Does Page Builder Gutenberg Blocks – CoBlocks have any unpatched vulnerabilities?

Yes — Page Builder Gutenberg Blocks – CoBlocks currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Page Builder Gutenberg Blocks – CoBlocks compatible with WordPress 6.8.5?

According to WordPress.org data, Page Builder Gutenberg Blocks – CoBlocks 3.1.17 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Page Builder Gutenberg Blocks – CoBlocks compatible with PHP 7.4+?

Page Builder Gutenberg Blocks – CoBlocks requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Page Builder Gutenberg Blocks – CoBlocks updated?

Page Builder Gutenberg Blocks – CoBlocks was last updated on Mar 5, 2026. Frequent updates are generally a positive security signal.

What is Page Builder Gutenberg Blocks – CoBlocks's security score?

Page Builder Gutenberg Blocks – CoBlocks has a WP-Safety security score of 72/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Page Builder Gutenberg Blocks – CoBlocks Security & Risk Analysis

wordpress.org/plugins/coblocks

CoBlocks is a suite of page builder WordPress blocks for Gutenberg, with 10+ new blocks and a true page builder experience with rows and columns.

300K active installs v3.1.17 PHP 7.4+ WP 6.3+ Updated Mar 5, 2026

blocksgutenberggutenberg-blockspage-builderwordpress-blocks

B · Generally Safe

CVEs total7

Unpatched1

Last CVEJan 7, 2026

Download

Safety Verdict

Is Page Builder Gutenberg Blocks – CoBlocks Safe to Use in 2026?

Mostly Safe

Score 72/100

Page Builder Gutenberg Blocks – CoBlocks is generally safe to use. 7 past CVEs were resolved. Keep it updated.

7 known CVEs 1 unpatched Last CVE: Jan 7, 2026Updated 29d ago

Risk Assessment

The CoBlocks plugin exhibits a mixed security posture. On the positive side, static analysis reveals strong adherence to secure coding practices. All identified entry points (AJAX handlers) appear to have proper authentication checks, and SQL queries are exclusively handled with prepared statements, significantly reducing the risk of SQL injection. The plugin also demonstrates excellent output escaping with 99% of outputs properly sanitized, and robust use of nonce and capability checks, indicating a conscious effort to protect against common web vulnerabilities. File operations and external HTTP requests are present but not inherently indicative of risk without further context.

However, a significant concern arises from the plugin's vulnerability history. The presence of 7 known CVEs, with one currently unpatched, and the recurring types of vulnerabilities (Missing Authorization, SSRF, XSS) paint a concerning picture of past security weaknesses. The fact that the last vulnerability was dated January 7, 2026, raises a red flag for potential data inaccuracies or future security issues that may not yet be publicly disclosed or patched. This historical pattern suggests that while recent code may be more secure, the plugin has a track record of introducing vulnerabilities that attackers could exploit.

In conclusion, CoBlocks has implemented good practices in its current codebase, minimizing direct vulnerabilities within the static analysis. The attack surface is also well-protected. The primary risk stems from its historical vulnerability record and the existence of an unpatched CVE. This indicates a need for diligent monitoring and prompt patching of any new security advisories, as past issues suggest a recurring potential for vulnerabilities.

Key Concerns

Unpatched CVEs
Medium severity vulnerabilities in history (7 total)
Recurring vulnerability types (Missing Auth, SSRF, XSS)

Vulnerabilities

Page Builder Gutenberg Blocks – CoBlocks Security Vulnerabilities

CVEs by Year

5 CVEs in 2024

2024

1 CVE in 2025

2025

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Medium

7 total CVEs

CVE-2026-27094medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Page Builder Gutenberg Blocks – CoBlocks <= 3.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 7, 2026Unpatched

CVE-2025-24751medium · 4.3Missing Authorization

CoBlocks <= 3.1.13 - Missing Authorization

Jan 24, 2025 Patched in 3.1.14 (5d)

CVE-2024-7132medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Page Builder Gutenberg Blocks – CoBlocks <= 3.1.12 - Authenticated (Editor+) Stored Cross-Site Scripting

Aug 8, 2024 Patched in 3.1.13 (36d)

CVE-2024-4260medium · 4.3Server-Side Request Forgery (SSRF)

Page Builder Gutenberg Blocks – CoBlocks <= 3.1.11 - Authenticated (Contributor+) Server-Side Request Forgery

Jul 2, 2024 Patched in 3.1.12 (18d)

CVE-2024-2933medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Page Builder Gutenberg Blocks – CoBlocks <= 3.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Profiles

May 31, 2024 Patched in 3.1.10 (1d)

CVE-2024-1049medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Page Builder Gutenberg Blocks – CoBlocks <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 22, 2024 Patched in 3.1.7 (1d)

CVE-2024-2369medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Page Builder Gutenberg Blocks – CoBlocks <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 12, 2024 Patched in 3.1.7 (16d)

Code Analysis

Analyzed Mar 17, 2026

Page Builder Gutenberg Blocks – CoBlocks Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

285 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared3 total queries

Output Escaping

99% escaped287 total outputs

Attack Surface

Page Builder Gutenberg Blocks – CoBlocks Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_coblocks_crop_settingsincludes\admin\class-coblocks-crop-settings.php:60

authwp_ajax_coblocks_crop_settings_original_imageincludes\admin\class-coblocks-crop-settings.php:61

authwp_ajax_site_design_update_design_styleincludes\class-coblocks-site-design.php:83

WordPress Hooks 65

actionplugins_loadedclass-coblocks.php:148

actionplugins_loadedclass-coblocks.php:157

actionenqueue_block_editor_assetsclass-coblocks.php:158

actionplugins_loadedclass-coblocks.php:223

filterplugin_row_metaincludes\admin\class-coblocks-action-links.php:22

filterajax_query_attachments_argsincludes\admin\class-coblocks-crop-settings.php:59

actionadmin_footer-plugins.phpincludes\admin\class-coblocks-plugin-deactivation.php:27

filteradmin_enqueue_scriptsincludes\admin\class-coblocks-plugin-deactivation.php:29

actionthe_postincludes\block-migrate\loader.php:27

actionadmin_enqueue_scriptsincludes\class-block-patterns.php:27

actioninitincludes\class-block-patterns.php:30

actioninitincludes\class-block-patterns.php:31

actioninitincludes\class-block-patterns.php:32

actioninitincludes\class-block-patterns.php:33

filtercoblocks_layout_selector_categoriesincludes\class-block-patterns.php:36

filtercoblocks_layout_selector_layoutsincludes\class-block-patterns.php:37

actionwp_enqueue_scriptsincludes\class-coblocks-accordion-ie-support.php:62

actionthe_postincludes\class-coblocks-accordion-ie-support.php:63

actionenqueue_block_assetsincludes\class-coblocks-block-assets.php:52

actionenqueue_block_editor_assetsincludes\class-coblocks-block-assets.php:53

actionenqueue_block_editor_assetsincludes\class-coblocks-block-assets.php:54

actionwp_enqueue_scriptsincludes\class-coblocks-block-assets.php:55

actionsave_post_wp_template_partincludes\class-coblocks-block-assets.php:56

filterrender_blockincludes\class-coblocks-block-assets.php:59

filtercoblocks_show_settings_panelincludes\class-coblocks-block-assets.php:214

filtercoblocks_patterns_show_settings_panelincludes\class-coblocks-block-assets.php:215

filterbody_classincludes\class-coblocks-body-classes.php:25

filteradmin_body_classincludes\class-coblocks-body-classes.php:26

actionwp_enqueue_scriptsincludes\class-coblocks-font-loader.php:45

actionadmin_enqueue_scriptsincludes\class-coblocks-font-loader.php:46

actioninitincludes\class-coblocks-form.php:71

actionwp_enqueue_scriptsincludes\class-coblocks-form.php:72

filterwp_mail_content_typeincludes\class-coblocks-form.php:973

actionwp_enqueue_scriptsincludes\class-coblocks-generated-styles.php:45

actionadmin_enqueue_scriptsincludes\class-coblocks-generated-styles.php:46

actionwp_enqueue_scriptsincludes\class-coblocks-google-map-block.php:62

actionthe_postincludes\class-coblocks-google-map-block.php:63

actioninitincludes\class-coblocks-google-map-block.php:64

actioninitincludes\class-coblocks-labs.php:44

actioninitincludes\class-coblocks-labs.php:45

actionenqueue_block_editor_assetsincludes\class-coblocks-labs.php:46

filterinitincludes\class-coblocks-post-meta.php:24

actioninitincludes\class-coblocks-register-blocks.php:64

actioninitincludes\class-coblocks-settings.php:46

actionenqueue_block_editor_assetsincludes\class-coblocks-settings.php:47

actionwp_loadedincludes\class-coblocks-settings.php:48

actioninitincludes\class-coblocks-site-content.php:23

filterwp_insert_post_empty_contentincludes\class-coblocks-site-content.php:24

actionenqueue_block_editor_assetsincludes\class-coblocks-site-design.php:76

actionrest_api_initincludes\class-coblocks-site-design.php:84

actionadmin_headincludes\class-coblocks-site-design.php:86

actionadmin_enqueue_scriptsincludes\Dependencies\GoDaddy\Styles\StylesLoader.php:73

actionwp_enqueue_scriptsincludes\Dependencies\GoDaddy\Styles\StylesLoader.php:74

filterrender_block_coblocks/click-to-tweetsrc\blocks\click-to-tweet\index.php:20

actioninitsrc\blocks\counter\index.php:49

actioninitsrc\blocks\gist\index.php:14

actionrest_api_initsrc\blocks\opentable\index.php:25

actionenqueue_block_editor_assetssrc\blocks\opentable\index.php:27

filterrender_block_datasrc\blocks\post-carousel\index.php:355

filterrender_block_datasrc\blocks\posts\index.php:348

filtercoblocks_render_label_color_wrapper_stylessrc\components\form-label-colors\label-color-wrapper.php:27

filtercoblocks_render_label_color_wrapper_classsrc\components\form-label-colors\label-color-wrapper.php:55

filtercoblocks_render_wrapper_stylessrc\components\gutter-control\gutter-wrapper.php:24

filtercoblocks_render_wrapper_classsrc\components\gutter-control\gutter-wrapper.php:42

actionadmin_enqueue_scriptssrc\extensions\layout-selector\index.php:82

Maintenance & Trust

Page Builder Gutenberg Blocks – CoBlocks Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMar 5, 2026

PHP min version7.4

Downloads27.4M

Community Trust

Rating86/100

Number of ratings107

Active installs300K

Alternatives

Page Builder Gutenberg Blocks – CoBlocks Alternatives

Stackable – Page Builder Gutenberg Blocks

stackable-ultimate-gutenberg-blocks

Custom Blocks that transform your WordPress Block Editor into a page builder

100K 7 CVEs

GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor

gutenkit-blocks-addon

GutenKit – Ultimate no-code Gutenberg blocks to design stunning web pages and visually stunning posts in WordPress block editor.

70K 3 CVEs

Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor

gutentor

Advanced yet easy, Gutenberg editor page builder blocks. Create a masterpiece, pixel perfect website using modern WordPress Gutenberg blocks.

30K 1 unpatched

Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder

the-plus-addons-for-block-editor

90+ Gutenberg Blocks & AI Website Builder with 1000+ Templates. Complete Page Builder, Popup Builder, Mega Menu, Form Builder & More. No Code.

10K 8 CVEs

SKT Blocks – Gutenberg based Page Builder

skt-blocks

SKT Blocks lets you use the default gutenberg editor and easily create creative websites within minutes with the help of the reusable blocks that can …

1K 1 unpatched

Developer Profile

Page Builder Gutenberg Blocks – CoBlocks Developer Profile

GoDaddy

5 plugins · 364K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

13 days

View full developer profile

Detection Fingerprints

How We Detect Page Builder Gutenberg Blocks – CoBlocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/coblocks/dist/style.css/wp-content/plugins/coblocks/dist/editor.css/wp-content/plugins/coblocks/dist/coblocks-frontend.js/wp-content/plugins/coblocks/dist/coblocks-editor.js/wp-content/plugins/coblocks/dist/coblocks-frontend.asset.php/wp-content/plugins/coblocks/dist/coblocks-editor.asset.php

Script Paths

/wp-content/plugins/coblocks/dist/coblocks-frontend.js/wp-content/plugins/coblocks/dist/coblocks-editor.js

Version Parameters

coblocks/dist/style.css?ver=coblocks/dist/editor.css?ver=coblocks/dist/coblocks-frontend.js?ver=coblocks/dist/coblocks-editor.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp-block-coblocks-coblocks-accordion-headercoblocks-accordion-contentcoblocks-tabs-tab-listcoblocks-tabs-tabcoblocks-tabs-tab-content

Data Attributes

data-coblocks-data-coblocks-accordion-iddata-coblocks-tab-id

JS Globals

coblocksCoBlocksAdmin

REST Endpoints

/wp-json/coblocks/v1

FAQ