WP-Safety

Blockons – Gutenberg blocks for WordPress and WooCommerce websites Security & Risk Analysis

wordpress.org/plugins/blockons

Enhanced WordPress editor blocks for Gutenberg, including core Block Extensions and Site Addons for your WordPress site and WooCommerce online store

800 active installs v1.2.15 PHP 5.6+ WP 5.0+ Updated Dec 12, 2025
editor-blocksgutenbergpage-builderultimate-blockswoocommerce-blocks
56
C · Use Caution
CVEs total2
Unpatched2
Last CVEJan 23, 2026
Plugin page Download
Safety Verdict

Is Blockons – Gutenberg blocks for WordPress and WooCommerce websites Safe to Use in 2026?

Use With Caution

Score 56/100

Blockons – Gutenberg blocks for WordPress and WooCommerce websites has 2 unpatched vulnerabilities. Evaluate alternatives or apply available mitigations.

2 known CVEs 2 unpatched Last CVE: Jan 23, 2026Updated 3mo ago
Risk Assessment

The blockons plugin v1.2.15 presents a mixed security posture. On the positive side, it demonstrates good practices with 100% of SQL queries using prepared statements and 99% of output properly escaped. The absence of dangerous functions and critical/high taint flows is also encouraging. However, significant concerns arise from its vulnerability history and exposed attack surface. The plugin has a history of two medium-severity vulnerabilities, including Cross-Site Scripting and Missing Authorization, with both currently unpatched. This suggests a recurring pattern of security weaknesses that attackers could exploit. Furthermore, the plugin exposes two REST API routes without permission callbacks, indicating a potential for unauthorized access or actions to be performed. While the use of nonces and capability checks is present, the two unprotected entry points, specifically within the REST API, are a direct security risk. The presence of a bundled library (Freemius v1.0) without version information introduces a potential for known vulnerabilities within that dependency. In conclusion, while the plugin has some strong security fundamentals in its code, the unpatched vulnerabilities and exposed API endpoints create a notable risk that requires immediate attention.

Key Concerns

  • Two unpatched medium CVEs (Missing Authorization & XSS)
  • REST API routes without permission callbacks
  • Bundled library (Freemius v1.0) without version
Vulnerabilities
2

Blockons – Gutenberg blocks for WordPress and WooCommerce websites Security Vulnerabilities

CVEs by Year

2 CVEs in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2026-24550medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Blockons <= 1.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 23, 2026Unpatched
CVE-2025-14360medium · 5.3Missing Authorization

Blockons <= 1.2.15 - Missing Authorization

Jan 8, 2026Unpatched
Code Analysis
Analyzed Mar 16, 2026

Blockons – Gutenberg blocks for WordPress and WooCommerce websites Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
198 escaped
Nonce Checks
2
Capability Checks
4
File Operations
3
External Requests
1
Bundled Libraries
1

Bundled Libraries

Freemius1.0

Output Escaping

99% escaped200 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
blockons_add_update_notice (classes\class-notices.php:31)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Blockons – Gutenberg blocks for WordPress and WooCommerce websites Attack Surface

Entry Points13
Unprotected2

AJAX Handlers 2

authwp_ajax_blockons_clear_cart_noticesclasses\class-rest-api.php:10
noprivwp_ajax_blockons_clear_cart_noticesclasses\class-rest-api.php:11

REST API Routes 11

GET/wp-json/blcns/v1/settingsclasses\class-rest-api.php:18
POST/wp-json/blcns/v1/settingsclasses\class-rest-api.php:23
DELETE/wp-json/blcns/v1/deleteclasses\class-rest-api.php:28
GET/wp-json/blcns/v1/productsclasses\class-rest-api.php:35
GET/wp-json/blcns/v1/product/(?P<id>\d+)classes\class-rest-api.php:40
GET/wp-json/blcns/v1/product-data/(?P<id>\d+)classes\class-rest-api.php:47
GET/wp-json/blcns/v1/post/(?P<id>\d+)classes\class-rest-api.php:54
GET/wp-json/blcns/v1/post-typesclasses\class-rest-api.php:59
GET/wp-json/blcns/v1/block-patternsclasses\class-rest-api.php:64
GET/wp-json/blcns/v1/get-api-keyclasses\class-rest-api.php:71
POST/wp-json/blcns/v1/submit-formclasses\class-rest-api.php:85
WordPress Hooks 36
actionbefore_woocommerce_initblockons.php:77
actioninitclasses\class-admin.php:17
actionadmin_menuclasses\class-admin.php:18
filterplugin_action_links_blockons/blockons.phpclasses\class-admin.php:24
filterplugin_row_metaclasses\class-admin.php:25
filterblock_categories_allclasses\class-admin.php:31
filteradmin_body_classclasses\class-admin.php:37
actioninitclasses\class-form-submissions.php:39
actionadd_meta_boxesclasses\class-form-submissions.php:40
actionmanage_blockons_submission_posts_custom_columnclasses\class-form-submissions.php:41
filtermanage_blockons_submission_posts_columnsclasses\class-form-submissions.php:42
filtermanage_edit-blockons_submission_sortable_columnsclasses\class-form-submissions.php:43
actionpre_get_postsclasses\class-form-submissions.php:44
actionsave_post_blockons_submissionclasses\class-form-submissions.php:45
actionbefore_delete_postclasses\class-form-submissions.php:46
actionadmin_menuclasses\class-form-submissions.php:48
filterbody_classclasses\class-frontend.php:19
actionwp_footerclasses\class-frontend.php:21
actionwp_footerclasses\class-frontend.php:30
actionwp_body_openclasses\class-frontend.php:37
filterbody_classclasses\class-frontend.php:46
actionwp_headclasses\class-frontend.php:47
actionwp_body_openclasses\class-frontend.php:48
actionwp_footerclasses\class-frontend.php:57
actioninitclasses\class-modal-patterns.php:15
actionadmin_initclasses\class-notices.php:15
actionadmin_noticesclasses\class-notices.php:16
actionrest_api_initclasses\class-rest-api.php:7
filterwp_mail_fromclasses\class-rest-api.php:470
filterwp_mail_from_nameclasses\class-rest-api.php:471
actioninitclasses\class-scripts.php:36
actioninitclasses\class-scripts.php:37
actionplugins_loadedclasses\class-scripts.php:40
actionwp_enqueue_scriptsclasses\class-scripts.php:43
actionadmin_enqueue_scriptsclasses\class-scripts.php:46
actionenqueue_block_editor_assetsclasses\class-scripts.php:49
Maintenance & Trust

Blockons – Gutenberg blocks for WordPress and WooCommerce websites Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 12, 2025
PHP min version5.6
Downloads19K

Community Trust

Rating96/100
Number of ratings4
Active installs800
Alternatives

Blockons – Gutenberg blocks for WordPress and WooCommerce websites Alternatives

Greenshift – animation and page builder blocks

Greenshift – animation and page builder blocks

greenshift-animation-and-page-builder-blocks

A
89

More than 20 special blocks for Gutenberg to build complex pages and animations with highest possible web vitals score.

70K 19 CVEs
Editor Blocks for Gutenberg

Editor Blocks for Gutenberg

editor-blocks

A
85

A unique collection of Gutenberg blocks.

800 No CVEs
ComboBlocks — Block Library & Page Builder

ComboBlocks — Block Library & Page Builder

combo-blocks

A
100

Landing Page Builder, Blog Builder, eCommerce Builder, Niche Site Builder, News Site Builder and More.

100 No CVEs
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

A
86

20+ AI-powered Gutenberg Blocks with endless options, enabling top-notch efficiency for high-performance dynamic website creation.

600K 31 CVEs
Page Builder: Pagelayer – Drag and Drop website builder

Page Builder: Pagelayer – Drag and Drop website builder

pagelayer

A
88

The most advanced frontend drag & drop page builder. Pagelayer is a light weight but extremely powerful Website Builder.

400K 25 CVEs
Developer Profile

Blockons – Gutenberg blocks for WordPress and WooCommerce websites Developer Profile

Kaira

14 plugins · 33K total installs

90
trust score
Avg Security Score
94/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Blockons – Gutenberg blocks for WordPress and WooCommerce websites

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/blockons/dist/frontend.css/wp-content/plugins/blockons/dist/frontend.min.css/wp-content/plugins/blockons/dist/frontend.js/wp-content/plugins/blockons/dist/frontend.min.js/wp-content/plugins/blockons/assets/blocks/wc-account-icon/account.js/wp-content/plugins/blockons/dist/pro/cart-pro.min.js/wp-content/plugins/blockons/assets/blocks/wc-mini-cart/cart.js/wp-content/plugins/blockons/dist/pro/search-pro.min.js+8 more
Script Paths
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/7.0.0/css/all.min.css/wp-content/plugins/blockons/dist/frontend.min.js/wp-content/plugins/blockons/assets/blocks/wc-account-icon/account.js/wp-content/plugins/blockons/dist/pro/cart-pro.min.js/wp-content/plugins/blockons/assets/blocks/wc-mini-cart/cart.js/wp-content/plugins/blockons/dist/pro/search-pro.min.js+6 more
Version Parameters
/wp-content/plugins/blockons/dist/frontend.css?ver=/wp-content/plugins/blockons/dist/frontend.min.css?ver=/wp-content/plugins/blockons/dist/frontend.js?ver=/wp-content/plugins/blockons/dist/frontend.min.js?ver=/wp-content/plugins/blockons/assets/blocks/wc-account-icon/account.js?ver=/wp-content/plugins/blockons/dist/pro/cart-pro.min.js?ver=/wp-content/plugins/blockons/assets/blocks/wc-mini-cart/cart.js?ver=/wp-content/plugins/blockons/dist/pro/search-pro.min.js?ver=/wp-content/plugins/blockons/assets/blocks/search/search.js?ver=/wp-content/plugins/blockons/assets/blocks/contact-form/flatpickr/flatpickr.min.css?ver=/wp-content/plugins/blockons/assets/blocks/contact-form/flatpickr/flatpickr.min.js?ver=/wp-content/plugins/blockons/dist/form-handler.min.js?ver=/wp-content/plugins/blockons/dist/editor.min.js?ver=/wp-content/plugins/blockons/dist/blockons.min.js?ver=/wp-content/plugins/blockons/assets/admin/css/blockons-admin.min.css?ver=/wp-content/plugins/blockons/assets/admin/js/blockons-admin.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
blockons-carouselblockons-sliderblockons-ctablockons-featureblockons-counterblockons-progress-barblockons-testimonialblockons-team+16 more
HTML Comments
<!-- Blockons Block --><!-- Blockons Carousel Block --><!-- Blockons Pricing Table Block --><!-- Blockons Tabs Block -->+11 more
Data Attributes
data-blockons-carouseldata-blockons-settingsdata-blockons-ctadata-blockons-counterdata-blockons-progress-bardata-blockons-testimonial+14 more
JS Globals
blockonsFrontendwcAccObjwcCartObjsearchObjblockonsEditor
REST Endpoints
/wp-json/blockons/v1/search/wp-json/blockons/v1/contact-form
Shortcode Output
[blockons_carousel[blockons_cta[blockons_feature[blockons_counter
FAQ

Frequently Asked Questions about Blockons – Gutenberg blocks for WordPress and WooCommerce websites