SU Blocks Blogcard Security & Risk Analysis
wordpress.org/plugins/blogcard-for-wpA WordPress plugin that makes it easy to create blog cards. Simply enter a URL and automatically fetch metadata to display beautiful cards.
Is SU Blocks Blogcard Safe to Use in 2026?
Generally Safe
Score 100/100SU Blocks Blogcard has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The plugin "blogcard-for-wp" v2.3.3 exhibits a generally good security posture based on the provided static analysis. It has a relatively small attack surface with all identified entry points (REST API routes) protected by permission callbacks. The absence of dangerous functions, file operations, and critical or high-severity taint flows is encouraging. The plugin also demonstrates awareness of security practices by utilizing prepared statements for a majority of its SQL queries and performing output escaping, albeit with a moderate success rate.
However, several areas present potential concerns. The lack of nonce checks across all entry points, particularly for AJAX handlers (even though there are none currently), is a notable weakness. While there are no known vulnerabilities in its history, this does not guarantee future immunity. The fact that 50% of outputs are not properly escaped could lead to cross-site scripting (XSS) vulnerabilities if the unescaped data is user-controlled or dynamic.
In conclusion, "blogcard-for-wp" v2.3.3 has a solid foundation, but it can be significantly improved. The primary areas for attention are implementing nonce checks for all potential entry points and ensuring all output is properly escaped to mitigate XSS risks. The absence of past vulnerabilities is a positive sign, but proactive security measures are crucial for long-term safety.
Key Concerns
- No nonce checks on entry points
- 50% of outputs not properly escaped
SU Blocks Blogcard Security Vulnerabilities
SU Blocks Blogcard Code Analysis
SQL Query Safety
Output Escaping
SU Blocks Blogcard Attack Surface
REST API Routes 4
WordPress Hooks 6
Maintenance & Trust
SU Blocks Blogcard Maintenance & Trust
Maintenance Signals
Community Trust
SU Blocks Blogcard Alternatives
Pz-LinkCard
pz-linkcard
This plugin is intended to display a link in a blog card format. The goodbye to the text-only link.
Simple Blog Card
simple-blog-card
Get OGP and display blog card.
Pz-HatenaBlogCard
pz-hatenablogcard
This plug-in to display a link in the article by using the "Hatena blog card".
kk blog card
kk-blog-card
ショートコードを利用してブログカードを表示するプラグイン
WWI Blogcard
wwi-blogcard
A WordPress block plugin that generates beautiful blog cards from URLs using OGP information.
SU Blocks Blogcard Developer Profile
5 plugins · 230 total installs
How We Detect SU Blocks Blogcard
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/blogcard-for-wp/build/index.js/wp-content/plugins/blogcard-for-wp/build/style-index.css/wp-content/plugins/blogcard-for-wp/build/index.asset.php/wp-content/plugins/blogcard-for-wp/build/index.js/wp-content/plugins/blogcard-for-wp/build/index.js?ver=/wp-content/plugins/blogcard-for-wp/build/style-index.css?ver=HTML / DOM Fingerprints
wpbc-blogcarddata-wpbc-titledata-wpbc-descriptiondata-wpbc-thumbnaildata-wpbc-domaindata-wpbc-urlwindow.wpbcSettings/wp-json/wpbc/v1/metadata/wp-json/wpbc/v1/internal-metadata/wp-json/wpbc/v1/search/wp-json/wpbc/v1/clear-cache[blogcard]