Does CodePen Embed Block have any unpatched vulnerabilities?

Yes — CodePen Embed Block currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is CodePen Embed Block compatible with WordPress 6.7.5?

According to WordPress.org data, CodePen Embed Block 1.2.0 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is CodePen Embed Block compatible with PHP 7.2+?

CodePen Embed Block requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CodePen Embed Block updated?

CodePen Embed Block was last updated on Jul 1, 2025. Frequent updates are generally a positive security signal.

What is CodePen Embed Block's security score?

CodePen Embed Block has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CodePen Embed Block Security & Risk Analysis

wordpress.org/plugins/codepen-embed-block

An (official) block for CodePen Embeds.

700 active installs v1.2.0 PHP 7.2+ WP 5.1+ Updated Jul 1, 2025

codecodepenembedgutenberg

B · Generally Safe

CVEs total1

Unpatched1

Last CVEJun 19, 2025

Download

Safety Verdict

Is CodePen Embed Block Safe to Use in 2026?

Mostly Safe

Score 78/100

CodePen Embed Block is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Jun 19, 2025Updated 9mo ago

Risk Assessment

The "codepen-embed-block" plugin exhibits a generally good security posture based on the static analysis, with no detected dangerous functions, raw SQL queries, unescaped output, or file operations. The complete absence of identified attack vectors like AJAX handlers, REST API routes, and shortcodes is a significant positive. Furthermore, the presence of capability checks is a good practice. However, the plugin has a known medium severity vulnerability for Cross-site Scripting (XSS) that remains unpatched, which is a significant concern. The single recorded CVE, even if medium, suggests a potential for input validation issues that could be exploited. While the static analysis shows no immediate threats, the history of an unpatched XSS vulnerability indicates a past weakness that needs careful monitoring and resolution. The plugin's strengths lie in its clean code and lack of immediate exploitable entry points, but the outstanding CVE presents a clear and present risk.

Key Concerns

Unpatched Medium Severity CVE

Vulnerabilities

CodePen Embed Block Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-50023medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CodePen Embed Block <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jun 19, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

CodePen Embed Block Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped6 total outputs

Attack Surface

CodePen Embed Block Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actioninitsrc\init.php:53

actionadmin_initsrc\init.php:79

actionadmin_menusrc\init.php:129

Maintenance & Trust

CodePen Embed Block Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJul 1, 2025

PHP min version7.2

Downloads13K

Community Trust

Rating100/100

Number of ratings2

Active installs700

Alternatives

CodePen Embed Block Alternatives

CodePen oEmbed

codepen-oembed

Add CodePen to the available oEmbed providers

40 No CVEs

AppsFruit Elementor Embed

appsfruit-embed-for-elementor

100

Embed Elementor pages, templates, and sections anywhere using shortcodes or Gutenberg blocks with conditional display options.

0 No CVEs

Advanced iFrame

advanced-iframe

Include content the way YOU like in an iframe that can hide and modify elements, does auto-height, forward parameters and does many, many more...

40K 12 CVEs

Insert Pages

insert-pages

Insert Pages lets you embed any WordPress content (e.g., pages, posts, custom post types) into other WordPress content using the Shortcode API.

40K 4 CVEs

Advance Custom HTML – Show Live Code, Share Snippets, Embed Code, and Style Them Your Way.

advance-custom-html

100

Advance Custom HTML lets you write and display HTML, CSS, PHP, and other code snippets on WordPress with live preview and syntax highlighting.

10K No CVEs

Developer Profile

CodePen Embed Block Developer Profile

Chris Coyier

2 plugins · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

9 days

View full developer profile

Detection Fingerprints

How We Detect CodePen Embed Block

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/codepen-embed-block/build/view.asset.php/wp-content/plugins/codepen-embed-block/build/index.js/wp-content/plugins/codepen-embed-block/build/index.css

Script Paths

/wp-content/plugins/codepen-embed-block/build/index.js

Version Parameters

codepen-embed-block/build/index.css?ver=codepen-embed-block/build/index.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp-block-codepen-embed-block-codepen-embed-block

Data Attributes

data-codepen-href

JS Globals

codepenEmbedBlock

FAQ