Blocks for GitHub Security & Risk Analysis

wordpress.org/plugins/blocks-for-github

Easily display your GitHub profile, organization, repositories, and more within the WordPress Block Editor aka "Gutenberg".

10 active installs v1.0.0 PHP 8.0+ WP 6.5+ Updated Nov 23, 2024
developer-toolsgithubgithub-profilegutenberg-blocksrepository-display
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Blocks for GitHub Safe to Use in 2026?

Generally Safe

Score 92/100

Blocks for GitHub has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The 'blocks-for-github' plugin v1.0.0 exhibits a generally positive security posture based on the static analysis. The absence of known CVEs and recorded vulnerabilities is a strong indicator of past diligence in secure development. Furthermore, the complete reliance on prepared statements for SQL queries and the high percentage of properly escaped output suggest good practices in handling data to prevent common injection and XSS vulnerabilities. The plugin also avoids bundling external libraries, which can often introduce their own security risks.

However, the static analysis reveals several areas of concern that warrant attention. The complete lack of nonce checks and capability checks across all identified entry points is a significant weakness. While the current attack surface is zero, any future expansion or introduction of functionalities with entry points could be immediately vulnerable to CSRF and unauthorized access attacks without these essential security layers. The presence of file operations and external HTTP requests without explicit security checks or context provided in the analysis raises potential flags for insecure handling of these operations, although no specific taint flows were identified. The plugin's current lack of an attack surface might be misleading; the absence of checks on *potential* future entry points is a proactive risk that should be addressed.

In conclusion, 'blocks-for-github' v1.0.0 benefits from a clean vulnerability history and sound practices in database interaction and output sanitization. Nevertheless, the critical absence of nonce and capability checks represents a substantial gap in its security architecture. This leaves the plugin highly susceptible to common web attacks should any entry points be introduced or if the current absence of an attack surface is a transient state. Addressing these fundamental security checks should be a priority to ensure robust protection against a broader range of threats.

Key Concerns

  • No nonce checks found
  • No capability checks found
  • 72% output escaping (28% unescaped)
  • File operations without explicit security context
  • External HTTP requests without explicit security context
Vulnerabilities
None known

Blocks for GitHub Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Blocks for GitHub Release Timeline

v1.0.0Current
Code Analysis
Analyzed Apr 16, 2026

Blocks for GitHub Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
18
47 escaped
Nonce Checks
0
Capability Checks
0
File Operations
13
External Requests
1
Bundled Libraries
0

Output Escaping

72% escaped65 total outputs
Attack Surface

Blocks for GitHub Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actioninitsrc/Bootstrap.php:14
actionadmin_enqueue_scriptssrc/Bootstrap.php:15
actionadmin_enqueue_scriptssrc/Bootstrap.php:16
Maintenance & Trust

Blocks for GitHub Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedNov 23, 2024
PHP min version8.0
Downloads777

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Blocks for GitHub Developer Profile

Devin Walker

3 plugins · 302K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
2338 days
View full developer profile
Detection Fingerprints

How We Detect Blocks for GitHub

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/blocks-for-github/build/index.asset.php

HTML / DOM Fingerprints

CSS Classes
bfg-notice-wrapbfg-notice-innerbfg-info-emojibfg-repobfg-grid-containerbfg-repo-headerbfg-repo-avatar-wrapbfg-avatar+29 more
Data Attributes
id="bfg-wrap-id="bfg-wrap-data-profile-namedata-block-typedata-repo-url
FAQ

Frequently Asked Questions about Blocks for GitHub