Does BlockMeister – Block Pattern Builder have any unpatched vulnerabilities?

No. All known vulnerabilities in BlockMeister – Block Pattern Builder have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BlockMeister – Block Pattern Builder compatible with WordPress 6.7.5?

According to WordPress.org data, BlockMeister – Block Pattern Builder 3.1.12 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is BlockMeister – Block Pattern Builder compatible with PHP 5.6+?

BlockMeister – Block Pattern Builder requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is BlockMeister – Block Pattern Builder updated?

BlockMeister – Block Pattern Builder was last updated on Jan 27, 2025. Frequent updates are generally a positive security signal.

What is BlockMeister – Block Pattern Builder's security score?

BlockMeister – Block Pattern Builder has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BlockMeister – Block Pattern Builder Security & Risk Analysis

wordpress.org/plugins/blockmeister

Visually create custom block patterns. No coding skills needed! Categorize them easily and use keywords for easy discoverability.

1K active installs v3.1.12 PHP 5.6+ WP 6.0+ Updated Jan 27, 2025

block-patternsgutenbergpattern-builderpatterns

A · Safe

CVEs total1

Unpatched0

Last CVEOct 10, 2024

Plugin page Download

Safety Verdict

Is BlockMeister – Block Pattern Builder Safe to Use in 2026?

Generally Safe

Score 91/100

BlockMeister – Block Pattern Builder has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 10, 2024Updated 1yr ago

Risk Assessment

The Blockmeister plugin v3.1.12 exhibits a generally good security posture, particularly in its limited attack surface and frequent use of capability checks. The absence of unprotected AJAX handlers, REST API routes, shortcodes, and cron events is a strong positive. Code signals indicate responsible use of prepared statements for SQL queries and a relatively high percentage of properly escaped output. The presence of a single nonce check and 10 capability checks further reinforces an awareness of security best practices.

However, a notable concern arises from the taint analysis, which identified one flow with unsanitized paths. While this did not escalate to critical or high severity in this specific scan, it represents a potential vector for vulnerabilities if not carefully managed or if future code changes introduce more severe issues. The plugin's vulnerability history shows a single medium severity CVE attributed to Cross-Site Scripting (XSS) in the past. While this CVE is currently patched, the nature of the vulnerability suggests a historical pattern of input sanitization challenges that require ongoing vigilance.

In conclusion, Blockmeister v3.1.12 demonstrates a solid foundation of security practices, with a commendable effort to minimize its attack surface and implement robust authorization. The primary areas for improvement are addressing the identified unsanitized path flow in the taint analysis and maintaining a strict focus on input validation and output escaping to prevent future XSS or similar vulnerabilities, especially given the historical CVE. The bundled Freemius library, while standard, should also be monitored for potential vulnerabilities in its own right.

Key Concerns

Flow with unsanitized paths identified
1 medium severity CVE in history (XSS)
Bundled library (Freemius v1.0) potential risk

Vulnerabilities

BlockMeister – Block Pattern Builder Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-9616medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BlockMeister – Block Pattern Builder <= 3.1.10 - Reflected Cross-Site Scripting

Oct 10, 2024 Patched in 3.1.11 (1d)

Code Analysis

Analyzed Mar 16, 2026

BlockMeister – Block Pattern Builder Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

30 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

75% prepared4 total queries

Output Escaping

71% escaped42 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

show_admin_notice_for_action_request_result (includes\Pattern_Builder\Admin\BlockMeister_Pattern_List_Table.php:238)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

BlockMeister – Block Pattern Builder Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 47

filteris_submenu_visibleblockmeister.php:101

actionadmin_menuincludes\Admin\Admin_Menu.php:14

actionafter_uninstallincludes\BlockMeister.php:82

actionplugins_loadedincludes\BlockMeister.php:87

actionadmin_noticesincludes\BlockMeister.php:126

actionadmin_footerincludes\JSON_File_Uploader.php:26

actionadmin_footerincludes\JSON_File_Uploader.php:27

actionadmin_headincludes\Pattern_Builder\Admin\BlockMeister_Pattern_Category_List_Table.php:18

filterget_terms_argsincludes\Pattern_Builder\Admin\BlockMeister_Pattern_Category_List_Table.php:22

filterenter_title_hereincludes\Pattern_Builder\Admin\BlockMeister_Pattern_Editor.php:22

filterwrite_your_storyincludes\Pattern_Builder\Admin\BlockMeister_Pattern_Editor.php:25

filterupload_mimesincludes\Pattern_Builder\Admin\BlockMeister_Pattern_List_Table.php:36

actionadmin_initincludes\Pattern_Builder\Admin\BlockMeister_Pattern_List_Table.php:40

actionadmin_noticesincludes\Pattern_Builder\Admin\BlockMeister_Pattern_List_Table.php:44

actioncurrent_screenincludes\Pattern_Builder\Admin\BlockMeister_Pattern_List_Table.php:45

actionrestrict_manage_postsincludes\Pattern_Builder\Admin\BlockMeister_Pattern_List_Table.php:49

filtermanage_blockmeister_pattern_posts_columnsincludes\Pattern_Builder\Admin\BlockMeister_Pattern_List_Table.php:50

filterposts_resultsincludes\Pattern_Builder\Admin\BlockMeister_Pattern_List_Table.php:51

actionmanage_blockmeister_pattern_posts_custom_columnincludes\Pattern_Builder\Admin\BlockMeister_Pattern_List_Table.php:57

filterpost_date_column_statusincludes\Pattern_Builder\Admin\BlockMeister_Pattern_List_Table.php:63

filterpost_row_actionsincludes\Pattern_Builder\Admin\BlockMeister_Pattern_List_Table.php:69

filterpost_classincludes\Pattern_Builder\Admin\BlockMeister_Pattern_List_Table.php:75

actionadmin_head-edit.phpincludes\Pattern_Builder\Admin\BlockMeister_Pattern_List_Table.php:81

actionadmin_head-edit.phpincludes\Pattern_Builder\Admin\BlockMeister_Pattern_List_Table.php:82

actionadmin_initincludes\Pattern_Builder\Admin\BlockMeister_Pattern_List_Table.php:83

filterbulk_actions-edit-blockmeister_patternincludes\Pattern_Builder\Admin\BlockMeister_Pattern_List_Table.php:84

filterhandle_bulk_actions-edit-blockmeister_patternincludes\Pattern_Builder\Admin\BlockMeister_Pattern_List_Table.php:85

filterbulk_post_updated_messagesincludes\Pattern_Builder\Admin\BlockMeister_Pattern_List_Table.php:91

filterdisable_months_dropdownincludes\Pattern_Builder\Admin\BlockMeister_Pattern_List_Table.php:97

filteredit_blockmeister_pattern_per_pageincludes\Pattern_Builder\Admin\BlockMeister_Pattern_List_Table.php:98

actionadmin_menuincludes\Pattern_Builder\Admin\BlockMeister_Settings.php:15

actionadmin_initincludes\Pattern_Builder\Admin\BlockMeister_Settings.php:16

actionadmin_initincludes\Pattern_Builder\Admin\BlockMeister_Settings.php:17

actionadmin_enqueue_scriptsincludes\Pattern_Builder\Assets.php:22

filterpre_load_script_translationsincludes\Pattern_Builder\Assets.php:23

actioninitincludes\Pattern_Builder\BlockMeister_Pattern_Category_Taxonomy.php:22

actioninitincludes\Pattern_Builder\BlockMeister_Pattern_Keywords_Taxonomy.php:16

actioninitincludes\Pattern_Builder\BlockMeister_Pattern_Post_Meta_Fields.php:16

actioninitincludes\Pattern_Builder\BlockMeister_Pattern_Post_Type.php:19

actionwp_headincludes\Pattern_Builder\Blocks_Stylesheet_Generator.php:30

actioninitincludes\Pattern_Builder\Block_Pattern_Registry.php:24

actioninitincludes\Pattern_Builder\Block_Pattern_Registry.php:29

actioninitincludes\Pattern_Builder\Block_Pattern_Registry.php:31

filterrest_request_after_callbacksincludes\Pattern_Builder\Block_Pattern_Registry.php:34

filtershow_admin_noticeincludes\Pattern_Builder\Pattern_Builder.php:52

filterrender_blockincludes\Pattern_Builder\Render_Block_Filter_OBSOLETE.php:22

actionadmin_noticesincludes\Utils.php:64

Maintenance & Trust

BlockMeister – Block Pattern Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJan 27, 2025

PHP min version5.6

Downloads34K

Community Trust

Rating100/100

Number of ratings12

Active installs1K

Alternatives

BlockMeister – Block Pattern Builder Alternatives

Block Pattern Builder For WordPress – Boost Up Gutenberg Patterns

create-block-patterns

100

Create custom block patterns and browse ready-made patterns from the WordPress.org library to enhance your Gutenberg block pattern collection.

0 No CVEs

Better Block Patterns

better-block-patterns

Build better WordPress websites faster with our custom block patterns for the Block Editor (Gutenberg).

1K No CVEs

Block Patterns for Food Bloggers

block-patterns-for-food-bloggers

100

A beautiful collection of block patterns for food bloggers.

800 No CVEs

Pattern Manager

pattern-manager

Manage your theme's pattern PHP files the easy way, with Pattern Manager by WP Engine.

400 No CVEs

Pattern Wrangler – Manage Block Patterns and Pattern Categories

pattern-wrangler

100

Curate and manage your block patterns, registered patterns, synced patterns, and pattern categories efficiently with Pattern Wrangler.

300 No CVEs

Developer Profile

BlockMeister – Block Pattern Builder Developer Profile

BlockMeister

1 plugin · 1K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect BlockMeister – Block Pattern Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/blockmeister/pattern-builder/pattern-builder.css/wp-content/plugins/blockmeister/pattern-builder/pattern-builder.js

Script Paths

/wp-content/plugins/blockmeister/pattern-builder/pattern-builder.js

Version Parameters

blockmeister/pattern-builder/pattern-builder.css?ver=blockmeister/pattern-builder/pattern-builder.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-blockmeister

JS Globals

window.blockmeister_license

FAQ