WP-Safety

Header Builder for Elementor by WPDaddy Security & Risk Analysis

wordpress.org/plugins/wpdaddy-header-builder

WPDaddy header builder was developed for Elementor page builder.

200 active installs v1.0.2 PHP 7.1+ WP 5.0+ Updated Oct 15, 2020
elementorheaderheader-builderheader-builder-for-elementorsticky-header
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Header Builder for Elementor by WPDaddy Safe to Use in 2026?

Generally Safe

Score 85/100

Header Builder for Elementor by WPDaddy has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The "wpdaddy-header-builder" plugin exhibits a mixed security posture. While it demonstrates good practices by exclusively using prepared statements for SQL queries and performing capability checks on one identified entry point, significant concerns remain. The plugin has a total of one entry point, which is a REST API route, and this route is not protected by any permission callback. This exposes a direct path for unauthenticated attackers to interact with the plugin's functionality, posing a considerable risk.

Taint analysis shows no unsanitized paths, which is a positive sign. However, the static analysis reveals that only 67% of output is properly escaped, indicating a potential for cross-site scripting (XSS) vulnerabilities. Furthermore, the plugin performs four file operations, which, in conjunction with the unprotected REST API route, could potentially be leveraged for malicious file manipulation if not handled with extreme care.

The plugin has no recorded vulnerability history, which might suggest a history of secure development or a lack of past scrutiny. However, this lack of history should not be a reason for complacency, especially given the identified unprotected REST API endpoint. The plugin's strengths lie in its secure SQL handling and nonce checks, but these are overshadowed by the critical vulnerability of an unprotected REST API route and the concern of insufficient output escaping.

Key Concerns

  • Unprotected REST API route without permission callback
  • Insufficient output escaping (33% not properly escaped)
Vulnerabilities
None known

Header Builder for Elementor by WPDaddy Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Header Builder for Elementor by WPDaddy Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Header Builder for Elementor by WPDaddy Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
6
12 escaped
Nonce Checks
1
Capability Checks
1
File Operations
4
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

67% escaped18 total outputs
Attack Surface
1 unprotected

Header Builder for Elementor by WPDaddy Attack Surface

Entry Points1
Unprotected1

REST API Routes 1

GET/wp-json/wpda-builder/v2/wpda-builder/getcore\trait-rest.php:27
WordPress Hooks 27
actionwp_headcore\class-buffer.php:25
actionadmin_bar_menucore\class-frontend.php:29
actionwp_enqueue_scriptscore\class-frontend.php:70
actionwpcore\class-init.php:29
filterelementor/document/urls/previewcore\class-init.php:31
actionelementor/documents/registercore\class-init.php:45
filtersingle_templatecore\class-init.php:46
actionmanage_elementor_library_posts_custom_columncore\class-init.php:55
filtermanage_elementor_library_posts_columnscore\class-init.php:56
actionadmin_menucore\class-menu.php:19
actionrest_api_initcore\class-settings.php:40
actionadmin_print_scripts-elementor_library_page_wpda-builder-settingscore\class-settings.php:41
actionwp_enqueue_scriptscore\elementor\index.php:60
actionadmin_enqueue_scriptscore\elementor\index.php:61
actionelementor/frontend/after_enqueue_scriptscore\elementor\index.php:63
actionelementor/frontend/after_enqueue_stylescore\elementor\index.php:64
actionelementor/editor/after_enqueue_scriptscore\elementor\index.php:65
actionelementor/widgets/widgets_registeredcore\elementor\index.php:67
filterwoocommerce_add_to_cart_fragmentscore\elementor\index.php:71
actionelementor/frontend/section/before_rendercore\elementor\modify\class-section.php:32
actionelementor/elements/elements_registeredcore\elementor\modify\class-section.php:33
actionrest_api_initcore\trait-rest.php:19
actionadmin_noticeswpda-builder.php:24
actionadmin_noticeswpda-builder.php:26
actionplugins_loadedwpda-builder.php:28
actionelementor/initwpda-builder.php:38
actioninitwpda-builder.php:39
Maintenance & Trust

Header Builder for Elementor by WPDaddy Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18
Last updatedOct 15, 2020
PHP min version7.1
Downloads7K

Community Trust

Rating100/100
Number of ratings3
Active installs200
Alternatives

Header Builder for Elementor by WPDaddy Alternatives

BuildWithGuru Sticky Header & Footer Builder for Elementor

BuildWithGuru Sticky Header & Footer Builder for Elementor

buildwithguru

A
100

Create custom headers and footers with Elementor and apply optional sticky behavior on scroll. Lightweight and compatible with most WordPress themes.

40 No CVEs
Sticky Header Effects for Elementor

Sticky Header Effects for Elementor

sticky-header-effects-for-elementor

A
99

Create advanced Sticky Headers in Elementor Free or Pro with scroll effects, blur, shrink, hide on scroll & full responsive controls.

300K 1 CVE
JetSticky For Elementor

JetSticky For Elementor

jetsticky-for-elementor

A
85

JetSticky is the plugin which allows to make the sections and columns built with Elementor sticky!

30K No CVEs
Xpro Theme Builder For Elementor – FREE

Xpro Theme Builder For Elementor – FREE

xpro-theme-builder

A
98

Try FREE Theme Builder for Elementor with 50+ FREE widgets. Create a custom header, footer, singular, and archive layout in no time.

10K 2 CVEs
Boostify Header Footer Builder for Elementor

Boostify Header Footer Builder for Elementor

boostify-header-footer-builder

A
89

Create Header, Footer and Mega menu for your WordPress website using Elementor Page Builder for free.

8K 4 CVEs
Developer Profile

Header Builder for Elementor by WPDaddy Developer Profile

wpDataTables

11 plugins · 71K total installs

71
trust score
Avg Security Score
88/100
Avg Patch Time
924 days
View full developer profile
Detection Fingerprints

How We Detect Header Builder for Elementor by WPDaddy

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpdaddy-header-builder/dist/css/frontend/panel.css/wp-content/plugins/wpdaddy-header-builder/dist/js/frontend/panel.js
Script Paths
/wp-content/plugins/wpdaddy-header-builder/dist/js/frontend/panel.js
Version Parameters
wpdaddy-header-builder/dist/css/frontend/panel.css?ver=wpdaddy-header-builder/dist/js/frontend/panel.js?ver=

HTML / DOM Fingerprints

Data Attributes
wpda-show-panel_wpda_nonce_wpda_nonce_settings
JS Globals
WPDA_PANEL_ENABLED
REST Endpoints
/wpda-builder/v2/settings/save/wpda-builder/v2/settings/get
FAQ

Frequently Asked Questions about Header Builder for Elementor by WPDaddy