WP-Safety

WP XPRS – Page Builder Security & Risk Analysis

wordpress.org/plugins/wp-xprs-page-builder

XPRS is a visual page builder that allows you to easily create pages and layouts without any code.

10 active installs v1.1.1 PHP + WP 3.0.1+ Updated Oct 19, 2015
builderlanding-page-builderlanding-pageslayout-builderpage-builder
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is WP XPRS – Page Builder Safe to Use in 2026?

Generally Safe

Score 85/100

WP XPRS – Page Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The "wp-xprs-page-builder" plugin v1.1.1 exhibits a generally positive security posture based on the provided static analysis. The absence of known CVEs and the strict adherence to prepared statements for SQL queries are significant strengths. The presence of nonces and capability checks indicates an awareness of basic WordPress security mechanisms.

However, there are notable areas for improvement. The low percentage of properly escaped output (25%) is a significant concern, suggesting a high potential for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled carefully in the remaining output contexts. The single identified flow with unsanitized paths, even without a critical severity rating, warrants investigation as it could potentially lead to unintended file access or manipulation. The single external HTTP request also presents a potential attack vector if not implemented with robust validation and error handling.

Overall, while the plugin has a clean vulnerability history and employs some good security practices, the insufficient output escaping and the presence of an unsanitized path flow introduce notable risks. Continued vigilance in code reviews and updates, particularly concerning output sanitization, is recommended.

Key Concerns

  • Low output escaping rate
  • Unsanitized path flow detected
  • Single external HTTP request
Vulnerabilities
None known

WP XPRS – Page Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

WP XPRS – Page Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
18
6 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

25% escaped24 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
homepage (wp-xprs.php:206)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP XPRS – Page Builder Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 11
actionadd_meta_boxeswp-xprs.php:12
actionsave_postwp-xprs.php:13
actionwpwp-xprs.php:15
actioninitwp-xprs.php:16
filterpost_row_actionswp-xprs.php:18
filterpage_row_actionswp-xprs.php:19
actionadmin_menuwp-xprs.php:21
actionadmin_bar_menuwp-xprs.php:23
filtermod_rewrite_ruleswp-xprs.php:163
filtermod_rewrite_ruleswp-xprs.php:192
filtercomments_templatewp-xprs.php:259
Maintenance & Trust

WP XPRS – Page Builder Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34
Last updatedOct 19, 2015
PHP min version
Downloads9K

Community Trust

Rating64/100
Number of ratings6
Active installs10
Alternatives

WP XPRS – Page Builder Alternatives

ONTRApages

ONTRApages

ontrapages

A
85

ONTRApages for WordPress allows Ontraport Premium users to connect to their accounts and easily publish their landing pages on their own WordPress sit …

1K No CVEs
Templates For PluginOps Landing Page Builder

Templates For PluginOps Landing Page Builder

post-list-wp

A
85

Templates for Landing Page Builder By PluginOps.

200 No CVEs
EngageBay Landing Pages – Responsive landing pages for lead generation and conversions

EngageBay Landing Pages – Responsive landing pages for lead generation and conversions

engagebay-landing-page-builder

A
100

The simplest way to create beautiful, responsive and high converting landing pages in minutes without writing any code. Improve conversion rates, run …

100 No CVEs
Mesh – Page Builder

Mesh – Page Builder

mesh

A
85

A page builder, simplified. Get the most flexibility to display content by adding multiple content sections within Pages, Posts, or Custom Post Types.

70 No CVEs
LandingRabbit

LandingRabbit

landingrabbit

A
100

Bring your LandingRabbit pages into WordPress and publish them with Elementor and Gutenberg.

0 No CVEs
Developer Profile

WP XPRS – Page Builder Developer Profile

imxprs

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP XPRS – Page Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-xprs-page-builder/assets/css/wp-xprs-backend.css/wp-content/plugins/wp-xprs-page-builder/assets/css/wp-xprs-frontend.css/wp-content/plugins/wp-xprs-page-builder/assets/js/wp-xprs-backend.js/wp-content/plugins/wp-xprs-page-builder/assets/js/wp-xprs-frontend.js
Script Paths
/wp-content/plugins/wp-xprs-page-builder/assets/js/wp-xprs-backend.js/wp-content/plugins/wp-xprs-page-builder/assets/js/wp-xprs-frontend.js
Version Parameters
wp-xprs-page-builder/assets/css/wp-xprs-backend.css?ver=wp-xprs-page-builder/assets/css/wp-xprs-frontend.css?ver=wp-xprs-page-builder/assets/js/wp-xprs-backend.js?ver=wp-xprs-page-builder/assets/js/wp-xprs-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
wp_xprs_containerwp_xprs_section
HTML Comments
<!-- WPxprs: Begin Custom htaccess --><!-- WPxprs: End Custom htaccess -->
Data Attributes
data-wp_xprs_vbiddata-wp_xprs_modedata-wp_xprs_settings
JS Globals
wp_xprs_configwp_xprs_admin
FAQ

Frequently Asked Questions about WP XPRS – Page Builder