WP-Safety

BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor Security & Risk Analysis

wordpress.org/plugins/blockspare

Highly customizable Gutenberg blocks and starter templates to build blogs, magazines, and business websites. Create post grids, sliders, filters, and …

10K active installs v3.3.0 PHP 5.3+ WP 4.9+ Updated Feb 23, 2026
bloggutenberg-blocksmagazinenewsstarter-templates
95
A · Safe
CVEs total6
Unpatched0
Last CVEOct 16, 2025
Plugin page Download
Safety Verdict

Is BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor Safe to Use in 2026?

Generally Safe

Score 95/100

BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Oct 16, 2025Updated 1mo ago
Risk Assessment

The 'blockspare' plugin v3.3.0 demonstrates a generally good security posture with several strong practices in place. The static analysis reveals a limited attack surface with all identified entry points (AJAX handlers and REST API routes) having authentication checks. The code also shows diligent use of prepared statements for SQL queries and a high percentage of properly escaped output, minimizing risks of SQL injection and cross-site scripting from direct code vulnerabilities. Nonce and capability checks are frequently implemented, indicating an awareness of common WordPress security measures. However, a significant concern arises from the taint analysis, which identified two flows with unsanitized paths. While no critical or high severity issues were reported from these, unsanitized paths can often lead to exploitable vulnerabilities if not handled carefully, especially in conjunction with external HTTP requests.

The plugin's vulnerability history is a major red flag. With six known CVEs, all of medium severity, and a recent vulnerability reported in October 2025, this pattern suggests a recurring issue with maintaining a secure codebase. The common vulnerability types of "Exposure of Sensitive Information to an Unauthorized Actor" and "Cross-site Scripting" are particularly worrying. Although currently there are no unpatched CVEs, the sheer volume of past vulnerabilities, even if medium severity, indicates a potential for future undiscovered issues or a struggle with robust security across all code paths. The presence of an outdated bundled library (Freemius v1.0) is also a minor concern that could be addressed.

In conclusion, while 'blockspare' v3.3.0 has commendable defensive coding practices in place, the identified unsanitized paths in taint analysis and a concerning history of medium-severity vulnerabilities necessitate careful consideration. The plugin's strengths lie in its protected entry points and proper SQL handling, but the recurring vulnerability types and the presence of unsanitized data flows present a notable risk that should be closely monitored and potentially mitigated.

Key Concerns

  • Taint flow with unsanitized paths detected
  • Significant number of past medium severity CVEs
  • Bundled outdated library (Freemius v1.0)
Vulnerabilities
6

BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor Security Vulnerabilities

CVEs by Year

3 CVEs in 2024
2024
3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
6

6 total CVEs

CVE-2025-62026medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

Blockspare <= 3.2.13.2 - Authenticated (Contributor+) Sensitive Information Exposure

Oct 16, 2025 Patched in 3.2.14 (8d)
CVE-2025-4684medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites <= 3.2.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Carousel and Image Slider Widgets

Jul 31, 2025 Patched in 3.2.13.2 (1d)
CVE-2025-47495medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Blockspare <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 7, 2025 Patched in 3.2.10 (7d)
CVE-2024-47363medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Blockspare <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 30, 2024 Patched in 3.2.5 (11d)
CVE-2024-8325medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gutenberg Page Builder Blocks & Ready-Made Patterns Library <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 3, 2024 Patched in 3.2.5 (1d)
CVE-2024-43164medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Blockspare <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 7, 2024 Patched in 3.2.1 (8d)
Code Analysis
Analyzed Mar 16, 2026

BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
69
591 escaped
Nonce Checks
6
Capability Checks
16
File Operations
0
External Requests
1
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared4 total queries

Output Escaping

90% escaped660 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
bs_load_more (inc\block-posts-config\ajax-pagination.php:3)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 2

authwp_ajax_bs_load_moreinc\block-posts-config\ajax-pagination.php:187
noprivwp_ajax_bs_load_moreinc\block-posts-config\ajax-pagination.php:188

REST API Routes 1

GET/wp-json/blockspare-save-templates/v1/save_templatesinc\layout\save-templates.php:4
WordPress Hooks 46
actionwp_dashboard_setupadmin\admin-init.php:18
actionadmin_menuadmin\index.php:16
actionadmin_enqueue_scriptsadmin\index.php:18
actionadmin_initadmin\index.php:20
filterplugin_row_metaadmin\index.php:24
actionadmin_noticesadmin\notice-setup.php:36
filterblockspare_setup_notice_dismissadmin\notice-setup.php:165
filterblockspare_setup_notice_dismissadmin\notice-setup.php:167
actionadmin_noticesadmin\notice-upgrade.php:35
filterblockspare_upgrade_notice_dismissadmin\notice-upgrade.php:156
filterblockspare_upgrade_notice_dismissadmin\notice-upgrade.php:158
actionadmin_noticesblockspare.php:31
actionadmin_noticesblockspare.php:33
filterrender_blockinc\fonts.php:28
filterwp_footerinc\fonts.php:78
actioninitinc\init.php:27
actionenqueue_block_editor_assetsinc\init.php:28
actionwp_enqueue_scriptsinc\init.php:30
actionenqueue_block_assetsinc\init.php:32
actionplugins_loadedinc\init.php:34
actionrest_api_initinc\init.php:35
actioninitinc\latest-post-block\posts-carousel-grid\index.php:266
actioninitinc\latest-post-block\posts-express-grid\index.php:92
actioninitinc\latest-post-block\posts-flash\index.php:313
actioninitinc\latest-post-block\posts-grid\index.php:77
actioninitinc\latest-post-block\posts-list\index.php:92
actionrest_api_initinc\latest-post-block\posts-list\index.php:159
actioninitinc\latest-post-block\posts-slider\index.php:420
actionplugins_loadedinc\layout\components.php:10
actionrest_api_initinc\layout\endpoints.php:32
actionrest_api_initinc\layout\save-templates.php:2
actioninitinc\layout\save-templates.php:76
actioninitinc\other-block\date-time\index.php:96
actioninitinc\other-block\popular-tags\index.php:120
actioninitinc\other-block\search\index.php:156
actioninitinc\other-block\social-sharing\index.php:37
actionwp_footerinc\other-block\social-sharing\index.php:63
filtertheme_page_templatesinc\page-templates\module.php:3
filtertemplate_includeinc\page-templates\module.php:14
actioninitinc\pattern\pattern.php:58
actioninitinc\post-banner\banner-1\index.php:81
actioninitinc\post-banner\banner-2\index.php:94
actioninitinc\post-banner\banner-9\index.php:87
filterblockspare_template_libraryinc\template-library\init.php:17
actionadmin_noticesinc\welcome.php:57
actionadmin_menuinc\welcome.php:84
Maintenance & Trust

BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 23, 2026
PHP min version5.3
Downloads811K

Community Trust

Rating98/100
Number of ratings30
Active installs10K
Alternatives

BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor Alternatives

Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons

Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons

gutenverse-news

A
98

Create professional news, blog, or magazine layouts with the best Gutenberg blocks editor, Full Site Editor, and ready to import template library.

900 2 CVEs
WP News – WordPress News / Magazine Plugin

WP News – WordPress News / Magazine Plugin

wp-news-magazine

A
100

WP News is a elementor 14+ addons, 6+ WordPress Default widgets For WordPress.

300 1 CVE
PostExtra – News and Magazine Blog Post Blocks for Gutenberg & FSE

PostExtra – News and Magazine Blog Post Blocks for Gutenberg & FSE

post-extra

A
100

Magazine‑style post grids, lists, and carousels for Gutenberg and FSE – design high‑engagement blog and news layouts without coding.

100 No CVEs
Yasothon

Yasothon

yasothon-blocks

A
85

Yasothon is a cool plugin for the Pages editor that have many several blocks to custom your homepage. It is easy to use you just add block and select &hellip;

0 No CVEs
RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging

RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging

wp-rss-aggregator

A
92

The #1 WordPress RSS aggregator to quickly import RSS feeds, build a news aggregator, and for easy autoblogging.

50K 13 CVEs
Developer Profile

BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor Developer Profile

Blockspare

1 plugin · 10K total installs

97
trust score
Avg Security Score
95/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/blockspare/admin/assets/css/style.css/wp-content/plugins/blockspare/dist/block_admin_dashboard.js/wp-content/plugins/blockspare/dist/style-block_admin_dashboard.css/wp-content/plugins/blockspare/admin/assets/images/blockspare-logo.png
Script Paths
/wp-content/plugins/blockspare/dist/block_admin_dashboard.js

HTML / DOM Fingerprints

CSS Classes
blockspare-pro-link
Data Attributes
data-blockspare-version
JS Globals
blockspare_dashboard_logo
FAQ

Frequently Asked Questions about BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor