Does Gutenberg Block Editor Toolkit – EditorsKit have any unpatched vulnerabilities?

No. All known vulnerabilities in Gutenberg Block Editor Toolkit – EditorsKit have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Gutenberg Block Editor Toolkit – EditorsKit compatible with WordPress 6.5.8?

According to WordPress.org data, Gutenberg Block Editor Toolkit – EditorsKit 1.40.6 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

Is Gutenberg Block Editor Toolkit – EditorsKit compatible with PHP 5.6+?

Gutenberg Block Editor Toolkit – EditorsKit requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Gutenberg Block Editor Toolkit – EditorsKit updated?

Gutenberg Block Editor Toolkit – EditorsKit was last updated on May 28, 2024. Frequent updates are generally a positive security signal.

What is Gutenberg Block Editor Toolkit – EditorsKit's security score?

Gutenberg Block Editor Toolkit – EditorsKit has a WP-Safety security score of 90/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Gutenberg Block Editor Toolkit – EditorsKit Security & Risk Analysis

wordpress.org/plugins/block-options

EditorsKit provides a set of page building tools to supercharge the WordPress Gutenberg block editor.

30K active installs v1.40.6 PHP 5.6+ WP 5.0+ Updated May 28, 2024

blocksgutenberggutenberg-blocksgutenberg-editorwordpress-blocks

A · Safe

CVEs total3

Unpatched0

Last CVEMar 29, 2024

Plugin page Download

Safety Verdict

Is Gutenberg Block Editor Toolkit – EditorsKit Safe to Use in 2026?

Generally Safe

Score 90/100

Gutenberg Block Editor Toolkit – EditorsKit has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Mar 29, 2024Updated 1yr ago

Risk Assessment

The 'block-options' plugin v1.40.6 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices in handling SQL queries, exclusively using prepared statements, and generally performs well with output escaping, with 90% of outputs being properly escaped. Nonce and capability checks are present for a significant number of entry points, and the taint analysis shows no critical or high severity flows, suggesting a careful approach to handling user-supplied data within the analyzed flows.

However, concerns arise from the presence of an unprotected AJAX handler, which represents a direct entry point without authentication checks. This, combined with the plugin's history of three known high and medium severity vulnerabilities, including Cross-site Scripting, Unrestricted File Upload, and Code Injection, indicates a recurring pattern of security weaknesses. While there are currently no unpatched CVEs, the historical context suggests a potential for newly introduced vulnerabilities or regressions, especially given the identified unprotected entry point. The external HTTP requests also warrant attention, as they can sometimes be exploited if not properly validated or sanitized.

In conclusion, while the plugin has made strides in secure coding practices, particularly with SQL and general output sanitization, the unprotected AJAX handler and its past vulnerability trends present a tangible risk. Continued vigilance, thorough code reviews, and prompt patching of any future vulnerabilities will be crucial for mitigating these risks.

Key Concerns

Unprotected AJAX handler found
3 known CVEs historically, 2 high severity
Vulnerabilities include XSS, Unrestricted Upload, Code Injection
3 external HTTP requests observed

Vulnerabilities

Gutenberg Block Editor Toolkit – EditorsKit Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2023

2023

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2024-2794medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gutenberg Block Editor Toolkit – EditorsKit <= 1.40.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 29, 2024 Patched in 1.40.5 (26d)

CVE-2023-6635high · 7.2Unrestricted Upload of File with Dangerous Type

EditorsKit <= 1.40.3 - Authenticated (Administrator+) Arbitrary File Upload

Dec 16, 2023 Patched in 1.40.4 (52d)

CVE-2021-24546high · 8.8Improper Control of Generation of Code ('Code Injection')

EditorsKit <= 1.31.5 - Authenticated (Contributor+) Code Injection

Sep 13, 2021 Patched in 1.31.6 (862d)

Code Analysis

Analyzed Mar 16, 2026

Gutenberg Block Editor Toolkit – EditorsKit Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

26 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

90% escaped29 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

maybe_export (includes\addons\styles-manager\gutenberghub-styles-exporter.php:27)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Gutenberg Block Editor Toolkit – EditorsKit Attack Surface

Entry Points4

Unprotected1

AJAX Handlers 1

authwp_ajax_dismiss_editorskit_support_noticeincludes\notices\class-editorskit-support-notice.php:20

REST API Routes 2

GET/wp-json/editorskit/v1/acfincludes\class-editorskit-acf-support.php:73

GET/wp-json/editorskit/v1/acfincludes\class-editorskit-acf-support.php:83

Shortcodes 1

[editorskit] includes\class-editorskit-shortcodes.php:27

WordPress Hooks 51

actioninitincludes\addons\styles-manager\blocks\gutenberghub-styles-manager-block.php:20

actionadmin_initincludes\addons\styles-manager\gutenberghub-styles-exporter.php:19

actioninitincludes\addons\styles-manager\gutenberghub-styles-manager-admin.php:34

actionadmin_enqueue_scriptsincludes\addons\styles-manager\gutenberghub-styles-manager-admin.php:35

actionenqueue_block_editor_assetsincludes\addons\styles-manager\gutenberghub-styles-manager-admin.php:36

actioninitincludes\addons\styles-manager\gutenberghub-styles-manager-blocks.php:31

actionafter_editorskit_menu_registrationincludes\addons\styles-manager\gutenberghub-styles-manager-core.php:29

actionwp_loadedincludes\addons\styles-manager\gutenberghub-styles-manager.php:26

filtertemplate_includeincludes\addons\styles-manager\gutenberghub-styles-manager.php:28

filtershow_admin_barincludes\addons\styles-manager\gutenberghub-styles-manager.php:42

actionrest_api_initincludes\addons\styles-manager\rest-api\init.php:8

actionenqueue_block_editor_assetsincludes\addons\template-library\gutenberghub-template-library-assets.php:23

actionrest_api_initincludes\addons\template-library\rest-api\routes.php:8

actionrest_api_initincludes\class-editorskit-acf-support.php:69

actioninitincludes\class-editorskit-addon-manager.php:31

actionenqueue_block_assetsincludes\class-editorskit-block-assets.php:70

actioninitincludes\class-editorskit-block-assets.php:71

actionadmin_enqueue_scriptsincludes\class-editorskit-block-assets.php:72

filtershow_admin_barincludes\class-editorskit-block-assets.php:73

filterregister_block_type_argsincludes\class-editorskit-block-locking.php:39

filterblock_editor_settings_allincludes\class-editorskit-custom-css-classes.php:70

filterblock_editor_settingsincludes\class-editorskit-custom-css-classes.php:72

filterblock_editor_settings_allincludes\class-editorskit-features-manager.php:72

filterblock_editor_settingsincludes\class-editorskit-features-manager.php:74

actionafter_setup_themeincludes\class-editorskit-page-template-support.php:93

filteradmin_body_classincludes\class-editorskit-page-template-support.php:106

actionadmin_headincludes\class-editorskit-page-template-support.php:112

filteradmin_body_classincludes\class-editorskit-page-template-support.php:121

actionadmin_headincludes\class-editorskit-page-template-support.php:127

filterplugin_action_linksincludes\class-editorskit-plugin-shortcuts.php:19

filterinitincludes\class-editorskit-post-meta.php:29

actioninitincludes\class-editorskit-post-meta.php:30

filterrest_pre_dispatchincludes\class-editorskit-post-meta.php:31

actionrender_blockincludes\class-editorskit-render-block.php:77

filterblock_lab_get_block_attributesincludes\class-editorskit-render-block.php:80

actionadmin_initincludes\class-editorskit-user-feedback.php:81

actionadmin_initincludes\class-editorskit-user-feedback.php:82

actionadmin_noticesincludes\class-editorskit-user-feedback.php:159

actionadmin_enqueue_scriptsincludes\class-editorskit-welcome.php:53

actionadmin_menuincludes\class-editorskit-welcome.php:54

actionadmin_noticesincludes\class-editorskit-welcome.php:61

filterthe_titleincludes\function-hide-title.php:45

filterbody_classincludes\function-hide-title.php:73

filteradmin_body_classincludes\function-hide-title.php:98

filterrender_blockincludes\function-hide-title.php:101

filterblock_lab_default_fieldsincludes\helper.php:24

actionadmin_noticesincludes\notices\class-editorskit-support-notice.php:19

actionplugins_loadedplugin.php:157

actionenqueue_block_editor_assetsplugin.php:158

actionafter_setup_themeplugin.php:159

actionplugins_loadedplugin.php:248

Maintenance & Trust

Gutenberg Block Editor Toolkit – EditorsKit Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedMay 28, 2024

PHP min version5.6

Downloads816K

Community Trust

Rating92/100

Number of ratings175

Active installs30K

Alternatives

Gutenberg Block Editor Toolkit – EditorsKit Alternatives

Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor

gutentor

Advanced yet easy, Gutenberg editor page builder blocks. Create a masterpiece, pixel perfect website using modern WordPress Gutenberg blocks.

30K 1 unpatched

WPMozo Blocks and Addons

wpmozo-blocks-and-addons

100

WPMozo Blocks and Addons is a plugin that enhances the Gutenberg editor with a collection of powerful and customizable blocks.

60 No CVEs

Orbi Blocks – Gutenberg Blocks, Patterns & Templates

orbi-blocks

100

Create pixel-perfect, modern WordPress websites with ease using our advanced yet user-friendly Gutenberg editor page builder blocks.

0 No CVEs

Page Builder Gutenberg Blocks – CoBlocks

coblocks

CoBlocks is a suite of page builder WordPress blocks for Gutenberg, with 10+ new blocks and a true page builder experience with rows and columns.

300K 1 unpatched

Stackable – Page Builder Gutenberg Blocks

stackable-ultimate-gutenberg-blocks

Custom Blocks that transform your WordPress Block Editor into a page builder

100K 7 CVEs

Developer Profile

Gutenberg Block Editor Toolkit – EditorsKit Developer Profile

Munir Kamal

8 plugins · 49K total installs

trust score

Avg Security Score

83/100

Avg Patch Time

313 days

View full developer profile

Detection Fingerprints

How We Detect Gutenberg Block Editor Toolkit – EditorsKit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/block-options/build/css/style/wp-content/plugins/block-options/build/js/index/wp-content/plugins/block-options/src/js/editor

Script Paths

/wp-content/plugins/block-options/build/js/index.min.js/wp-content/plugins/block-options/src/js/editor.js

Version Parameters

/wp-content/plugins/block-options/build/css/style.min.css?ver=/wp-content/plugins/block-options/build/js/index.min.js?ver=/wp-content/plugins/block-options/src/js/editor.js?ver=

HTML / DOM Fingerprints

CSS Classes

editorskit-frontendeditorskit-admin

HTML Comments

Data Attributes

data-editorskit-blockdata-editorskit-component

JS Globals

editorskit_editor_configEditorsKit

Shortcode Output

[editorskit_template[editorskit_form]

FAQ