Does Block Manager have any unpatched vulnerabilities?

No. All known vulnerabilities in Block Manager have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Block Manager compatible with WordPress 6.9.4?

According to WordPress.org data, Block Manager 3.2.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Block Manager compatible with PHP 7.0+?

Block Manager requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Block Manager updated?

Block Manager was last updated on Jan 14, 2026. Frequent updates are generally a positive security signal.

What is Block Manager's security score?

Block Manager has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Block Manager Security & Risk Analysis

wordpress.org/plugins/block-manager

Disable unwanted blocks and patterns, organize blocks by changing categories - complete control over your WordPress Block Editor experience.

4K active installs v3.2.0 PHP 7.0+ WP 5.0+ Updated Jan 14, 2026

block-categorydisable-blocksdisable-patternsremove-blocksremove-patterns

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Block Manager Safe to Use in 2026?

Generally Safe

Score 100/100

Block Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "block-manager" v3.2.0 plugin exhibits a generally strong security posture based on the provided static analysis. It demonstrates good development practices by utilizing prepared statements for all SQL queries, having a high percentage of properly escaped output, and implementing nonce and capability checks on its entry points. The absence of file operations, external HTTP requests, and bundled libraries further reduces potential attack vectors. The plugin's vulnerability history is also clean, with no known CVEs recorded, indicating a history of secure development or timely patching.

However, the analysis does highlight a potential area for scrutiny. While there are no unprotected AJAX handlers or REST API routes, the existence of two AJAX handlers without specific detail on their permission callbacks warrants careful consideration. Although the initial scan indicates no unprotected entry points, a deeper dive into the implementation of these AJAX handlers would be prudent to ensure that granular permissions are robustly enforced and not dependent solely on general WordPress user roles. The lack of taint analysis results, while not a direct negative, suggests that either the analysis tool did not find any relevant flows or the code structure does not lend itself to such analysis, which is not a security flaw in itself but limits the depth of static security assessment in this regard.

In conclusion, "block-manager" v3.2.0 appears to be a well-secured plugin with robust coding practices and a clean vulnerability record. The primary area of focus for continued security diligence would be a thorough review of the two identified AJAX handlers to confirm the absolute absence of privilege escalation or unauthorized data access vulnerabilities. The plugin's strengths lie in its secure data handling and access control mechanisms.

Key Concerns

2 AJAX handlers, 0 without auth checks
11 Capability checks
2 Nonce checks
91% Properly escaped output
100% SQL using prepared statements
0 Known CVEs

Vulnerabilities

None known

Block Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Block Manager Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

32 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

91% escaped35 total outputs

Attack Surface

Block Manager Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_cnkt_plugin_installerincludes\connekt-plugin-installer\class-connekt-plugin-installer.php:39

authwp_ajax_cnkt_plugin_activationincludes\connekt-plugin-installer\class-connekt-plugin-installer.php:40

WordPress Hooks 17

actionrest_api_initapi\blocks-reset.php:9

actionrest_api_initapi\blocks-toggle.php:9

actionrest_api_initapi\bulk-process.php:9

actionrest_api_initapi\category-reset.php:9

actionrest_api_initapi\category-update.php:9

actionrest_api_initapi\export.php:9

actionrest_api_initapi\patterns-reset.php:9

actionrest_api_initapi\patterns-toggle.php:9

actionenqueue_block_editor_assetsblock-manager.php:67

actionplugins_loadedblock-manager.php:156

actionadmin_menuclasses\class-admin.php:23

actionadmin_enqueue_scriptsclasses\class-admin.php:24

filteradmin_footer_textclasses\class-admin.php:26

actioninitclasses\class-patterns.php:22

actionafter_setup_themeclasses\class-patterns.php:23

filtershould_load_remote_block_patternsclasses\class-patterns.php:27

actioncnkt_installer_enqueue_scriptsincludes\connekt-plugin-installer\class-connekt-plugin-installer.php:38

Maintenance & Trust

Block Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 14, 2026

PHP min version7.0

Downloads87K

Community Trust

Rating98/100

Number of ratings13

Active installs4K

Alternatives

Block Manager Alternatives

Classic Editor +

classic-editor-addon

The "Classic Editor +" plugin disables the block editor, removes enqueued scripts/styles and brings back classic Widgets.

50K 1 CVE

Disable Gutenberg Blocks – Block Manager

disable-gutenberg-blocks

Remove unwanted blocks from the Gutenberg Block Inserter.

4K No CVEs

Caledros Helper

caledros-helper

100

Adds an Admin Menu that allows removing the default block patterns. It also allows deactivating the WordPress REST API for non-authenticated users.

0 No CVEs

Daisy Disable Blocks — Disable Gutenberg, Enable Classic Editor, Disable Block Editor

daisy-disable-blocks

100

Disable Gutenberg Blocks and restore the Classic Editor with a simple toggle.

0 No CVEs

Developer Profile

Block Manager Developer Profile

Darren Cooney

9 plugins · 47K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

629 days

View full developer profile

Detection Fingerprints

How We Detect Block Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/block-manager/build/block-manager.js/wp-content/plugins/block-manager/build/style-block-manager-admin.css/wp-content/plugins/block-manager/build/block-manager-admin.js

Script Paths

/wp-content/plugins/block-manager/build/block-manager.js/wp-content/plugins/block-manager/build/block-manager-admin.js

Version Parameters

block-manager/build/block-manager.js?ver=block-manager/build/style-block-manager-admin.css?ver=block-manager/build/block-manager-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

block-manager-admin-wrap

Data Attributes

data-gutenberg-block-manager

JS Globals

gutenberg_block_managergbm_localize

REST Endpoints

/wp-json/block-manager/v1/blocks-toggle/wp-json/block-manager/v1/blocks-reset/wp-json/block-manager/v1/category-reset/wp-json/block-manager/v1/category-update/wp-json/block-manager/v1/patterns-toggle/wp-json/block-manager/v1/patterns-reset/wp-json/block-manager/v1/bulk-process/wp-json/block-manager/v1/export

FAQ