Does BlockStrap Page Builder – Bootstrap Blocks have any unpatched vulnerabilities?

No. All known vulnerabilities in BlockStrap Page Builder – Bootstrap Blocks have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BlockStrap Page Builder – Bootstrap Blocks compatible with WordPress 6.9.4?

According to WordPress.org data, BlockStrap Page Builder – Bootstrap Blocks 0.1.53 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is BlockStrap Page Builder – Bootstrap Blocks compatible with PHP 7.2+?

BlockStrap Page Builder – Bootstrap Blocks requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is BlockStrap Page Builder – Bootstrap Blocks updated?

BlockStrap Page Builder – Bootstrap Blocks was last updated on Mar 10, 2026. Frequent updates are generally a positive security signal.

What is BlockStrap Page Builder – Bootstrap Blocks's security score?

BlockStrap Page Builder – Bootstrap Blocks has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BlockStrap Page Builder – Bootstrap Blocks Security & Risk Analysis

wordpress.org/plugins/blockstrap-page-builder-blocks

BlockStrap Page Builder - Bootstrap Blocks combines Bootstrap's power with the block editor's versatility.

2K active installs v0.1.53 PHP 7.2+ WP 6.0+ Updated Mar 10, 2026

blocksbootstrapbuilderdesignpage-builder

A · Safe

CVEs total1

Unpatched0

Last CVEJun 5, 2025

Plugin page Download

Safety Verdict

Is BlockStrap Page Builder – Bootstrap Blocks Safe to Use in 2026?

Generally Safe

Score 99/100

BlockStrap Page Builder – Bootstrap Blocks has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jun 5, 2025Updated 24d ago

Risk Assessment

The "blockstrap-page-builder-blocks" plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices regarding database interactions, utilizing prepared statements for all SQL queries and a high percentage of properly escaped output. It also includes nonce checks on its entry points and no file operations are performed, which are strong security indicators.

However, significant concerns arise from its attack surface. The plugin exposes two AJAX handlers, both of which lack authentication checks. This represents a substantial risk, as any unauthenticated user could potentially interact with these handlers and trigger unintended actions. The absence of capability checks for these entry points further exacerbates this risk. While taint analysis shows no current issues, the previous vulnerability history, including a medium-severity Cross-site Scripting (XSS) flaw, suggests a pattern of potential input validation weaknesses. The fact that the last vulnerability was in the future (2025-06-05) is likely a data anomaly, but the presence of a past medium-severity XSS is a key concern.

In conclusion, while the plugin has strengths in its handling of SQL and output escaping, the unprotected AJAX endpoints present a critical security gap. Coupled with the historical XSS vulnerability, this plugin requires careful monitoring and immediate attention to its authentication mechanisms for AJAX handlers.

Key Concerns

AJAX handlers without authentication checks
Lack of capability checks on entry points
Past medium severity vulnerability (XSS)
Bundled library (Select2)

Vulnerabilities

BlockStrap Page Builder – Bootstrap Blocks Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-30951medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BlockStrap Page Builder - Bootstrap Blocks <= 0.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 5, 2025 Patched in 0.1.37 (43d)

Code Analysis

Analyzed Mar 16, 2026

BlockStrap Page Builder – Bootstrap Blocks Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

379 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared7 total queries

Output Escaping

97% escaped391 total outputs

Attack Surface

2 unprotected

BlockStrap Page Builder – Bootstrap Blocks Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_blockstrap_pbb_contactclasses\class-blockstrap-blocks-ajax.php:21

noprivwp_ajax_blockstrap_pbb_contactclasses\class-blockstrap-blocks-ajax.php:22

WordPress Hooks 77

actionwidgets_initblocks\class-blockstrap-widget-accordion-item.php:302

actionwidgets_initblocks\class-blockstrap-widget-accordion.php:333

actionwidgets_initblocks\class-blockstrap-widget-alert.php:377

actionwp_footerblocks\class-blockstrap-widget-archive-actions.php:396

actionwidgets_initblocks\class-blockstrap-widget-archive-actions.php:549

actionpre_get_postsblocks\class-blockstrap-widget-archive-actions.php:615

filterget_the_archive_title_prefixblocks\class-blockstrap-widget-archive-title.php:258

actionwidgets_initblocks\class-blockstrap-widget-archive-title.php:294

actionwidgets_initblocks\class-blockstrap-widget-breadcrumb.php:516

actionwidgets_initblocks\class-blockstrap-widget-button.php:653

actionwp_footerblocks\class-blockstrap-widget-contact.php:818

actionwp_footerblocks\class-blockstrap-widget-contact.php:827

actionwp_footerblocks\class-blockstrap-widget-contact.php:913

actionwidgets_initblocks\class-blockstrap-widget-contact.php:1092

actionwidgets_initblocks\class-blockstrap-widget-container.php:427

actionwidgets_initblocks\class-blockstrap-widget-counter.php:472

actionwidgets_initblocks\class-blockstrap-widget-gallery.php:678

actionwidgets_initblocks\class-blockstrap-widget-heading.php:300

actionwp_enqueue_scriptsblocks\class-blockstrap-widget-headline.php:538

actionwp_enqueue_scriptsblocks\class-blockstrap-widget-headline.php:540

actionwidgets_initblocks\class-blockstrap-widget-headline.php:718

actionwidgets_initblocks\class-blockstrap-widget-icon-box.php:1151

actionwidgets_initblocks\class-blockstrap-widget-image.php:759

actionwidgets_initblocks\class-blockstrap-widget-map.php:487

actionwp_footerblocks\class-blockstrap-widget-modal.php:490

actionwidgets_initblocks\class-blockstrap-widget-modal.php:652

actionwidgets_initblocks\class-blockstrap-widget-nav-dropdown.php:383

actionwidgets_initblocks\class-blockstrap-widget-nav-item.php:659

actionwp_enqueue_scriptsblocks\class-blockstrap-widget-nav.php:357

actionwidgets_initblocks\class-blockstrap-widget-nav.php:381

actionwidgets_initblocks\class-blockstrap-widget-navbar-brand.php:321

actionwidgets_initblocks\class-blockstrap-widget-navbar.php:233

actionwp_footerblocks\class-blockstrap-widget-offcanvas.php:502

actionwidgets_initblocks\class-blockstrap-widget-offcanvas.php:666

actionwidgets_initblocks\class-blockstrap-widget-pagination.php:626

actionwidgets_initblocks\class-blockstrap-widget-post-excerpt.php:315

actionwidgets_initblocks\class-blockstrap-widget-post-info.php:794

actionwidgets_initblocks\class-blockstrap-widget-post-title.php:328

actionwidgets_initblocks\class-blockstrap-widget-rating.php:417

actionwp_footerblocks\class-blockstrap-widget-scroll-top.php:236

actionwidgets_initblocks\class-blockstrap-widget-scroll-top.php:296

actionwidgets_initblocks\class-blockstrap-widget-search.php:426

actionwidgets_initblocks\class-blockstrap-widget-shape-divider.php:236

actionwidgets_initblocks\class-blockstrap-widget-share.php:740

actionwidgets_initblocks\class-blockstrap-widget-skip-links.php:254

actionwidgets_initblocks\class-blockstrap-widget-tab.php:256

actionwidgets_initblocks\class-blockstrap-widget-tabs.php:416

actionplugins_loadedblockstrap-page-builder-blocks.php:46

actionenqueue_block_editor_assetsblockstrap-page-builder-blocks.php:63

filterrender_blockblockstrap-page-builder-blocks.php:64

filterayecode-ui-settingsblockstrap-page-builder-blocks.php:65

filterayecode-ui-default-settingsblockstrap-page-builder-blocks.php:66

actionadmin_noticesclasses\class-blockstrap-blocks-admin.php:22

actionswitch_themeclasses\class-blockstrap-blocks-admin.php:25

actioncreate_termclasses\class-blockstrap-blocks-admin.php:36

actionedit_termclasses\class-blockstrap-blocks-admin.php:37

filteraui_screen_idsclasses\class-blockstrap-blocks-admin.php:40

actioncomment_form_default_fieldsclasses\class-blockstrap-blocks-comments.php:16

actioncomment_form_defaultsclasses\class-blockstrap-blocks-comments.php:17

filterblockstrap_pattern_page_content_archive_defaultclasses\class-blockstrap-blocks-templates.php:23

filterblockstrap_pattern_part_comments_defaultpatterns\comments.php:50

filterblockstrap_pattern_feature_home_defaultpatterns\content.php:36

filterblockstrap_pattern_page_content_404_defaultpatterns\content.php:68

filterblockstrap_pattern_page_content_archive_defaultpatterns\content.php:96

filterblockstrap_pattern_page_content_search_defaultpatterns\content.php:97

filterblockstrap_pattern_page_content_page_defaultpatterns\content.php:127

filterblockstrap_pattern_page_content_post_defaultpatterns\content.php:185

filterblockstrap_pattern_page_content_page_sidebar_left_defaultpatterns\content.php:215

filterblockstrap_pattern_page_content_page_sidebar_right_defaultpatterns\content.php:244

filterblockstrap_pattern_part_main_defaultpatterns\content.php:283

filterblockstrap_pattern_footer_defaultpatterns\footer.php:101

filterblockstrap_pattern_header_defaultpatterns\header.php:28

filterblockstrap_pattern_hero_home_defaultpatterns\hero.php:46

filterblockstrap_pattern_hero_404_defaultpatterns\hero.php:77

filterblockstrap_pattern_hero_archive_defaultpatterns\hero.php:107

filterblockstrap_pattern_hero_page_defaultpatterns\hero.php:135

filterblockstrap_pattern_hero_post_defaultpatterns\hero.php:165

Maintenance & Trust

BlockStrap Page Builder – Bootstrap Blocks Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 10, 2026

PHP min version7.2

Downloads51K

Community Trust

Rating90/100

Number of ratings4

Active installs2K

Alternatives

BlockStrap Page Builder – Bootstrap Blocks Alternatives

Bootstrap Blocks for WP Editor v2

wp-editor-bootstrap-blocks

The essential WP Editor Plugin for Bootstrap websites. Fully manageable responsive containers, rows and columns. Without coding.

300 1 CVE

Gutenwave Blocks – Gutenberg Page Builder Blocks for Block Editor & FSE

gutenwave-blocks

100

Build stunning websites with Gutenberg. Free responsive blocks, starter templates & full site editing support in one lightweight plugin.

50 No CVEs

Blocks Grid Builder For Bootstrap

blocks-grid-builder-for-bootstrap

Build complex Bootstrap gird throw modern drag/drop and resizable interface throw WordPress Gutenberg editor, With just few clicks from your mouse you …

10 No CVEs

Universal Blocks – Drag & Drop Page Builder Blocks and Patterns for Gutenberg Block Editor

universal-blocks

A powerful drag-and-drop page builder plugin for Gutenberg, designed to simplify website design and content creation.

0 No CVEs

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

20+ AI-powered Gutenberg Blocks with endless options, enabling top-notch efficiency for high-performance dynamic website creation.

600K 31 CVEs

Developer Profile

BlockStrap Page Builder – Bootstrap Blocks Developer Profile

Stiofan

12 plugins · 90K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

191 days

View full developer profile

Detection Fingerprints

How We Detect BlockStrap Page Builder – Bootstrap Blocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/blockstrap-page-builder-blocks/assets/js/blockstrap-block-filters.js/wp-content/plugins/blockstrap-page-builder-blocks/assets/js/blockstrap-block-filters-new.js/wp-content/plugins/blockstrap-page-builder-blocks/assets/css/style.css/wp-content/plugins/blockstrap-page-builder-blocks/assets/css/block-editor.css/wp-content/plugins/blockstrap-page-builder-blocks/assets/js/animated-headline.min.js/wp-content/plugins/blockstrap-page-builder-blocks/assets/js/highlight-headline.min.js/wp-content/plugins/blockstrap-page-builder-blocks/assets/css/animated-headline.css

Script Paths

blockstrap-page-builder-blocks/assets/js/blockstrap-block-filters.jsblockstrap-page-builder-blocks/assets/js/blockstrap-block-filters-new.jsblockstrap-page-builder-blocks/assets/js/animated-headline.min.jsblockstrap-page-builder-blocks/assets/js/highlight-headline.min.js

Version Parameters

blockstrap-page-builder-blocks/assets/js/blockstrap-block-filters.js?ver=blockstrap-page-builder-blocks/assets/js/blockstrap-block-filters-new.js?ver=blockstrap-page-builder-blocks/assets/css/style.css?ver=blockstrap-page-builder-blocks/assets/css/block-editor.css?ver=blockstrap-page-builder-blocks/assets/js/animated-headline.min.js?ver=blockstrap-page-builder-blocks/assets/js/highlight-headline.min.js?ver=blockstrap-page-builder-blocks/assets/css/animated-headline.css?ver=

HTML / DOM Fingerprints

CSS Classes

blockstrap-containerblockstrap-navbarblockstrap-nav-itemblockstrap-buttonblockstrap-headingblockstrap-post-titleblockstrap-widget-archive-titleblockstrap-widget-image

HTML Comments

<!-- @todo WP 6.2.1+ broke shortcodes, the order they added the code back broke other things, we need this till they revert it: https://core.trac.wordpress.org/ticket/58366#comment:37 -->

<!-- @todo remove this or make it more specific once this bug is resolved https://github.com/WordPress/gutenberg/issues/35258 -->

Data Attributes

data-blockstrap-elementdata-blockstrap-type

JS Globals

BLOCKSTRAP_BLOCKS_VERSIONBLOCKSTRAP_BLOCKS_PLUGIN_URLBLOCKSTRAP_BLOCKS_PLUGIN_FILEBLOCKSTRAP_BLOCKS_PLUGIN_DIR

Shortcode Output

[bs_button[bs_container[bs_heading[bs_navbar

FAQ