Does WP Sitebuilder have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Sitebuilder have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Sitebuilder compatible with WordPress 4.6.30?

According to WordPress.org data, WP Sitebuilder 0.0.2.4 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

How often is WP Sitebuilder updated?

WP Sitebuilder was last updated on Dec 1, 2016. Frequent updates are generally a positive security signal.

What is WP Sitebuilder's security score?

WP Sitebuilder has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Sitebuilder Security & Risk Analysis

wordpress.org/plugins/wp-sitebuilder

This plugin is to let you build your site quite easily without any coding with easy to use pagebuilder

10 active installs v0.0.2.4 PHP + WP 3.0.1+ Updated Dec 1, 2016

sitebuilderwp-sitebuilderwp-total-managerwpmanager

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Sitebuilder Safe to Use in 2026?

Generally Safe

Score 85/100

WP Sitebuilder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The wp-sitebuilder plugin version 0.0.2.4 exhibits a concerning security posture primarily due to its unprotected AJAX handlers. With 5 AJAX handlers identified and all 5 lacking authentication checks, this presents a significant attack surface. Any user, including unauthenticated ones, can trigger these functions, potentially leading to unauthorized actions or information disclosure. While the plugin demonstrates good practices in SQL query handling and has no known CVEs, these strengths are overshadowed by the critical flaw in its AJAX endpoint security. The lack of taint analysis results is not necessarily a positive sign; it may indicate the analysis tool was unable to perform this crucial step, rather than an absence of vulnerabilities.

The plugin's vulnerability history is clean, which is a positive indicator. However, this alone does not mitigate the immediate risks posed by the exposed AJAX endpoints. The limited number of capability checks and nonce checks (3 each) further exacerbates the situation, as these are fundamental security mechanisms for WordPress plugins. The low percentage of properly escaped output (15%) is also a significant concern, suggesting a high probability of cross-site scripting (XSS) vulnerabilities, especially when combined with the unprotected AJAX handlers. While the absence of dangerous functions and external HTTP requests is beneficial, the overall security is severely compromised by the lack of authentication on its primary entry points.

Key Concerns

5 unprotected AJAX handlers
15% output properly escaped (implies 85% unescaped)
Only 3 capability checks
Only 3 nonce checks

Vulnerabilities

None known

WP Sitebuilder Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Sitebuilder Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

181

33 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

15% escaped214 total outputs

Attack Surface

5 unprotected

WP Sitebuilder Attack Surface

Entry Points5

Unprotected5

AJAX Handlers 5

authwp_ajax_wpsb_grab_element_dataincludes\ajax-actions.php:6

authwp_ajax_wpsb_update_previewincludes\ajax-actions.php:35

authwp_ajax_wpsb_disabled_pagebuilder_for_post_typesincludes\ajax-actions.php:50

authwp_ajax_sbrm_save_role_caps_datamodules\role-manager\ajaxaction.php:10

authwp_ajax_wpsb_remove_betawp-sitebuilder.php:56

WordPress Hooks 32

actionadmin_menuadd-on.php:8

actionwidgets_initelements\button.php:81

actionwidgets_initelements\call-to-action.php:87

actionwidgets_initelements\carousel-slider.php:260

actionwidgets_initelements\embedded-video.php:61

actionwidgets_initelements\features.php:229

actionwidgets_initelements\image.php:69

actionwidgets_initelements\post-carousel.php:299

actionwidgets_initelements\post-loop-bk.php:245

actionwidgets_initelements\post-loop.php:197

actionwidgets_initelements\rich-text.php:69

actionwidgets_initelements\social-media-button.php:144

actionwidgets_initelements\title.php:89

actionadd_meta_boxesincludes\admin\pagebuilder-panel.php:9

actionedit_form_after_titleincludes\admin\pagebuilder-panel.php:10

actionsave_postincludes\admin\pagebuilder-panel.php:11

filterwpsb_widget_element_listincludes\admin\pagebuilder-panel.php:14

filterwpsb_widget_element_listincludes\admin\pagebuilder-panel.php:15

filterwpsb_widget_element_list_labelsincludes\admin\pagebuilder-panel.php:16

filterwpsb_widget_element_list_labelsincludes\admin\pagebuilder-panel.php:17

actionadd_meta_boxesincludes\admin\templates-panel.php:8

actionsave_postincludes\admin\templates-panel.php:9

filtersingle_templateincludes\admin\templates-panel.php:10

actionthe_contentincludes\content.php:6

actionwpsb_admin_menumodules\role-manager\role-manager.php:31

actionadmin_enqueue_scriptsmodules\role-manager\role-manager.php:32

actionadmin_enqueue_scriptswp-sitebuilder.php:48

actionwp_enqueue_scriptswp-sitebuilder.php:49

actionadmin_menuwp-sitebuilder.php:50

actionadmin_noticeswp-sitebuilder.php:60

actionadmin_footerwp-sitebuilder.php:61

actionin_plugin_update_message-wp-sitebuilder/wp-sitebuilder.phpwp-sitebuilder.php:204

Maintenance & Trust

WP Sitebuilder Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedDec 1, 2016

PHP min version

Downloads5K

Community Trust

Rating74/100

Number of ratings3

Active installs10

Alternatives

WP Sitebuilder Alternatives

No alternatives data available yet.

Developer Profile

WP Sitebuilder Developer Profile

Mithu A Quayium

16 plugins · 500 total installs

trust score

Avg Security Score

86/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Sitebuilder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-sitebuilder/assets/css/wrapper-bs.min.css/wp-content/plugins/wp-sitebuilder/assets/css/vue-ui-widgets.min.css/wp-content/plugins/wp-sitebuilder/assets/css/framework.min.css/wp-content/plugins/wp-sitebuilder/assets/css/admin/admin.min.css/wp-content/plugins/wp-sitebuilder/assets/css/admin/element.admin.min.css/wp-content/plugins/wp-sitebuilder/assets/js/vue.min.js/wp-content/plugins/wp-sitebuilder/assets/js/vue-ui-widgets.js/wp-content/plugins/wp-sitebuilder/assets/js/components.js+4 more

HTML / DOM Fingerprints

CSS Classes

wpsb-beta-notice

JS Globals

wpsb_obj

FAQ