WP-Safety

Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News Security & Risk Analysis

wordpress.org/plugins/blog-designer-pack

News & Blog plugin for post grid, post slider, post carousel, post filter, masonry, ticker & list category posts using shortcode, Elementor & Divi.

30K active installs v4.0.10 PHP 5.4+ WP 5.8+ Updated Mar 1, 2026
blognewspost-carouselpost-gridpost-slider
94
A · Safe
CVEs total3
Unpatched0
Last CVEApr 1, 2025
Plugin page Download
Safety Verdict

Is Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News Safe to Use in 2026?

Generally Safe

Score 94/100

Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Apr 1, 2025Updated 1mo ago
Risk Assessment

The blog-designer-pack plugin exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query sanitization and output escaping, several concerning aspects are present. The static analysis reveals a notable attack surface with 15 entry points, two of which lack authentication checks. Furthermore, taint analysis indicates two high-severity flows with unsanitized paths, suggesting potential vulnerabilities in how user-supplied data is handled. The plugin's vulnerability history is a significant concern, with three known CVEs, including one critical and one high-severity vulnerability. The fact that the last vulnerability was in April 2025 and is currently unpatched is a critical red flag. While the plugin has strengths in its widespread use of prepared statements and a high percentage of escaped outputs, the presence of critical historical vulnerabilities and identified high-severity taint flows, coupled with unprotected AJAX handlers, warrants caution. The historical pattern of Remote File Inclusion and Cross-site Scripting vulnerabilities suggests recurring issues with input validation and file handling that need robust and ongoing attention.

Key Concerns

  • Unpatched critical historical vulnerability
  • Unpatched high historical vulnerability
  • High severity taint flows (2)
  • AJAX handlers without auth checks (2)
  • Unpatched medium historical vulnerability
Vulnerabilities
3

Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News Security Vulnerabilities

CVEs by Year

2 CVEs in 2023
2023
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
1

3 total CVEs

CVE-2025-31082critical · 9.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

News & Blog Designer Pack <= 4.0 - Unauthenticated Local File Inclusion

Apr 1, 2025 Patched in 4.0.1 (10d)
CVE-2023-5815high · 8.1Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Remote Code Execution via Local File Inclusion

Oct 26, 2023 Patched in 3.4.2 (89d)
CVE-2022-4792medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

News & Blog Designer Pack <= 3.2 - Authenticated (Contributor+) Stored Cross-Site SQcripting via Shortcode

Jan 6, 2023 Patched in 3.3 (382d)
Code Analysis
Analyzed Mar 16, 2026

Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
90
843 escaped
Nonce Checks
8
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
2

Bundled Libraries

Select2Freemius1.0

Output Escaping

90% escaped933 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

8 flows4 with unsanitized paths
search_box (includes\admin\shortcode-builder\class-bdpp-layout-list.php:248)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News Attack Surface

Entry Points15
Unprotected2

AJAX Handlers 5

authwp_ajax_bdpp_get_shrt_params_dataincludes\admin\shortcode-builder\class-bdpp-shortcode-generator.php:19
authwp_ajax_bdpp_category_suggincludes\admin\shortcode-builder\class-bdpp-shortcode-generator.php:22
authwp_ajax_bdpp_post_suggincludes\admin\shortcode-builder\class-bdpp-shortcode-generator.php:25
authwp_ajax_bdp_load_more_postsincludes\class-bdpp-public.php:20
noprivwp_ajax_bdp_load_more_postsincludes\class-bdpp-public.php:21

REST API Routes 1

GET/wp-json/bdpp-layout-selector/v1/search-layoutsincludes\blocks\bdpp-blocks.php:39

Shortcodes 9

[bdp_post_carousel] includes\shortcodes\bdpp-post-carousel.php:163
[bdp_post] includes\shortcodes\bdpp-post-grid.php:153
[bdp_post_gridbox] includes\shortcodes\bdpp-post-gridbox.php:150
[bdp_post_list] includes\shortcodes\bdpp-post-list.php:148
[pld_post_list] includes\shortcodes\bdpp-post-list.php:149
[bdp_masonry] includes\shortcodes\bdpp-post-masonry.php:155
[bdp_post_slider] includes\shortcodes\bdpp-post-slider.php:158
[bdp_ticker] includes\shortcodes\bdpp-post-ticker.php:117
[bdpp_tmpl] includes\shortcodes\bdpp-shrt-tmpl.php:86
WordPress Hooks 35
actionafter_setup_themeblog-designer-pack.php:207
actionplugins_loadedblog-designer-pack.php:208
actioninitblog-designer-pack.php:209
actionadmin_menuincludes\admin\class-bdpp-admin.php:20
actioncurrent_screenincludes\admin\class-bdpp-admin.php:23
actionadmin_initincludes\admin\class-bdpp-admin.php:26
filterpost_row_actionsincludes\admin\class-bdpp-admin.php:29
actionadmin_noticesincludes\admin\class-bdpp-admin.php:32
actionadd_meta_boxesincludes\admin\class-bdpp-metabox.php:20
actionbdp_settings_tab_cssincludes\admin\settings\bdpp-css-settings.php:54
actionbdp_settings_tab_generalincludes\admin\settings\bdpp-general-settings.php:126
actionbdp_settings_tab_miscincludes\admin\settings\bdpp-misc-settings.php:59
actionbdp_settings_tab_proincludes\admin\settings\bdpp-pro-settings.php:180
actionadmin_initincludes\admin\settings\bdpp-register-settings.php:24
filterbdpp_validate_settings_generalincludes\admin\settings\bdpp-register-settings.php:172
filterbdpp_validate_settings_cssincludes\admin\settings\bdpp-register-settings.php:185
filterbdpp_validate_settings_miscincludes\admin\settings\bdpp-register-settings.php:199
actionbdp_settings_tab_sharingincludes\admin\settings\bdpp-sharing-settings.php:131
actionbdp_settings_tab_taxonomyincludes\admin\settings\bdpp-taxonomy-settings.php:73
actionbdp_settings_tab_trendingincludes\admin\settings\bdpp-trending-settings.php:67
actionbdp_settings_tab_welcomeincludes\admin\settings\bdpp-welcome-settings.php:182
actioninitincludes\bdpp-post-types.php:60
actioninitincludes\blocks\bdpp-blocks.php:33
actionrest_api_initincludes\blocks\bdpp-blocks.php:58
actionupdate_option_active_pluginsincludes\class-bdpp-install.php:47
actionadmin_enqueue_scriptsincludes\class-bdpp-scripts.php:20
actionwp_enqueue_scriptsincludes\class-bdpp-scripts.php:23
actionwp_headincludes\class-bdpp-scripts.php:26
actionelementor/editor/after_enqueue_scriptsincludes\class-bdpp-scripts.php:29
actionelementor/controls/controls_registeredincludes\integrations\elementor\elementor.php:23
actionelementor/widgets/registerincludes\integrations\elementor\elementor.php:35
actionvc_before_initincludes\integrations\wpbakery\wpbakery.php:59
filtervc_autocomplete_bdpp_tmpl_layout_id_callbackincludes\integrations\wpbakery\wpbakery.php:65
filtervc_autocomplete_bdpp_tmpl_layout_id_renderincludes\integrations\wpbakery\wpbakery.php:68
actionwidgets_initincludes\widgets\class-bdpp-widgets.php:27
Maintenance & Trust

Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 1, 2026
PHP min version5.4
Downloads876K

Community Trust

Rating94/100
Number of ratings75
Active installs30K
Alternatives

Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News Alternatives

AnWP Post Grid and Post Carousel Slider for Elementor

AnWP Post Grid and Post Carousel Slider for Elementor

anwp-post-grid-for-elementor

A
92

Easily create awesome post grids and post carousel sliders. Different widget types, powerful filters, "load more" button and many customizab &hellip;

20K No CVEs
Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider

Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider

post-slider-and-carousel

A
99

Post Slider and Post Carousel display WordPress post in slider and carousel layouts with shortcode and Latest/Recent vertical post scrolling widget.

10K 1 CVE
Classic Blog Grid

Classic Blog Grid

classic-blog-grid

A
100

Classic Blog Grid : A plugin to display blog posts in various grid formats: list, masonry, and slider.

4K No CVEs
Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget

post-grid-carousel-ultimate

A
86

The easiest and most useful plugin to display blog posts, pages, or custom posts in beautiful post layouts like post grid, post carousel & post slider

1K 7 CVEs
Post Carousel for Elementor

Post Carousel for Elementor

post-carousel-for-elementor

A
100

Post Carousel for Elementor – Add beautifully responsive and modern post carousels to your Elementor pages with 40+ ready preset styles.

0 No CVEs
Developer Profile

Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News Developer Profile

InfornWeb

3 plugins · 36K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
411 days
View full developer profile
Detection Fingerprints

How We Detect Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/blog-designer-pack/css/animate.min.css/wp-content/plugins/blog-designer-pack/css/bdp-fancybox.css/wp-content/plugins/blog-designer-pack/css/bdp-swiper.min.css/wp-content/plugins/blog-designer-pack/css/slick.css/wp-content/plugins/blog-designer-pack/css/style.css/wp-content/plugins/blog-designer-pack/js/animate.min.js/wp-content/plugins/blog-designer-pack/js/bdp-fancybox.umd.js/wp-content/plugins/blog-designer-pack/js/bdp-swiper.min.js+6 more
Script Paths
js/animate.min.jsjs/bdp-fancybox.umd.jsjs/bdp-swiper.min.jsjs/bootstrap.min.jsjs/countdown.jsjs/isotope.min.js+2 more
Version Parameters
blog-designer-pack/css/animate.min.css?ver=blog-designer-pack/css/bdp-fancybox.css?ver=blog-designer-pack/css/bdp-swiper.min.css?ver=blog-designer-pack/css/slick.css?ver=blog-designer-pack/css/style.css?ver=blog-designer-pack/js/animate.min.js?ver=blog-designer-pack/js/bdp-fancybox.umd.js?ver=blog-designer-pack/js/bdp-swiper.min.js?ver=blog-designer-pack/js/bootstrap.min.js?ver=blog-designer-pack/js/countdown.js?ver=blog-designer-pack/js/isotope.min.js?ver=blog-designer-pack/js/main.js?ver=blog-designer-pack/js/slick.min.js?ver=blog-designer-pack/js/wp-block-library/build/index.js?ver=

HTML / DOM Fingerprints

CSS Classes
bdp_post_loopbdp_post_loop_wrapperbdp_loopbdp_loop_itembdp_imagebdp_excerptbdp_content_wrapbdp-title-tags+9 more
Data Attributes
data-elementor-iddata-settingsdata-swiper-slide-indexdata-slide-todata-fancybox
JS Globals
bdp_masonry_layoutbdp_swiper_optionsbdp_isotope_optionsbdp_countdown_optionsbdp_fancybox_optionsbdp_slick_options+1 more
REST Endpoints
/wp-json/bdp-free/v1/get_custom_fields/wp-json/bdp-free/v1/get_categories/wp-json/bdp-free/v1/get_tags
Shortcode Output
[bdp_post_grid][bdp_post_list][bdp_post_gridbox][bdp_post_slider]
FAQ

Frequently Asked Questions about Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News