WP-Safety

Blocksolid Security & Risk Analysis

wordpress.org/plugins/blocksolid

An overlay for the block editor to make it easier to use.

40 active installs v2.1.2 PHP 5.6+ WP 5.9+ Updated Nov 26, 2025
block-editorclassic-editorgutenberg-overlayvisual-composer-migrationwpbakery-migration
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Blocksolid Safe to Use in 2026?

Generally Safe

Score 100/100

Blocksolid has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The blocksolid plugin v2.1.2 demonstrates a generally good security posture. The static analysis reveals strong adherence to secure coding practices, with 100% of SQL queries utilizing prepared statements and a high rate of output escaping (94%). The absence of dangerous functions, external HTTP requests, and critical/high severity taint flows further contributes to its robustness. Furthermore, the plugin has no recorded vulnerability history, indicating a lack of publicly known exploits and a potentially mature development process.

However, a minor concern exists regarding the REST API. One out of three REST API routes lacks permission callbacks, creating an unprotected entry point. While not a critical flaw on its own, it represents a potential avenue for unauthorized access if sensitive functionality is exposed through that route. The presence of four AJAX handlers, while four have nonce checks, suggests that the remaining handlers should be carefully reviewed to ensure proper authorization and noncing are implemented to mitigate any potential risks.

In conclusion, blocksolid v2.1.2 is a well-developed plugin with strong security foundations. The primary area for improvement is addressing the unprotected REST API route to further harden its attack surface. The absence of historical vulnerabilities is a positive sign, but vigilance regarding the identified REST API and AJAX entry points is recommended.

Key Concerns

  • REST API route without permission callbacks
Vulnerabilities
None known

Blocksolid Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Blocksolid Release Timeline

v2.1.2Current
v2.1.1
v2.1.0
v2.0.9
v2.0.8
v2.0.7
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v1.3.4
v1.3.3
v1.3.2
v1.3.1
v1.3.0
v1.2.3
v1.2.2
v1.2.1
v1.1.8
v1.1.6
Code Analysis
Analyzed Mar 16, 2026

Blocksolid Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
20
322 escaped
Nonce Checks
4
Capability Checks
7
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

94% escaped342 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

3 flows
blocksolid_settings_init (blocksolid-core.php:1426)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Blocksolid Attack Surface

Entry Points7
Unprotected1

AJAX Handlers 4

authwp_ajax_blocksolid_vcconvert_convert_pageblocksolid-core.php:549
authwp_ajax_get_current_blocksolid_controlled_paletteblocksolid-core.php:1506
authwp_ajax_blocksolid_import_settingsblocksolid-core.php:1553
authwp_ajax_blocksolid_export_settingsblocksolid-core.php:1596

REST API Routes 3

POSTGET/wp-json/blocksolid/v1/get_current_overlay_active_setting_rest/(?P<user_id>\d+)blocksolid-core.php:2463
POSTGET/wp-json/blocksolid/v1/toggle_overlay_active_setting_rest/(?P<user_id>\d+)blocksolid-core.php:2521
POSTGET/wp-json/blocksolid/v1/initiate_vc_converter/(?P<post_id>\d+)blocksolid-core.php:2572
WordPress Hooks 26
actionadmin_enqueue_scriptsblocksolid-core.php:25
actionenqueue_block_assetsblocksolid-core.php:71
actionadmin_headblocksolid-core.php:75
actionwp_enqueue_scriptsblocksolid-core.php:105
actionwp_enqueue_scriptsblocksolid-core.php:125
actionenqueue_block_editor_assetsblocksolid-core.php:142
actionwp_enqueue_scriptsblocksolid-core.php:170
actionadmin_initblocksolid-core.php:191
actionadmin_headblocksolid-core.php:208
actionwp_enqueue_scriptsblocksolid-core.php:503
actionwp_enqueue_scriptsblocksolid-core.php:517
filterpage_row_actionsblocksolid-core.php:546
actionenqueue_block_assetsblocksolid-core.php:1065
filterblock_type_metadatablocksolid-core.php:1089
actionwp_enqueue_scriptsblocksolid-core.php:1172
filterdefault_contentblocksolid-core.php:1200
actionenqueue_block_assetsblocksolid-core.php:1232
actionadmin_enqueue_scriptsblocksolid-core.php:1496
actionadmin_initblocksolid-core.php:1818
actionadmin_menublocksolid-core.php:2244
actionadmin_menublocksolid-core.php:2322
actionrest_api_initblocksolid-core.php:2462
actionrest_api_initblocksolid-core.php:2520
actionrest_api_initblocksolid-core.php:2571
filterrender_blockblocksolid-core.php:2589
actioninitblocksolid-core.php:2627
Maintenance & Trust

Blocksolid Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedNov 26, 2025
PHP min version5.6
Downloads4K

Community Trust

Rating100/100
Number of ratings1
Active installs40
Alternatives

Blocksolid Alternatives

Classic Editor

Classic Editor

classic-editor

A
100

Enables the previous "classic" editor and the old-style Edit Post screen with TinyMCE, Meta Boxes, etc. Supports all plugins that extend this screen.

9.0M No CVEs
Advanced Editor Tools

Advanced Editor Tools

tinymce-advanced

A
100

Extends and enhances the block editor (Gutenberg) and the classic editor (TinyMCE).

2.0M 1 CVE
Disable Gutenberg

Disable Gutenberg

disable-gutenberg

A
100

Disable Gutenberg Block Editor and restore the Classic Editor and original Edit Post screen (TinyMCE, meta boxes, etc.).

600K No CVEs
Classic Editor and Classic Widgets

Classic Editor and Classic Widgets

classic-editor-and-classic-widgets

A
99

Disables Gutenberg editor totally everywhere and enables Classic Editor and Classic Widgets.

20K 2 CVEs
TCD Classic Editor

TCD Classic Editor

tcd-classic-editor

A
100

This is a classic editor extension plug-in for TCD users. It is currently offered as a beta board.

4K No CVEs
Developer Profile

Blocksolid Developer Profile

Peripatus Web Design

4 plugins · 70 total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Blocksolid

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/blocksolid/css/blocksolid-settings-styles.css/wp-content/plugins/blocksolid/js/blocksolid-settings.js/wp-content/plugins/blocksolid/css/blocksolid-admin-styles.css/wp-content/plugins/blocksolid/css/blocksolid-admin-styles-6.css/wp-content/plugins/blocksolid/css/blocksolid.css/wp-content/plugins/blocksolid/js/document_ready.js/wp-content/plugins/blocksolid/js/document_ready_backgrounds.js/wp-content/plugins/blocksolid/js/document_ready_stretch_row.js
Script Paths
/wp-content/plugins/blocksolid/js/blocksolid-settings.js/wp-content/plugins/blocksolid/js/document_ready.js/wp-content/plugins/blocksolid/js/document_ready_backgrounds.js/wp-content/plugins/blocksolid/js/document_ready_stretch_row.js
Version Parameters
blocksolid-settings-styles?ver=blocksolid-settings?ver=blocksolid-admin-styles?ver=blocksolid-admin-styles-6?ver=blocksolid?ver=document_ready.js?ver=document_ready_backgrounds.js?ver=document_ready_stretch_row.js?ver=

HTML / DOM Fingerprints

CSS Classes
blocksolid-overlay
Data Attributes
data-align="wide"
FAQ

Frequently Asked Questions about Blocksolid