WP-Safety

Button Block – Design Stylish, Interactive, and Multi-Functional Buttons Security & Risk Analysis

wordpress.org/plugins/button-block

Get multi-functional buttons

5K active installs v1.2.4 PHP 7.1+ WP 6.2+ Updated Mar 30, 2026
blockdownload-buttongutenberg-blocklink-buttonmulti-functional-button
96
A · Safe
CVEs total5
Unpatched0
Last CVEJul 30, 2025
Download
Safety Verdict

Is Button Block – Design Stylish, Interactive, and Multi-Functional Buttons Safe to Use in 2026?

Generally Safe

Score 96/100

Button Block – Design Stylish, Interactive, and Multi-Functional Buttons has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

5 known CVEsLast CVE: Jul 30, 2025Updated 1mo ago
Risk Assessment

The 'button-block' plugin version 1.2.4 exhibits a generally good security posture, with all identified entry points (AJAX handlers, shortcodes) appearing to have appropriate authentication and capability checks. The code analysis further shows a strong adherence to secure coding practices, with no dangerous functions, no raw SQL queries, and excellent output escaping (92%). File operations and external HTTP requests are also absent, reducing potential attack vectors. The lack of taint analysis findings indicates no immediate issues with unsanitized paths.

However, the plugin's vulnerability history is a significant concern. It has a total of 5 known CVEs, all categorized as medium severity. These past vulnerabilities include common types like CSRF, missing authorization, XSS, information exposure, and authorization bypass. While none are currently unpatched, the pattern of past vulnerabilities, especially across diverse attack types, suggests a recurring struggle with robust security implementation in previous versions. This history raises questions about the thoroughness of security testing and development practices for this plugin.

In conclusion, the current version of 'button-block' benefits from strong internal security controls like nonce and capability checks, and good output sanitization. Nevertheless, the historical prevalence of medium-severity vulnerabilities across various categories warrants caution. Users should remain vigilant for future updates and be aware that past security weaknesses may re-emerge if not consistently addressed by the developers.

Key Concerns

  • History of 5 medium severity CVEs
  • Bundled library (Freemius)
Vulnerabilities
5 published

Button Block – Design Stylish, Interactive, and Multi-Functional Buttons Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
5

5 total CVEs

CVE-2025-54694medium · 4.3Cross-Site Request Forgery (CSRF)

Button Block <= 1.2.0 - Cross-Site Request Forgery

Jul 30, 2025 Patched in 1.2.1 (6d)
CVE-2025-22787medium · 4.3Missing Authorization

Button Block <= 1.1.5 - Missing Authorization

Jan 13, 2025 Patched in 1.1.6 (9d)
CVE-2025-22815medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Button Block <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 7, 2025 Patched in 1.2.0 (57d)
CVE-2024-12560medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

Button Block – Get fully customizable & multi-functional buttons <= 1.1.5 - Authenticated (Contributor+) Post Disclosure via Post Duplication

Dec 18, 2024 Patched in 1.1.6 (1d)
CVE-2024-10671medium · 4.3Authorization Bypass Through User-Controlled Key

Button Block – Get fully customizable & multi-functional buttons <= 1.1.4 - Authenticated (Contributor+) Post Disclosure

Nov 20, 2024 Patched in 1.1.5 (1d)
Version History

Button Block – Design Stylish, Interactive, and Multi-Functional Buttons Release Timeline

v1.2.4Current
v1.2.3
v1.2.2
v1.2.1
v1.2.01 CVE
CVE-2025-54694
v1.1.92 CVEs
CVE-2025-22815 CVE-2025-54694
v1.1.82 CVEs
CVE-2025-22815 CVE-2025-54694
v1.1.72 CVEs
CVE-2025-22815 CVE-2025-54694
v1.1.62 CVEs
CVE-2025-22815 CVE-2025-54694
v1.1.54 CVEs
CVE-2025-22787 CVE-2025-22815 CVE-2024-12560 +1 more
v1.1.45 CVEs
CVE-2025-22787 CVE-2025-22815 CVE-2024-10671 +2 more
v1.1.35 CVEs
CVE-2025-22787 CVE-2025-22815 CVE-2024-10671 +2 more
v1.1.25 CVEs
CVE-2025-22787 CVE-2025-22815 CVE-2024-10671 +2 more
v1.1.15 CVEs
CVE-2025-22787 CVE-2025-22815 CVE-2024-10671 +2 more
v1.1.05 CVEs
CVE-2025-22787 CVE-2025-22815 CVE-2024-10671 +2 more
v1.0.95 CVEs
CVE-2025-22787 CVE-2025-22815 CVE-2024-10671 +2 more
v1.0.85 CVEs
CVE-2025-22787 CVE-2025-22815 CVE-2024-10671 +2 more
v1.0.75 CVEs
CVE-2025-22787 CVE-2025-22815 CVE-2024-10671 +2 more
v1.0.65 CVEs
CVE-2025-22787 CVE-2025-22815 CVE-2024-10671 +2 more
v1.0.55 CVEs
CVE-2025-22787 CVE-2025-22815 CVE-2024-10671 +2 more
Code Analysis
Analyzed Mar 16, 2026

Button Block – Design Stylish, Interactive, and Multi-Functional Buttons Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
12 escaped
Nonce Checks
4
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius

Output Escaping

92% escaped13 total outputs
Attack Surface

Button Block – Design Stylish, Interactive, and Multi-Functional Buttons Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 2

authwp_ajax_btnUserRolesindex.php:50
noprivwp_ajax_btnUserRolesindex.php:51

Shortcodes 1

[btn_block] includes\admin\CPT.php:12
WordPress Hooks 18
actionadmin_initincludes\admin\AdminMenu.php:10
actionadmin_enqueue_scriptsincludes\admin\AdminMenu.php:11
actionadmin_menuincludes\admin\AdminMenu.php:12
actionadmin_enqueue_scriptsincludes\admin\CPT.php:10
actioninitincludes\admin\CPT.php:11
filtermanage_button-block_posts_columnsincludes\admin\CPT.php:13
actionmanage_button-block_posts_custom_columnincludes\admin\CPT.php:14
actionuse_block_editor_for_postincludes\admin\CPT.php:15
actionpost_row_actionsincludes\admin\CPT.php:16
actionadmin_action_btnDuplicatePostincludes\admin\CPT.php:17
actionadmin_menuincludes\admin\SubMenu.php:8
actioninitindex.php:46
actionadmin_enqueue_scriptsindex.php:47
actionenqueue_block_editor_assetsindex.php:48
actionenqueue_block_assetsindex.php:49
filterplugin_action_linksindex.php:53
filterdefault_titleindex.php:54
filterdefault_contentindex.php:55
Maintenance & Trust

Button Block – Design Stylish, Interactive, and Multi-Functional Buttons Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 30, 2026
PHP min version7.1
Downloads86K

Community Trust

Rating100/100
Number of ratings7
Active installs5K
Alternatives

Button Block – Design Stylish, Interactive, and Multi-Functional Buttons Alternatives

Quick Download Button

Quick Download Button

quick-download-button

A
100

Add stylish download buttons to any post or page — 7 styles, countdown, popup modal, access control. Gutenberg block and shortcode.

2K No CVEs
Spectra Gutenberg Blocks – Website Builder for the Block Editor

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

A
92

Power-up Gutenberg with advanced blocks for faster website creation. Build your WordPress website effortlessly using powerful building blocks!

1.0M 27 CVEs
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

A
86

20+ AI-powered Gutenberg Blocks with endless options, enabling top-notch efficiency for high-performance dynamic website creation.

600K 32 CVEs
Page Builder: Pagelayer – Drag and Drop website builder

Page Builder: Pagelayer – Drag and Drop website builder

pagelayer

A
88

The most advanced frontend drag & drop page builder. Pagelayer is a light weight but extremely powerful Website Builder.

400K 28 CVEs
Page Builder Gutenberg Blocks – CoBlocks

Page Builder Gutenberg Blocks – CoBlocks

coblocks

A
95

CoBlocks is a suite of page builder WordPress blocks for Gutenberg, with 10+ new blocks and a true page builder experience with rows and columns.

300K 8 CVEs
Developer Profile

Button Block – Design Stylish, Interactive, and Multi-Functional Buttons Developer Profile

colorlibplugins

121 plugins · 740K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
130 days
View full developer profile
Detection Fingerprints

How We Detect Button Block – Design Stylish, Interactive, and Multi-Functional Buttons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/button-block/build/admin/dashboard.css/wp-content/plugins/button-block/build/admin/dashboard.js/wp-content/plugins/button-block/build/admin/general.css/wp-content/plugins/button-block/build/admin/post.css/wp-content/plugins/button-block/build/admin/post.js/wp-content/plugins/button-block/public/css/font-awesome.min.css/wp-content/plugins/button-block/public/css/aos.css/wp-content/plugins/button-block/public/js/aos.js
Script Paths
/wp-content/plugins/button-block/build/admin/dashboard.js/wp-content/plugins/button-block/public/js/aos.js
Version Parameters
button-block/build/admin/dashboard.css?ver=button-block/build/admin/dashboard.js?ver=button-block/build/admin/general.css?ver=button-block/build/admin/post.css?ver=button-block/build/admin/post.js?ver=button-block/public/css/font-awesome.min.css?ver=button-block/public/css/aos.css?ver=button-block/public/js/aos.js?ver=

HTML / DOM Fingerprints

CSS Classes
btnAdminHideSwitchsliderroundbtn-post-button-duplicate
Data Attributes
data-info
JS Globals
btnpipecheckbtnpricingurl
Shortcode Output
[btn_block]
FAQ

Frequently Asked Questions about Button Block – Design Stylish, Interactive, and Multi-Functional Buttons