Does Blog Designer – Post and Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in Blog Designer – Post and Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Blog Designer – Post and Widget compatible with WordPress 6.9.4?

According to WordPress.org data, Blog Designer – Post and Widget 2.7.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Blog Designer – Post and Widget updated?

Blog Designer – Post and Widget was last updated on Feb 19, 2026. Frequent updates are generally a positive security signal.

What is Blog Designer – Post and Widget's security score?

Blog Designer – Post and Widget has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Blog Designer – Post and Widget Security & Risk Analysis

wordpress.org/plugins/blog-designer-for-post-and-widget

Display Post on your website with 2 designs(Grid and Slider) with 1 widget. Also work with Gutenberg shortcode block.

5K active installs v2.7.7 PHP + WP 4.0+ Updated Feb 19, 2026

blog-post-widgetpost-designpost-designerpost-layout-designrecent-post-slider

A · Safe

CVEs total1

Unpatched0

Last CVEJan 4, 2023

Download

Safety Verdict

Is Blog Designer – Post and Widget Safe to Use in 2026?

Generally Safe

Score 100/100

Blog Designer – Post and Widget has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 4, 2023Updated 1mo ago

Risk Assessment

The plugin 'blog-designer-for-post-and-widget' version 2.7.7 exhibits a generally good security posture with several strengths. The absence of unauthenticated AJAX handlers and REST API routes, along with 100% of SQL queries using prepared statements, indicates a strong focus on preventing common web vulnerabilities. The high percentage of properly escaped output (94%) and the presence of nonce and capability checks on all identified entry points further contribute to its defensive mechanisms. However, the presence of the `unserialize` function raises a potential concern, as it can be exploited if not handled with extreme caution to prevent object injection vulnerabilities. The plugin's vulnerability history shows one past medium-severity Cross-Site Scripting (XSS) vulnerability, which was patched. While there are no currently unpatched vulnerabilities, this historical pattern suggests that developers should remain vigilant about input sanitization, particularly around user-supplied data that might be unserialized or used in output.

Key Concerns

Presence of unserialize function
Past medium severity XSS vulnerability

Vulnerabilities

Blog Designer – Post and Widget Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2022-4793medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Blog Designer - Post and Widget <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Jan 4, 2023 Patched in 2.4 (384d)

Code Analysis

Analyzed Mar 16, 2026

Blog Designer – Post and Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

399 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$info = @unserialize($data);wpos-analytics\includes\class-anylc-admin.php:696

Output Escaping

94% escaped426 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<solutions-features> (includes\admin\settings\solution-features\solutions-features.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Blog Designer – Post and Widget Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[wpspw_post] includes\shortcode\wpsp-post.php:187

[wpspw_recent_post_slider] includes\shortcode\wpsp-recent-post-slider.php:177

WordPress Hooks 28

actionplugins_loadedblog-designer-post-and-widget.php:103

actionupdate_option_active_pluginsblog-designer-post-and-widget.php:131

actionadmin_noticesblog-designer-post-and-widget.php:190

actionadmin_menuincludes\admin\class-bdpw-admin.php:20

actionadmin_initincludes\admin\class-bdpw-admin.php:23

actioninitincludes\admin\supports\gutenberg-block.php:210

actionenqueue_block_editor_assetsincludes\admin\supports\gutenberg-block.php:233

filterblock_categories_allincludes\admin\supports\gutenberg-block.php:254

actionadmin_enqueue_scriptsincludes\class-bdpw-script.php:20

actionwp_enqueue_scriptsincludes\class-bdpw-script.php:23

actionwidgets_initincludes\widget\latest-post-widget.php:20

actionadmin_menuwpos-analytics\includes\class-anylc-admin.php:45

actionadmin_menuwpos-analytics\includes\class-anylc-admin.php:48

actionadmin_initwpos-analytics\includes\class-anylc-admin.php:51

actionadmin_noticeswpos-analytics\includes\class-anylc-admin.php:54

actionadmin_footerwpos-analytics\includes\class-anylc-admin.php:57

actionwp_loadedwpos-analytics\includes\class-anylc-admin.php:60

actioninitwpos-analytics\includes\class-anylc-admin.php:63

filtercron_scheduleswpos-analytics\includes\class-anylc-admin.php:66

actionwpos_monthly_cron_hookwpos-analytics\includes\class-anylc-admin.php:69

actionrest_api_initwpos-analytics\includes\class-anylc-admin.php:72

filterrest_pre_serve_requestwpos-analytics\includes\class-anylc-admin.php:585

actionadmin_enqueue_scriptswpos-analytics\includes\class-anylc-script.php:20

actionactivated_pluginwpos-analytics\wpos-analytics.php:244

actionplugins_loadedwpos-analytics\wpos-analytics.php:258

actionadmin_menuwpos-plugins\includes\admin\class-espbw-admin.php:19

actionadmin_enqueue_scriptswpos-plugins\includes\class-espbw-script.php:19

actionplugins_loadedwpos-plugins\wpos-recommendation.php:185

Scheduled Events 1

wpos_monthly_cron_hook

Maintenance & Trust

Blog Designer – Post and Widget Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 19, 2026

PHP min version

Downloads256K

Community Trust

Rating94/100

Number of ratings23

Active installs5K

Alternatives

Blog Designer – Post and Widget Alternatives

WP Responsive Recent Post Slider/Carousel

wp-responsive-recent-post-slider

100

Display Responsive Recent Post Slider and Carousel on your site with 4 designs (Slider) and 1 designs (Carousel) using shortcode and Gutenberg block.

20K 1 CVE

Carousel, Recent Post Slider and Banner Slider

spice-post-slider

100

Display your blog posts with a responsive, customizable slider that works smoothly on all devices.

8K 1 CVE

BlogLentor – Blog Designer Pack for Elementor

bloglentor-for-elementor

Design and modify your blog with creative layouts. You can easily design your blog posts with slider, Carousel and different skins with pagination.

5K 1 unpatched

Blogsqode – Blog Layouts and News Post Design

blogsqode-posts

100

Blogsqode is an effective and user-friendly way to beautify your blog pages on your websites.

400 No CVEs

Smart Post Block – Post Grid Gutenberg Blocks

smart-post-block

A powerful Gutenberg block plugin for post layouts, post design, news magazine layouts, and blog post styling.

20 No CVEs

Developer Profile

Blog Designer – Post and Widget Developer Profile

Essential Plugin

33 plugins · 205K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

219 days

View full developer profile

Detection Fingerprints

How We Detect Blog Designer – Post and Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/blog-designer-for-post-and-widget/assets/css/blog-designer-style.css/wp-content/plugins/blog-designer-for-post-and-widget/assets/css/style.css/wp-content/plugins/blog-designer-for-post-and-widget/assets/css/custom.css/wp-content/plugins/blog-designer-for-post-and-widget/assets/css/owl.carousel.css/wp-content/plugins/blog-designer-for-post-and-widget/assets/css/slick.css/wp-content/plugins/blog-designer-for-post-and-widget/assets/css/slick-theme.css/wp-content/plugins/blog-designer-for-post-and-widget/assets/js/owl.carousel.js/wp-content/plugins/blog-designer-for-post-and-widget/assets/js/slick.min.js+1 more

Script Paths

/wp-content/plugins/blog-designer-for-post-and-widget/assets/js/owl.carousel.js/wp-content/plugins/blog-designer-for-post-and-widget/assets/js/slick.min.js/wp-content/plugins/blog-designer-for-post-and-widget/assets/js/custom.js

Version Parameters

blog-designer-for-post-and-widget/assets/css/blog-designer-style.css?ver=blog-designer-for-post-and-widget/assets/css/style.css?ver=blog-designer-for-post-and-widget/assets/css/custom.css?ver=blog-designer-for-post-and-widget/assets/css/owl.carousel.css?ver=blog-designer-for-post-and-widget/assets/css/slick.css?ver=blog-designer-for-post-and-widget/assets/css/slick-theme.css?ver=blog-designer-for-post-and-widget/assets/js/owl.carousel.js?ver=blog-designer-for-post-and-widget/assets/js/slick.min.js?ver=blog-designer-for-post-and-widget/assets/js/custom.js?ver=

HTML / DOM Fingerprints

CSS Classes

bdpw-blog-sliderbdpw-posts-grid

HTML Comments

Shortcode Output

[blog_designer_posts][blog_designer_posts_grid][blog_designer_posts_slider]

FAQ