WP-Safety

Blockskit Security & Risk Analysis

wordpress.org/plugins/blockskit

An easy plugin to import starter sites and add different effects to the image.

8K active installs v1.2.2 PHP 7.4.9+ WP 5.9+ Updated Dec 21, 2025
blockdemo-datademo-data-importerimage-blockone-click-demo-import
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Blockskit Safe to Use in 2026?

Generally Safe

Score 100/100

Blockskit has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The 'blockskit' v1.2.2 plugin exhibits a generally good security posture with several strengths. The absence of any recorded vulnerabilities in its history, including critical or high-severity ones, suggests a mature and well-maintained codebase. Furthermore, the plugin demonstrates strong adherence to secure coding practices by exclusively using prepared statements for SQL queries, performing a high percentage of output escaping, and implementing nonce and capability checks on a significant number of its entry points. The lack of file operations and dangerous functions is also a positive indicator.

However, a significant concern arises from the static analysis, specifically the presence of one AJAX handler that lacks authentication checks. This represents a direct attack vector that could potentially be exploited by unauthenticated users to interact with the plugin's functionality, leading to unintended consequences. While the taint analysis shows no critical or high-severity flows, this single unprotected AJAX endpoint is a notable weakness that needs immediate attention. The overall risk is moderate, leaning towards low due to the historical absence of vulnerabilities and good coding practices in most areas, but the unprotected AJAX handler introduces a specific, actionable risk.

Key Concerns

  • Unprotected AJAX handler identified
Vulnerabilities
None known

Blockskit Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Blockskit Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
7
32 escaped
Nonce Checks
4
Capability Checks
6
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

82% escaped39 total outputs
Attack Surface
1 unprotected

Blockskit Attack Surface

Entry Points4
Unprotected1

AJAX Handlers 4

authwp_ajax_install_base_themeimport\base-install\base-install.php:18
authwp_ajax_bk_import_getting_startedimport\demo-import.php:66
authwp_ajax_remind_me_later_blockskit_proincludes\class-blockskit-pro-upgrade-notice.php:13
authwp_ajax_upgrade_blockskit_pro_notice_dismissincludes\class-blockskit-pro-upgrade-notice.php:14
WordPress Hooks 14
actioninitblockskit.php:39
actionadmin_enqueue_scriptsimport\base-install\base-install.php:19
actionadmin_enqueue_scriptsimport\base-install\base-install.php:20
actionswitch_themeimport\demo\functions.php:29
filteradvanced_import_demo_listsimport\demo-import.php:64
filteradmin_menuimport\demo-import.php:65
filteradmin_enqueue_scriptsimport\demo-import.php:67
filteradmin_enqueue_scriptsimport\demo-import.php:68
filteradvanced_export_include_optionsimport\demo-import.php:69
actionadvanced_import_replace_post_idsimport\demo-import.php:70
actionadmin_menuincludes\class-bk-advanced-import-override.php:23
actionadmin_enqueue_scriptsincludes\class-blockskit-pro-upgrade-notice.php:11
actionadmin_initincludes\class-blockskit-pro-upgrade-notice.php:12
actionadmin_noticesincludes\class-blockskit-pro-upgrade-notice.php:33
Maintenance & Trust

Blockskit Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 21, 2025
PHP min version7.4.9
Downloads88K

Community Trust

Rating0/100
Number of ratings0
Active installs8K
Alternatives

Blockskit Alternatives

Keon Toolset

Keon Toolset

keon-toolset

A
100

Import dummy data for themes developed by Keon Themes.

30K No CVEs
Kortez Toolset

Kortez Toolset

kortez-toolset

A
92

Import dummy data for themes developed by Kortez Themes.

1K No CVEs
Blockskit Import

Blockskit Import

blockskit-import

A
85

A easy plugin to import starter sites.

100 No CVEs
Cyclone Demo Importer

Cyclone Demo Importer

cyclone-demo-importer

A
92

Import Dummy data for themes developed by Cyclone Themes.

10K No CVEs
Candid Advanced Toolset

Candid Advanced Toolset

candid-advanced-toolset

A
92

Import Dummy data for themes developed by Candid Themes.

1K No CVEs
Developer Profile

Blockskit Developer Profile

BlockskitDev

39 plugins · 17K total installs

92
trust score
Avg Security Score
97/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Blockskit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/blockskit/import/base-install/assets/base-install.css/wp-content/plugins/blockskit/import/base-install/assets/base-install.js
Script Paths
/wp-content/plugins/blockskit/import/base-install/assets/base-install.js
Version Parameters
blockskit/style.css?ver=blockskit/script.js?ver=blockskit/import/base-install/assets/base-install.css?ver=blockskit/import/base-install/assets/base-install.js?ver=

HTML / DOM Fingerprints

CSS Classes
base-install-notice-outerbase-install-notice-innerbase-install-promptbase-install-contentbase-install-titlebase-install-btninstall-base-themeclose-base-notice+5 more
Data Attributes
data-slug
JS Globals
direct_install
FAQ

Frequently Asked Questions about Blockskit