue_scriptsclasses\zgpbld-bootstrap.php:524
actionedit_form_after_editorclasses\zgpbld-bootstrap.php:534
actionadmin_menuclasses\zgpbld-bootstrap.php:540
filtertiny_mce_before_initclasses\zgpbld-bootstrap.php:545
filtertiny_mce_before_initclasses\zgpbld-bootstrap.php:548
actionadmin_enqueue_scriptsclasses\zgpbld-bootstrap.php:554
actionsend_headersclasses\zgpbld-bootstrap.php:578
actionwp_enqueue_scriptsclasses\zgpbld-bootstrap.php:582
actionwp_footerclasses\zgpbld-bootstrap.php:585
filterzgbd_editor_variables_loadclasses\zgpbld-bootstrap.php:589
filtertiny_mce_before_initclasses\zgpbld-bootstrap.php:595
filtertiny_mce_before_initclasses\zgpbld-bootstrap.php:598
actionadmin_noticesclasses\zigapage-notice.php:26
filteradmin_footer_textclasses\zigapage-notice.php:31
filterthe_contenthelpers\styles-font-menu\classes\markdown\markdown.php:81
filterthe_content_rsshelpers\styles-font-menu\classes\markdown\markdown.php:82
filterget_the_excerpthelpers\styles-font-menu\classes\markdown\markdown.php:83
filterget_the_excerpthelpers\styles-font-menu\classes\markdown\markdown.php:84
filterthe_excerpthelpers\styles-font-menu\classes\markdown\markdown.php:85
filterthe_excerpt_rsshelpers\styles-font-menu\classes\markdown\markdown.php:86
filterthe_contenthelpers\styles-font-menu\classes\markdown\markdown.php:90
filterget_the_excerpthelpers\styles-font-menu\classes\markdown\markdown.php:91
filterpre_comment_contenthelpers\styles-font-menu\classes\markdown\markdown.php:102
filterpre_comment_contenthelpers\styles-font-menu\classes\markdown\markdown.php:103
filterpre_comment_contenthelpers\styles-font-menu\classes\markdown\markdown.php:104
filterget_comment_texthelpers\styles-font-menu\classes\markdown\markdown.php:105
filterget_comment_excerpthelpers\styles-font-menu\classes\markdown\markdown.php:106
filterget_comment_excerpthelpers\styles-font-menu\classes\markdown\markdown.php:107
filterplugin_row_metahelpers\styles-font-menu\classes\sfm-admin.php:24
actionadmin_menuhelpers\styles-font-menu\classes\sfm-admin.php:25
actionnetwork_admin_menuhelpers\styles-font-menu\classes\sfm-admin.php:26
actionstyles_font_menuhelpers\styles-font-menu\classes\sfm-plugin.php:125
actioninithelpers\styles-font-menu\plugin.php:21
actionadmin_noticeshelpers\styles-font-menu\plugin.php:43
actionedit_form_after_titlemodules\pagebuilder\controllers\zgpbld-fb-controller-backend.php:148
actionadmin_enqueue_scriptsmodules\pagebuilder\controllers\zgpbld-fb-controller-backend.php:149
actionadmin_enqueue_scriptsmodules\pagebuilder\controllers\zgpbld-fb-controller-backend.php:437
actionsave_postmodules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:121
actionwp_restore_post_revisionmodules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:124
filterthe_contentmodules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:131
filterzgbd_editor_variables_loadmodules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:133
filteredit_post_linkmodules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:136
filter_wp_post_revision_fieldsmodules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:139
actionadmin_bar_menumodules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:142
filterthe_contentmodules\pagebuilder\controllers\zgpbld-fb-controller-posts.php:411
actionadmin_noticeswp-page-builder.php:89
actionadmin_noticeswp-page-builder.php:122
Maintenance & Trust

Landera – Ultimate Page Builder Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedFeb 26, 2020
PHP min version5.3
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Landera – Ultimate Page Builder Alternatives

Pollen – WPBakery Page Builder Addons

Pollen – WPBakery Page Builder Addons

pollen

A
85

Pollen - WPBakery Page Builder Addons allows you to create amazing pages from ready to use templates with a single click only.

200 No CVEs
Elementor Website Builder – more than just a page builder

Elementor Website Builder – more than just a page builder

elementor

A
88

The Elementor Website Builder has it all: drag and drop page builder, Atomic Editor, pixel perfect design, global and reusable style systems, mobile r …

10.0M 50 CVEs
Page Builder: Pagelayer – Drag and Drop website builder

Page Builder: Pagelayer – Drag and Drop website builder

pagelayer

A
88

The most advanced frontend drag & drop page builder. Pagelayer is a light weight but extremely powerful Website Builder.

400K 28 CVEs
Beaver Builder Page Builder – Drag and Drop Website Builder

Beaver Builder Page Builder – Drag and Drop Website Builder

beaver-builder-lite-version

A
89

The Professional's Choice for Drag & Drop WordPress Page Building. Fast, Reliable, and Trusted since 2014.

100K 34 CVEs
Colibri Page Builder

Colibri Page Builder

colibri-page-builder

A
92

Colibri Page Builder adds drag and drop page builder functionality to the ColibriWP theme.

90K 18 CVEs
Developer Profile

Landera – Ultimate Page Builder Developer Profile

softdiscover

4 plugins · 380 total installs

91
trust score
Avg Security Score
95/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect Landera – Ultimate Page Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-page-builder/assets/css/zgpbld-frontend.css/wp-content/plugins/wp-page-builder/assets/js/zgpbld-frontend.js/wp-content/plugins/wp-page-builder/assets/css/vendor/magnific-popup.css/wp-content/plugins/wp-page-builder/assets/js/vendor/jquery.magnific-popup.js/wp-content/plugins/wp-page-builder/assets/css/vendor/owl.carousel.css/wp-content/plugins/wp-page-builder/assets/js/vendor/owl.carousel.js/wp-content/plugins/wp-page-builder/assets/css/vendor/animate.css/wp-content/plugins/wp-page-builder/assets/js/vendor/waypoints.min.js+6 more
Generator Patterns
WP Page Builder by SoftDiscover
Script Paths
/wp-content/plugins/wp-page-builder/assets/js/zgpbld-frontend.js/wp-content/plugins/wp-page-builder/assets/js/zgpbld-editor.js/wp-content/plugins/wp-page-builder/assets/js/zgpbld-admin.js
Version Parameters
wp-page-builder/assets/css/zgpbld-frontend.css?ver=wp-page-builder/assets/js/zgpbld-frontend.js?ver=wp-page-builder/assets/css/vendor/magnific-popup.css?ver=wp-page-builder/assets/js/vendor/jquery.magnific-popup.js?ver=wp-page-builder/assets/css/vendor/owl.carousel.css?ver=wp-page-builder/assets/js/vendor/owl.carousel.js?ver=wp-page-builder/assets/css/vendor/animate.css?ver=wp-page-builder/assets/js/vendor/waypoints.min.js?ver=wp-page-builder/assets/js/vendor/jquery.isotope.min.js?ver=wp-page-builder/assets/js/vendor/imagesloaded.pkgd.min.js?ver=wp-page-builder/assets/css/vendor/animate.min.css?ver=wp-page-builder/assets/js/zgpbld-editor.js?ver=wp-page-builder/assets/js/zgpbld-admin.js?ver=wp-page-builder/assets/css/zgpbld-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
zgpbld-contentzgpbld-sectionzgpbld-columnzgpbld-elementzgpbld-wrapper
HTML Comments
<!-- ZigaPageBuilder Start --><!-- ZigaPageBuilder End --><!-- start ZigaPageBuilder Section --><!-- end ZigaPageBuilder Section -->+4 more
Data Attributes
data-zgpbld-iddata-zgpbld-typedata-zgpbld-element-iddata-zgpbld-setting
JS Globals
wpZGPDBuilderzgpbld_dataZgpbldAdmin
REST Endpoints
/wp-json/zgpbld/v1/get-element-data
Shortcode Output
[zgpbld-page-builder][zgpbld-content]
FAQ

Frequently Asked Questions about Landera – Ultimate Page Builder