WP-Safety

Block Editor Colors Security & Risk Analysis

wordpress.org/plugins/block-editor-colors

Change Gutenberg block editor colors or create new ones.

3K active installs v1.2.6 PHP 5.6+ WP 5.0+ Updated Jun 11, 2025
color-palettecustomizeeditor-color-palettegutenberggutenberg-colors
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Block Editor Colors Safe to Use in 2026?

Generally Safe

Score 100/100

Block Editor Colors has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago
Risk Assessment

The 'block-editor-colors' plugin v1.2.6 exhibits a strong security posture based on the provided static analysis. The absence of dangerous functions, the exclusive use of prepared statements for SQL queries, and 100% output escaping demonstrate excellent coding practices for preventing common web vulnerabilities. The presence of multiple nonce checks further strengthens its defenses against replay attacks.

The plugin has a minimal attack surface, with only one AJAX handler, and importantly, this handler appears to be protected. There are no REST API routes, shortcodes, or cron events, which significantly reduces potential entry points for attackers. The taint analysis also revealed no unsanitized paths, indicating a robust approach to handling user input.

Furthermore, the plugin's vulnerability history is entirely clean, with no recorded CVEs of any severity. This lack of past issues, combined with the positive static analysis results, suggests a well-maintained and secure plugin. While the absence of capability checks on the single AJAX handler is a minor point, it is mitigated by the strong presence of nonce checks and the overall lack of other concerning factors.

Key Concerns

  • No capability checks on AJAX handler
Vulnerabilities
None known

Block Editor Colors Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Block Editor Colors Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
62 escaped
Nonce Checks
6
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped62 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
update_general_options (includes\OptionsService.php:39)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Block Editor Colors Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_bec_update_color_orderincludes\CustomColorsService.php:21
WordPress Hooks 13
actionadmin_menuincludes\admin\AdminPages.php:11
actionadmin_enqueue_scriptsincludes\admin\pages\SettingsPage.php:24
actioninitincludes\BlockEditorColors.php:18
actionwp_headincludes\ColorsService.php:27
actionenqueue_block_editor_assetsincludes\ColorsService.php:28
filterblock_editor_settings_allincludes\ColorsService.php:33
filterblock_editor_settings_allincludes\ColorsService.php:38
filterblock_editor_settingsincludes\ColorsService.php:40
actionadmin_post_add_custom_colorincludes\CustomColorsService.php:17
actionadmin_post_edit_custom_colorincludes\CustomColorsService.php:18
actionadmin_post_edit_inactive_colorincludes\CustomColorsService.php:19
actionadmin_post_edit_initial_colorincludes\DefaultColorsService.php:26
actionadmin_post_update_general_optionsincludes\OptionsService.php:22
Maintenance & Trust

Block Editor Colors Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJun 11, 2025
PHP min version5.6
Downloads31K

Community Trust

Rating96/100
Number of ratings13
Active installs3K
Alternatives

Block Editor Colors Alternatives

Advanced Import: One-Click Demo Import for WordPress

Advanced Import: One-Click Demo Import for WordPress

advanced-import

A
91

Advanced Import simplifies importing demo data for WordPress sites, enabling users to import posts, pages, media, widgets, customizer settings, and Gu …

90K 1 CVE
Customify – Intuitive Website Styling

Customify – Intuitive Website Styling

customify

A
100

Customify is a theme Customizer booster to easily customize Fonts, Colors, and other options for a certain WordPress theme.

10K 1 CVE
Central Color Palette

Central Color Palette

kt-tinymce-color-grid

A
85

Manage a site-wide central color palette for a uniform look'n'feel! Supports the new block editor, Theme Customizer and many themes and plug …

10K No CVEs
Custom Color Palette for Gutenberg

Custom Color Palette for Gutenberg

custom-color-palette

A
85

A small and simple plugin to adjust the default color palette of the new WordPress Gutenberg Editor.

1K No CVEs
Editor Custom Color Palette

Editor Custom Color Palette

editor-custom-color-palette

B
77

Personnalisez la palette de couleurs Gutenberg,la typographie,les blocs natifs, l'éditeur et l’administration WordPress,sans blocs propriétaires.

100 1 unpatched
Developer Profile

Block Editor Colors Developer Profile

jetmonsters

33 plugins · 326K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
189 days
View full developer profile
Detection Fingerprints

How We Detect Block Editor Colors

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/block-editor-colors/assets/css/block-editor-colors.css/wp-content/plugins/block-editor-colors/assets/js/block-editor-colors.js
Script Paths
/wp-content/plugins/block-editor-colors/assets/js/block-editor-colors.js
Version Parameters
block-editor-colors/assets/css/block-editor-colors.css?ver=block-editor-colors/assets/js/block-editor-colors.js?ver=

HTML / DOM Fingerprints

CSS Classes
bec-wrapperbec-color-tilesbec-color-tilebec-color-tablebec-color-celldefault-colorbec-color-previewbec-color-field+1 more
Data Attributes
data-bec-color-id
JS Globals
bec_custom_colors_databec_options_data
FAQ

Frequently Asked Questions about Block Editor Colors