Blocks for ChurchSuite Security & Risk Analysis

wordpress.org/plugins/blocks-for-churchsuite

Blocks For ChurchSuite is a plugin providing blocks that enable display of event and small group data from ChurchSuite in various ways.

0 active installs v1.0.5 PHP 8.0+ WP 6.7+ Updated Apr 15, 2026
blockschurchsuiteeventsgroups
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Blocks for ChurchSuite Safe to Use in 2026?

Generally Safe

Score 100/100

Blocks for ChurchSuite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "blocks-for-churchsuite" plugin version 1.0.5 exhibits a generally strong security posture based on the provided static analysis. The absence of identified AJAX handlers, REST API routes, shortcodes, and cron events with no authentication checks indicates a very limited attack surface, which is a positive sign. Furthermore, the code signals reveal no dangerous functions, no SQL queries that aren't prepared, and no file operations, all contributing to a robust foundation. The single external HTTP request warrants further investigation to ensure it is handled securely and doesn't introduce a supply chain risk.

While the plugin demonstrates good practices in several areas, a few concerns arise. The 75% output escaping rate suggests that a quarter of the outputs are not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if untrusted data is rendered. The lack of nonce checks and capability checks is also a significant concern, as these are fundamental WordPress security mechanisms designed to prevent CSRF and unauthorized actions. The absence of any vulnerability history is a positive indicator of past security diligence, but it doesn't negate the potential risks identified in the current code analysis.

In conclusion, the plugin has a good foundation with a minimal attack surface and secure handling of SQL queries. However, the unescaped outputs and the complete absence of nonce and capability checks are notable weaknesses that introduce potential security risks. Addressing these specific areas should be a priority to improve the overall security of the plugin.

Key Concerns

  • Missing Nonce Checks
  • Missing Capability Checks
  • Unescaped Output (25% of outputs)
Vulnerabilities
None known

Blocks for ChurchSuite Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Blocks for ChurchSuite Release Timeline

v1.0.5Current
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

Blocks for ChurchSuite Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
12 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

75% escaped16 total outputs
Attack Surface

Blocks for ChurchSuite Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actioninitblocks-for-churchsuite.php:65
filterquery_varsblocks-for-churchsuite.php:75
filterblock_categories_allblocks-for-churchsuite.php:92
Maintenance & Trust

Blocks for ChurchSuite Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 15, 2026
PHP min version8.0
Downloads424

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

Blocks for ChurchSuite Developer Profile

Alwyn Barry

3 plugins · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Blocks for ChurchSuite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/blocks-for-churchsuite/blocks/build/cs-calendar.asset.php/wp-content/plugins/blocks-for-churchsuite/blocks/build/cs-event-cards.asset.php/wp-content/plugins/blocks-for-churchsuite/blocks/build/cs-event-list.asset.php/wp-content/plugins/blocks-for-churchsuite/blocks/build/cs-smallgroups.asset.php/wp-content/plugins/blocks-for-churchsuite/blocks/build/blocks.style.css/wp-content/plugins/blocks-for-churchsuite/blocks/build/blocks.editor.css
Script Paths
/wp-content/plugins/blocks-for-churchsuite/blocks/build/index.js
Version Parameters
blocks-for-churchsuite/blocks/build/cs-calendar.asset.php?ver=blocks-for-churchsuite/blocks/build/cs-event-cards.asset.php?ver=blocks-for-churchsuite/blocks/build/cs-event-list.asset.php?ver=blocks-for-churchsuite/blocks/build/cs-smallgroups.asset.php?ver=blocks-for-churchsuite/blocks/build/blocks.style.css?ver=blocks-for-churchsuite/blocks/build/blocks.editor.css?ver=blocks-for-churchsuite/blocks/build/index.js?ver=

HTML / DOM Fingerprints

CSS Classes
wp-block-amb-dev-b4cs-cs-calendarwp-block-amb-dev-b4cs-cs-event-cardswp-block-amb-dev-b4cs-cs-event-listwp-block-amb-dev-b4cs-cs-smallgroups
Data Attributes
data-wp-block="amb-dev/b4cs-cs-calendar"data-wp-block="amb-dev/b4cs-cs-event-cards"data-wp-block="amb-dev/b4cs-cs-event-list"data-wp-block="amb-dev/b4cs-cs-smallgroups"
JS Globals
wp.blocks.registerBlockTypewp.element.createElementwp.i18n.__
FAQ

Frequently Asked Questions about Blocks for ChurchSuite