Does Blog Designer have any unpatched vulnerabilities?

Yes — Blog Designer currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Blog Designer compatible with WordPress 6.6.5?

According to WordPress.org data, Blog Designer 3.1.8 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Blog Designer compatible with PHP 7.0+?

Blog Designer requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Blog Designer updated?

Blog Designer was last updated on Aug 12, 2024. Frequent updates are generally a positive security signal.

What is Blog Designer's security score?

Blog Designer has a WP-Safety security score of 66/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Blog Designer Security & Risk Analysis

wordpress.org/plugins/blog-designer

Allows you to create and modify your blog page with 15 unique blog layouts. A quick and easy way to change blog page designs with so easy steps.

10K active installs v3.1.8 PHP 7.0+ WP 5.6+ Updated Aug 12, 2024

blog-designblog-layoutblog-templatecustom-blog-templatewordpress-blog

C · Use Caution

CVEs total2

Unpatched1

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is Blog Designer Safe to Use in 2026?

Use With Caution

Score 66/100

Blog Designer has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

2 known CVEs 1 unpatched Last CVE: Sep 22, 2025Updated 1yr ago

Risk Assessment

The "blog-designer" v3.1.8 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices in its handling of SQL queries, exclusively using prepared statements, and a high percentage of properly escaped output. The absence of dangerous functions, file operations, and critical/high severity taint flows suggests a solid foundation for secure coding. However, significant concerns arise from its attack surface and vulnerability history. The presence of one AJAX handler without authentication checks is a direct vulnerability that could be exploited. Furthermore, the plugin has a history of two known CVEs, with one currently unpatched, specifically a high-severity vulnerability. The common vulnerability types (Missing Authorization, Cross-site Scripting) coupled with a recent high-severity unpatched vulnerability are strong indicators of potential future security weaknesses. While the plugin shows some strengths in secure coding practices, the identified unprotected entry point and the unpatched high-severity vulnerability in its history introduce a considerable risk.

Key Concerns

Unprotected AJAX handler
Currently unpatched high severity CVE
History of Missing Authorization vulnerabilities
History of Cross-site Scripting vulnerabilities

Vulnerabilities

Blog Designer Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2025-57990medium · 5.4Missing Authorization

Blog Designer <= 3.1.8 - Missing Authorization

Sep 22, 2025Unpatched

WF-33727746-4481-4b7f-8d2a-100027b7d1c3-blog-designerhigh · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Blog Designer <=1.8.10 - Unauthenticated Stored Cross-Site Scripting

May 1, 2019 Patched in 1.8.12 (1728d)

Code Analysis

Analyzed Mar 16, 2026

Blog Designer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

145

1107 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

88% escaped1252 total outputs

Data Flows

All sanitized

Data Flow Analysis

9 flows

bd_save_settings (admin\class-blog-designer-lite-admin.php:255)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Blog Designer Attack Surface

Entry Points11

Unprotected1

AJAX Handlers 8

noprivwp_ajax_bd_get_page_linkadmin\class-blog-designer-lite-admin.php:38

authwp_ajax_bd_get_page_linkadmin\class-blog-designer-lite-admin.php:39

authwp_ajax_bd_closed_bdboxesadmin\class-blog-designer-lite-admin.php:40

authwp_ajax_bd_template_search_resultadmin\class-blog-designer-lite-admin.php:41

authwp_ajax_bd_create_sample_layoutadmin\class-blog-designer-lite-admin.php:42

authwp_ajax_bd_submit_optinadmin\class-blog-designer-lite-admin.php:47

noprivwp_ajax_get_loadmore_blogpublic\class-blog-designer-lite-public.php:34

authwp_ajax_get_loadmore_blogpublic\class-blog-designer-lite-public.php:35

Shortcodes 3

[fsn_blog_designer] admin\class-blog-designer-lite-admin.php:45

[wp_blog_designer] public\class-blog-designer-lite-public.php:32

[wp_blog_designer_ticker] public\class-blog-designer-lite-public.php:33

WordPress Hooks 26

actionadmin_enqueue_scriptsadmin\class-blog-designer-lite-admin.php:29

actionadmin_enqueue_scriptsadmin\class-blog-designer-lite-admin.php:30

actionadmin_menuadmin\class-blog-designer-lite-admin.php:31

actionadmin_initadmin\class-blog-designer-lite-admin.php:32

actionadmin_initadmin\class-blog-designer-lite-admin.php:33

actionadmin_initadmin\class-blog-designer-lite-admin.php:34

actionadmin_headadmin\class-blog-designer-lite-admin.php:35

actionadmin_initadmin\class-blog-designer-lite-admin.php:36

actionadmin_initadmin\class-blog-designer-lite-admin.php:37

actioncurrent_screenadmin\class-blog-designer-lite-admin.php:43

actioninitadmin\class-blog-designer-lite-admin.php:44

actionadmin_initadmin\class-blog-designer-lite-admin.php:46

filteradmin_footer_textadmin\class-blog-designer-lite-admin.php:633

actionadmin_headblog-designer.php:27

actionplugins_loadedblog-designer.php:28

actionvc_before_initblog-designer.php:29

actioninitincludes\blog_designer_block\index.php:16

actionplugins_loadedincludes\promo-notice.php:9

actionadmin_noticesincludes\promo-notice.php:32

actionadmin_noticesincludes\promo_notice.php:33

actionwp_headpublic\class-blog-designer-lite-public.php:29

actionwp_enqueue_scriptspublic\class-blog-designer-lite-public.php:30

filterexcerpt_lengthpublic\class-blog-designer-lite-public.php:31

filterexcerpt_morepublic\class-blog-designer-lite-public.php:123

filterexcerpt_morepublic\class-blog-designer-lite-public.php:879

actionwidgets_initpublic\class-blog-designer-scroll-widget.php:21

Maintenance & Trust

Blog Designer Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedAug 12, 2024

PHP min version7.0

Downloads965K

Community Trust

Rating80/100

Number of ratings167

Active installs10K

Alternatives

Blog Designer Alternatives

Starter Blog Templates For Faith Blog

starter-blog-templates-for-faith-blog

This Plugin Will only Work With Faith Blog WordPress Theme

30 No CVEs

WP Blog and Widgets

wp-blog-and-widgets

A quick, easy way to add a Blog custom post type, Blog widget to WordPress. Also, work with the Gutenberg shortcode block.

8K 1 CVE

Blogsqode – Blog Layouts and News Post Design

blogsqode-posts

100

Blogsqode is an effective and user-friendly way to beautify your blog pages on your websites.

400 No CVEs

Simple Blog Layout

simple-blog-layout

Simple Plugin for Blog a custom blog layout

10 No CVEs

Netroics Blog Posts Grid

netroics-blog-posts-grid

Netroics Blog Posts Grid is best wordpress plugin to display blog posts at your website! If You use this plugin you will get blog posts awesome design …

0 1 unpatched

Developer Profile

Blog Designer Developer Profile

solwininfotech

7 plugins · 14K total installs

trust score

Avg Security Score

82/100

Avg Patch Time

642 days

View full developer profile

Detection Fingerprints

How We Detect Blog Designer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/blog-designer/public/css/bd-style.css/wp-content/plugins/blog-designer/public/css/bd-shortcode.css/wp-content/plugins/blog-designer/admin/css/admin-style.css/wp-content/plugins/blog-designer/public/css/bd-animations.css/wp-content/plugins/blog-designer/public/css/slick.css/wp-content/plugins/blog-designer/public/css/slick-theme.css

Script Paths

/wp-content/plugins/blog-designer/public/js/bd-script.js/wp-content/plugins/blog-designer/public/js/bd-shortcode.js/wp-content/plugins/blog-designer/public/js/slick.js/wp-content/plugins/blog-designer/public/js/jquery.sticky-kit.js/wp-content/plugins/blog-designer/admin/js/bd-admin-script.js

Version Parameters

blog-designer/public/css/bd-style.css?ver=blog-designer/public/css/bd-shortcode.css?ver=blog-designer/admin/css/admin-style.css?ver=blog-designer/public/css/bd-animations.css?ver=blog-designer/public/css/slick.css?ver=blog-designer/public/css/slick-theme.css?ver=blog-designer/public/js/bd-script.js?ver=blog-designer/public/js/bd-shortcode.js?ver=blog-designer/public/js/slick.js?ver=blog-designer/public/js/jquery.sticky-kit.js?ver=blog-designer/admin/js/bd-admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

blog_designer_sectionbd_upgrade_linkbd_blog_designbd_post_loopbd_grid_layoutbd_list_layoutbd_metro_layoutbd_masonry_layout+1 more

HTML Comments

+22 more

Data Attributes

data-bd-post-iddata-bd-layout-typedata-bd-columnsdata-bd-auto-playdata-bd-infinite-loopdata-bd-animation-speed+7 more

JS Globals

BLOGDESIGNER_URLBLOGDESIGNER_DIRbd_admin_objectbd_public_object

Shortcode Output

[wp_blog_designer][fsn_blog_designer]

FAQ