WP-Safety

Block Catalog Security & Risk Analysis

wordpress.org/plugins/block-catalog

Keep track of which Gutenberg Blocks are used across your site.

100 active installs v1.6.2 PHP 7.4+ WP 6.5+ Updated Apr 23, 2025
blockscustom-blocksdevelopergutenberg
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Block Catalog Safe to Use in 2026?

Generally Safe

Score 100/100

Block Catalog has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago
Risk Assessment

The "block-catalog" plugin version 1.6.2 demonstrates a strong security posture based on the provided static analysis. The absence of dangerous functions, the exclusive use of prepared statements for SQL queries, and the consistent application of output escaping are significant strengths. Furthermore, the presence of capability checks on all identified REST API routes and the lack of critical or high severity taint flows indicate a diligent approach to secure coding practices. The plugin also has no recorded vulnerabilities, which is a very positive indicator of its historical security.

Despite the overwhelmingly positive analysis, a notable area for improvement is the absence of nonce checks. While all REST API routes have capability checks, nonce checks are a crucial defense against Cross-Site Request Forgery (CSRF) attacks, especially for actions that modify data. Their absence represents a potential, albeit currently undocumented, weakness in the plugin's attack surface.

In conclusion, "block-catalog" v1.6.2 appears to be a securely developed plugin with excellent practices in place regarding data handling and output. The primary concern is the lack of nonce checks, which is a standard security measure for certain types of operations. The vulnerability history is clean, suggesting a commitment to security. Overall, the risk associated with this plugin is low, but the implementation of nonce checks would further solidify its security.

Key Concerns

  • Missing nonce checks
Vulnerabilities
None known

Block Catalog Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Block Catalog Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
0
28 escaped
Nonce Checks
0
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared8 total queries

Output Escaping

100% escaped28 total outputs
Attack Surface

Block Catalog Attack Surface

Entry Points4
Unprotected0

REST API Routes 4

POST/wp-json/block-catalog/v1/posts/includes\classes\RESTSupport.php:35
POST/wp-json/block-catalog/v1/index/includes\classes\RESTSupport.php:54
POST/wp-json/block-catalog/v1/terms/includes\classes\RESTSupport.php:73
POST/wp-json/block-catalog/v1/delete-index/includes\classes\RESTSupport.php:85
WordPress Hooks 12
actionrestrict_manage_postsincludes\classes\BlockCatalogTaxonomy.php:65
actionrest_api_initincludes\classes\RESTSupport.php:19
actionadmin_menuincludes\classes\ToolsPage.php:26
actioninitincludes\core.php:23
actioninitincludes\core.php:24
actionwp_enqueue_scriptsincludes\core.php:25
actionadmin_enqueue_scriptsincludes\core.php:26
actionadmin_enqueue_scriptsincludes\core.php:27
actionsave_postincludes\core.php:28
actionadmin_noticesincludes\core.php:29
filterscript_loader_tagincludes\core.php:32
filterwpcom_pushpress_should_send_pingincludes\utility.php:46
Maintenance & Trust

Block Catalog Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedApr 23, 2025
PHP min version7.4
Downloads149K

Community Trust

Rating100/100
Number of ratings1
Active installs100
Alternatives

Block Catalog Alternatives

Blockenberg — 600+ Advanced Gutenberg Blocks for WordPress Block Editor

Blockenberg — 600+ Advanced Gutenberg Blocks for WordPress Block Editor

blockenberg

A
100

600+ Gutenberg blocks for layouts, content, media, marketing, charts, calculators, testimonials, tables, maps, videos and more.

400 No CVEs
Block Designer – Create Custom Blocks for Gutenberg Editor

Block Designer – Create Custom Blocks for Gutenberg Editor

block-designer

A
100

Create and design custom blocks for the WordPress Gutenberg Block Editor without any line of code.

100 No CVEs
Embed Block for Figma

Embed Block for Figma

embed-block-figma

A
100

Display Figma files using an Embed block.

100 No CVEs
Wicked Block Builder

Wicked Block Builder

wicked-block-builder

A
100

Create your own custom blocks and patterns in as little as a few minutes!

10 No CVEs
Caledros Basic Blocks

Caledros Basic Blocks

caledros-basic-blocks

A
100

Introduces 18 lightweight blocks for the Gutenberg editor. Also includes an optional preloader for CSS stylesheets to enhance performance.

0 No CVEs
Developer Profile

Block Catalog Developer Profile

10up

23 plugins · 1.4M total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
546 days
View full developer profile
Detection Fingerprints

How We Detect Block Catalog

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/block-catalog/dist/tools.js/wp-content/plugins/block-catalog/dist/styles.css/wp-content/plugins/block-catalog/dist/admin-scripts.js/wp-content/plugins/block-catalog/dist/admin-styles.css
Script Paths
/wp-content/plugins/block-catalog/dist/tools.js/wp-content/plugins/block-catalog/dist/admin-scripts.js
Version Parameters
block-catalog/dist/tools.js?ver=block-catalog/dist/styles.css?ver=block-catalog/dist/admin-scripts.js?ver=block-catalog/dist/admin-styles.css?ver=

HTML / DOM Fingerprints

CSS Classes
block-catalog-post-type
Data Attributes
data-block-catalog-index-urldata-block-catalog-delete-index-url
JS Globals
block_catalog
REST Endpoints
/wp-json/block-catalog/v1/posts/wp-json/block-catalog/v1/index/wp-json/block-catalog/v1/terms/wp-json/block-catalog/v1/delete-index
FAQ

Frequently Asked Questions about Block Catalog