Canvas Security & Risk Analysis
wordpress.org/plugins/canvasA revolutionary block-based page builder used for building layouts, an interplay of the WordPress block editor features and exceptional UI design.
Is Canvas Safe to Use in 2026?
Generally Safe
Score 100/100Canvas has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'canvas' plugin v2.5.2 presents a mixed security posture. On the positive side, it demonstrates good practices in its SQL query handling, exclusively using prepared statements, and shows a very high rate of output escaping, minimizing the risk of cross-site scripting vulnerabilities. The absence of any recorded vulnerabilities (CVEs) in its history is also a strong indicator of past security diligence. However, a significant concern is the presence of two AJAX handlers that lack any authentication checks. This creates an immediate and direct attack vector, as any unauthenticated user could potentially trigger these actions, leading to unintended consequences or information disclosure. The taint analysis, while not revealing critical or high severity issues, did identify two flows with unsanitized paths, which, when combined with the unprotected AJAX endpoints, could potentially lead to more complex exploitation scenarios if these paths are used in conjunction with user-controlled input.
Key Concerns
- AJAX handlers without authentication checks
- Flows with unsanitized paths detected
Canvas Security Vulnerabilities
Canvas Code Analysis
Output Escaping
Data Flow Analysis
Canvas Attack Surface
AJAX Handlers 2
WordPress Hooks 74
Maintenance & Trust
Canvas Maintenance & Trust
Maintenance Signals
Community Trust
Canvas Alternatives
Theme File Maker
theme-file-maker
This plugin Lets you to create your own template pages
Css Magician Page Builder
css-magician
Css Magician is a Frontend page configurator and page builder that work with all themes.
Demo Content Templates
demo-content-templates
This Wordpress plugin allows a user to create templates of their page content. This is especially useful when after purchasing/downloading a theme, yo …
Organisation Frontpage
org-frontpage
Permet de choisir et agencer les posts de la frontpage.
Page Template Inventory
page-template-inventory
Over the course of the development of a custom theme or application, custom page templates can start to build up. This plugin adds a "template in …
Canvas Developer Profile
5 plugins · 111K total installs
How We Detect Canvas
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/canvas/components/basic-elements/block-cover/block-editor.css/wp-content/plugins/canvas/components/basic-elements/block-cover/block.css/wp-content/plugins/canvas/components/basic-elements/block-group/block-editor.css/wp-content/plugins/canvas/components/basic-elements/block-group/block.css/wp-content/plugins/canvas/components/content-formatting/block-heading/block-editor.css/wp-content/plugins/canvas/components/content-formatting/block-heading/block.css/wp-content/plugins/canvas/components/content-formatting/block-list/block-editor.css/wp-content/plugins/canvas/components/content-formatting/block-list/block.css+7 more/wp-content/plugins/canvas/components/basic-elements/block-cover/block.js/wp-content/plugins/canvas/components/basic-elements/block-group/block.js/wp-content/plugins/canvas/components/content-formatting/block-heading/block.js/wp-content/plugins/canvas/components/content-formatting/block-list/block.js/wp-content/plugins/canvas/components/content-formatting/block-paragraph/block.js/wp-content/plugins/canvas/editor.jscanvas/style.css?ver=canvas/script.js?ver=canvas/editor.css?ver=canvas/editor.js?ver=HTML / DOM Fingerprints
cnvs-block-covercnvs-block-groupcnvs-block-headingcnvs-block-listcnvs-block-paragraphdata-canvas-idcnvs_editor_settingsCNVS_URLCNVS_PATH