Does ComboBlocks — Block Library & Page Builder have any unpatched vulnerabilities?

No. All known vulnerabilities in ComboBlocks — Block Library & Page Builder have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ComboBlocks — Block Library & Page Builder compatible with WordPress 6.9.4?

According to WordPress.org data, ComboBlocks — Block Library & Page Builder 1.0.12 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is ComboBlocks — Block Library & Page Builder updated?

ComboBlocks — Block Library & Page Builder was last updated on Feb 9, 2026. Frequent updates are generally a positive security signal.

What is ComboBlocks — Block Library & Page Builder's security score?

ComboBlocks — Block Library & Page Builder has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ComboBlocks — Block Library & Page Builder Security & Risk Analysis

wordpress.org/plugins/combo-blocks

Landing Page Builder, Blog Builder, eCommerce Builder, Niche Site Builder, News Site Builder and More.

100 active installs v1.0.12 PHP + WP 5.0.0+ Updated Feb 9, 2026

form-makergutenberg-blockspage-builderpopup-makerwoocommerce-blocks

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ComboBlocks — Block Library & Page Builder Safe to Use in 2026?

Generally Safe

Score 100/100

ComboBlocks — Block Library & Page Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The 'combo-blocks' plugin version 1.0.12 exhibits a generally strong security posture with several positive indicators. Notably, all SQL queries are properly prepared, and all output is correctly escaped, which significantly reduces the risk of common injection and cross-site scripting vulnerabilities. The plugin also implements a substantial number of capability checks and includes nonce checks, demonstrating a conscious effort to protect its entry points. Its lack of recorded vulnerabilities in its history further suggests a relatively stable and secure codebase.

However, there are specific areas of concern that warrant attention. The presence of 6 REST API routes without permission callbacks represents a significant attack surface that could be exploited if not properly secured at the application level. Additionally, the use of the `unserialize` function, while not directly flagged as a taint flow issue in this analysis, is inherently risky as it can lead to remote code execution if untrusted data is unserialized. The plugin also makes a considerable number of external HTTP requests, which, while not a vulnerability in itself, increases the potential attack surface for supply chain or network-level attacks.

Overall, 'combo-blocks' has good fundamental security practices in place, particularly regarding data handling and output. The primary risk lies in the unprotected REST API endpoints and the potential for insecure deserialization. Addressing these specific points would further enhance the plugin's security.

Key Concerns

REST API routes without permission callbacks
Dangerous function: unserialize

Vulnerabilities

None known

ComboBlocks — Block Library & Page Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

ComboBlocks — Block Library & Page Builder Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

4306 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$user_meta_files = unserialize($string);includes\blocks\form-field-file\index.php:56

unserialize$data = unserialize($metaValue);includes\blocks\functions-blocks.php:4965

unserialize$data = unserialize($metaValue);includes\blocks\functions-blocks.php:5014

unserialize$transient = unserialize(get_transient($blockId . '_args'));includes\blocks\functions-rest.php:552

Bundled Libraries

Select2

SQL Query Safety

100% prepared4 total queries

Output Escaping

100% escaped4316 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

data_upgrade (includes\classes\class-admin-notices.php:17)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

ComboBlocks — Block Library & Page Builder Attack Surface

Entry Points42

Unprotected6

REST API Routes 41

POST/wp-json/combo-blocks/v2/generate_css_fileincludes\blocks\functions-rest.php:27

POST/wp-json/combo-blocks/v2/update_reactionsincludes\blocks\functions-rest.php:38

POST/wp-json/combo-blocks/v2/update_optionsincludes\blocks\functions-rest.php:51

POST/wp-json/combo-blocks/v2/pmpro_membership_levelsincludes\blocks\functions-rest.php:62

POST/wp-json/combo-blocks/v2/mepr_membershipsincludes\blocks\functions-rest.php:73

POST/wp-json/combo-blocks/v2/block_categoriesincludes\blocks\functions-rest.php:84

POST/wp-json/combo-blocks/v2/activate_licenseincludes\blocks\functions-rest.php:95

POST/wp-json/combo-blocks/v2/deactivate_licenseincludes\blocks\functions-rest.php:106

POST/wp-json/combo-blocks/v2/check_icenseincludes\blocks\functions-rest.php:117

POST/wp-json/combo-blocks/v2/get_optionsincludes\blocks\functions-rest.php:128

POST/wp-json/combo-blocks/v2/fluentcrm_listsincludes\blocks\functions-rest.php:139

POST/wp-json/combo-blocks/v2/fluentcrm_tagsincludes\blocks\functions-rest.php:150

POST/wp-json/combo-blocks/v2/mailpicker_listsincludes\blocks\functions-rest.php:161

POST/wp-json/combo-blocks/v2/wordpress_org_dataincludes\blocks\functions-rest.php:172

POST/wp-json/combo-blocks/v2/user_roles_listincludes\blocks\functions-rest.php:183

POST/wp-json/combo-blocks/v2/process_form_dataincludes\blocks\functions-rest.php:194

POST/wp-json/combo-blocks/v2/loggedout_current_userincludes\blocks\functions-rest.php:203

POST/wp-json/combo-blocks/v2/get_user_dataincludes\blocks\functions-rest.php:212

POST/wp-json/combo-blocks/v2/get_user_metaincludes\blocks\functions-rest.php:223

POST/wp-json/combo-blocks/v2/get_comment_countincludes\blocks\functions-rest.php:234

POST/wp-json/combo-blocks/v2/get_plugin_dataincludes\blocks\functions-rest.php:245

POST/wp-json/combo-blocks/v2/get_image_sizesincludes\blocks\functions-rest.php:256

POST/wp-json/combo-blocks/v2/get_site_detailsincludes\blocks\functions-rest.php:267

POST/wp-json/combo-blocks/v2/get_site_dataincludes\blocks\functions-rest.php:278

POST/wp-json/combo-blocks/v2/email_subscribeincludes\blocks\functions-rest.php:289

POST/wp-json/combo-blocks/v2/get_licenseincludes\blocks\functions-rest.php:300

POST/wp-json/combo-blocks/v2/get_pro_infoincludes\blocks\functions-rest.php:311

POST/wp-json/combo-blocks/v2/get_post_metaincludes\blocks\functions-rest.php:322

POST/wp-json/combo-blocks/v2/get_shortcodeincludes\blocks\functions-rest.php:333

POST/wp-json/combo-blocks/v2/get_all_termsincludes\blocks\functions-rest.php:344

POST/wp-json/combo-blocks/v2/post_typesincludes\blocks\functions-rest.php:355

POST/wp-json/combo-blocks/v2/get_post_statusesincludes\blocks\functions-rest.php:366

POST/wp-json/combo-blocks/v2/post_type_objectsincludes\blocks\functions-rest.php:377

POST/wp-json/combo-blocks/v2/get_postsincludes\blocks\functions-rest.php:386

POST/wp-json/combo-blocks/v2/get_termsincludes\blocks\functions-rest.php:395

POST/wp-json/combo-blocks/v2/get_usersincludes\blocks\functions-rest.php:404

POST/wp-json/combo-blocks/v2/get_post_dataincludes\blocks\functions-rest.php:415

POST/wp-json/combo-blocks/v2/get_posts_layoutincludes\blocks\functions-rest.php:426

POST/wp-json/combo-blocks/v2/import_combo_blocks_templateincludes\blocks\functions-rest.php:437

POST/wp-json/combo-blocks/v2/get_tax_termsincludes\blocks\functions-rest.php:448

POST/wp-json/combo-blocks/v2/send_mailincludes\blocks\functions-rest.php:459

Shortcodes 1

[combo_blocks_data_update] includes\data-update\data-update-1.0.4.php:4

WordPress Hooks 157

actionelementor/widgets/registeraddons\elementor\init.php:20

actionwp_enqueue_scriptscombo-blocks.php:70

actionadmin_enqueue_scriptscombo-blocks.php:71

actionadmin_enqueue_scriptscombo-blocks.php:72

actionadmin_enqueue_scriptscombo-blocks.php:73

actionenqueue_block_editor_assetscombo-blocks.php:74

filtercron_schedulescombo-blocks.php:75

actionplugins_loadedcombo-blocks.php:77

actionactivated_plugincombo-blocks.php:83

actioninitincludes\blocks\accordion-nested\index.php:8

actioninitincludes\blocks\accordion-nested-item\index.php:8

actioninitincludes\blocks\archive-description\index.php:8

actioninitincludes\blocks\archive-title\index.php:8

actioninitincludes\blocks\back-to-top\index.php:8

actioninitincludes\blocks\breadcrumb\index.php:8

actioninitincludes\blocks\business-hours\index.php:8

actioninitincludes\blocks\content-slider\index.php:8

actioninitincludes\blocks\content-slider-item\index.php:8

actioninitincludes\blocks\custom-fields\index.php:8

actioninitincludes\blocks\date-countdown\index.php:8

actioninitincludes\blocks\do-actions\index.php:8

actioninitincludes\blocks\filterable-grid\index.php:8

actioninitincludes\blocks\filterable-grid-nav\index.php:8

actioninitincludes\blocks\flex-wrap\index.php:8

actioninitincludes\blocks\flex-wrap-item\index.php:8

actioninitincludes\blocks\flip-box\index.php:8

actioninitincludes\blocks\flip-box-back\index.php:8

actioninitincludes\blocks\flip-box-front\index.php:8

actioninitincludes\blocks\form-field-checkbox\index.php:8

actioninitincludes\blocks\form-field-file\index.php:8

actioninitincludes\blocks\form-field-file-multi\index.php:8

actioninitincludes\blocks\form-field-hcaptcha\index.php:8

actioninitincludes\blocks\form-field-input\index.php:8

actioninitincludes\blocks\form-field-radio\index.php:8

actioninitincludes\blocks\form-field-recaptcha\index.php:8

actioninitincludes\blocks\form-field-select\index.php:8

actioninitincludes\blocks\form-field-simple-math\index.php:8

actioninitincludes\blocks\form-field-submit\index.php:8

actioninitincludes\blocks\form-field-textarea\index.php:8

filtercombo_blocks_form_wrap_process_postSubmitFormincludes\blocks\form-wrap\functions.php:4

filtercombo_blocks_form_wrap_process_termSubmitFormincludes\blocks\form-wrap\functions.php:188

filtercombo_blocks_form_wrap_process_optInFormincludes\blocks\form-wrap\functions.php:319

filtercombo_blocks_form_wrap_process_commentSubmitincludes\blocks\form-wrap\functions.php:1513

filtercombo_blocks_form_wrap_process_loginFormincludes\blocks\form-wrap\functions.php:1658

filtercombo_blocks_form_wrap_process_passwordResetFromincludes\blocks\form-wrap\functions.php:1760

filtercombo_blocks_form_wrap_process_passwordUpdateFromincludes\blocks\form-wrap\functions.php:1839

filtercombo_blocks_form_wrap_process_userProfileUpdateincludes\blocks\form-wrap\functions.php:1930

filtercombo_blocks_form_wrap_process_registerFormincludes\blocks\form-wrap\functions.php:2111

filtercombo_blocks_form_wrap_process_appointmentFormincludes\blocks\form-wrap\functions.php:2294

filtercombo_blocks_form_wrap_process_postsFilterincludes\blocks\form-wrap\functions.php:2486

filtercombo_blocks_form_wrap_process_customFormincludes\blocks\form-wrap\functions.php:2552

filtercombo_blocks_form_wrap_process_contactFormincludes\blocks\form-wrap\functions.php:2746

actioninitincludes\blocks\form-wrap\index.php:8

actionwp_print_footer_scriptsincludes\blocks\functions-blocks.php:7

filterblock_categories_allincludes\blocks\functions-blocks.php:996

actionwp_enqueue_scriptsincludes\blocks\functions-blocks.php:1064

actionget_footerincludes\blocks\functions-blocks.php:1066

actionwp_footerincludes\blocks\functions-blocks.php:1178

actionwp_enqueue_scriptsincludes\blocks\functions-blocks.php:1208

actionget_footerincludes\blocks\functions-blocks.php:1210

actionwp_enqueue_scriptsincludes\blocks\functions-blocks.php:1433

actionget_footerincludes\blocks\functions-blocks.php:1436

actionelementor/editor/initincludes\blocks\functions-blocks.php:1441

actionwp_footerincludes\blocks\functions-blocks.php:1585

actionelementor/editor/initincludes\blocks\functions-blocks.php:1586

actionwp_enqueue_scriptsincludes\blocks\functions-blocks.php:1613

actionget_footerincludes\blocks\functions-blocks.php:1615

actionwp_footerincludes\blocks\functions-blocks.php:1648

actionelementor/editor/initincludes\blocks\functions-blocks.php:1649

filtercombo_blocks_post_query_pramsincludes\blocks\functions-blocks.php:1872

filterrender_blockincludes\blocks\functions-blocks.php:4376

actioninitincludes\blocks\functions-blocks.php:5077

actionrest_api_initincludes\blocks\functions-rest.php:10

filterterms_clausesincludes\blocks\functions-rest.php:2358

actioninitincludes\blocks\google-map\index.php:8

actioninitincludes\blocks\grid-wrap\index.php:8

actioninitincludes\blocks\grid-wrap-item\index.php:8

actioninitincludes\blocks\icon\index.php:8

actioninitincludes\blocks\image\index.php:8

actioninitincludes\blocks\image-accordion\index.php:8

actioninitincludes\blocks\image-gallery\index.php:8

actioninitincludes\blocks\image-gallery-item\index.php:8

actioninitincludes\blocks\images\index.php:8

filterrender_block_contextincludes\blocks\images\index.php:225

actioninitincludes\blocks\images-field\index.php:8

actioninitincludes\blocks\info-box\index.php:8

actioninitincludes\blocks\info-box-item\index.php:8

actioninitincludes\blocks\layer\index.php:8

actioninitincludes\blocks\layers\index.php:8

actioninitincludes\blocks\list\index.php:8

actioninitincludes\blocks\list-nested\index.php:8

actioninitincludes\blocks\list-nested-item\index.php:8

actioninitincludes\blocks\masonry-wrap\index.php:8

actioninitincludes\blocks\masonry-wrap-item\index.php:8

actioninitincludes\blocks\menu-wrap\index.php:8

actioninitincludes\blocks\menu-wrap-item\index.php:8

actioninitincludes\blocks\number-counter\index.php:8

actioninitincludes\blocks\popup\index.php:8

actioninitincludes\blocks\post-author\index.php:8

actioninitincludes\blocks\post-author-fields\index.php:8

actioninitincludes\blocks\post-categories\index.php:8

actioninitincludes\blocks\post-comment-count\index.php:8

actioninitincludes\blocks\post-comments\index.php:8

actioninitincludes\blocks\post-date\index.php:8

actioninitincludes\blocks\post-excerpt\index.php:8

actioninitincludes\blocks\post-featured-image\index.php:8

actioninitincludes\blocks\post-grid\index.php:8

actioninitincludes\blocks\post-meta\index.php:8

actioninitincludes\blocks\post-query\index.php:8

actioninitincludes\blocks\post-query-pagination\index.php:8

actioninitincludes\blocks\post-tags\index.php:8

actioninitincludes\blocks\post-taxonomies\index.php:8

actioninitincludes\blocks\post-title\index.php:9

actioninitincludes\blocks\progress-bar\index.php:8

actioninitincludes\blocks\reactions\index.php:8

actioninitincludes\blocks\read-more\index.php:8

actioninitincludes\blocks\shortcode\index.php:8

actioninitincludes\blocks\social-share\index.php:8

actioninitincludes\blocks\star-rate\index.php:8

actioninitincludes\blocks\table\index.php:8

actioninitincludes\blocks\table-of-contents\index.php:8

actioninitincludes\blocks\table-td\index.php:8

actioninitincludes\blocks\table-tr\index.php:8

actioninitincludes\blocks\tabs-nested\index.php:8

actioninitincludes\blocks\tabs-nested-item\index.php:8

actioninitincludes\blocks\team-members\index.php:8

filterrender_block_contextincludes\blocks\team-members\index.php:131

actioninitincludes\blocks\team-members-field\index.php:8

actioninitincludes\blocks\team-showcase\index.php:8

actioninitincludes\blocks\terms-list\index.php:8

actioninitincludes\blocks\terms-query\index.php:8

filterrender_block_contextincludes\blocks\terms-query\index.php:122

actioninitincludes\blocks\terms-query-item\index.php:8

actioninitincludes\blocks\terms-showcase\index.php:8

actioninitincludes\blocks\testimonial-showcase\index.php:8

actioninitincludes\blocks\testimonials\index.php:8

filterrender_block_contextincludes\blocks\testimonials\index.php:127

actioninitincludes\blocks\testimonials-field\index.php:8

actioninitincludes\blocks\text\index.php:8

actioninitincludes\blocks\user-fields\index.php:11

actioninitincludes\blocks\user-query\index.php:8

filterrender_block_contextincludes\blocks\user-query\index.php:114

actioninitincludes\blocks\user-query-pagination\index.php:8

actioninitincludes\blocks\user-showcase\index.php:8

actioninitincludes\blocks\woo-add-to-cart\index.php:8

actioninitincludes\blocks\woo-price\index.php:8

actioninitincludes\blocks\woo-product-info\index.php:8

actioninitincludes\blocks\woo-product-info-item\index.php:8

actioninitincludes\blocks\woo-sale\index.php:8

actioninitincludes\blocks\woo-sku\index.php:8

actioninitincludes\blocks\woo-star-rate\index.php:8

actioninitincludes\blocks\woo-stock\index.php:8

actioninitincludes\blocks\woo-stock-quantity\index.php:8

actioninitincludes\blocks\woo-total-sales\index.php:8

actioninitincludes\blocks\wordpress-org\index.php:8

actioninitincludes\blocks\wordpress-org-item\index.php:8

actionadmin_menuincludes\classes\class-settings.php:11

Maintenance & Trust

ComboBlocks — Block Library & Page Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 9, 2026

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

ComboBlocks — Block Library & Page Builder Alternatives

Greenshift – animation and page builder blocks

greenshift-animation-and-page-builder-blocks

More than 20 special blocks for Gutenberg to build complex pages and animations with highest possible web vitals score.

70K 19 CVEs

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

20+ AI-powered Gutenberg Blocks with endless options, enabling top-notch efficiency for high-performance dynamic website creation.

600K 31 CVEs

Page Builder: Pagelayer – Drag and Drop website builder

pagelayer

The most advanced frontend drag & drop page builder. Pagelayer is a light weight but extremely powerful Website Builder.

400K 25 CVEs

Page Builder Gutenberg Blocks – CoBlocks

coblocks

CoBlocks is a suite of page builder WordPress blocks for Gutenberg, with 10+ new blocks and a true page builder experience with rows and columns.

300K 1 unpatched

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

otter-blocks

Quickly create WordPress pages with 20+ blocks, 100+ ready-to-import designs, and advanced editor extensions. It’s website building, Lego-style!

300K 11 CVEs

Developer Profile

ComboBlocks — Block Library & Page Builder Developer Profile

PickPlugins

14 plugins · 94K total installs

trust score

Avg Security Score

83/100

Avg Patch Time

344 days

View full developer profile

Detection Fingerprints

How We Detect ComboBlocks — Block Library & Page Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/combo-blocks/assets/css/frontend.css/wp-content/plugins/combo-blocks/assets/css/swiper.min.css/wp-content/plugins/combo-blocks/assets/js/frontend.js/wp-content/plugins/combo-blocks/assets/js/frontend-editor.js/wp-content/plugins/combo-blocks/assets/js/frontend-editor-blocks.js/wp-content/plugins/combo-blocks/assets/js/admin.js/wp-content/plugins/combo-blocks/assets/js/swiper.min.js/wp-content/plugins/combo-blocks/includes/blocks/text/frontend.css+136 more

Script Paths

/wp-content/plugins/combo-blocks/assets/js/frontend.js/wp-content/plugins/combo-blocks/assets/js/frontend-editor.js/wp-content/plugins/combo-blocks/assets/js/frontend-editor-blocks.js/wp-content/plugins/combo-blocks/assets/js/admin.js/wp-content/plugins/combo-blocks/assets/js/swiper.min.js

Version Parameters

combo-blocks/assets/css/frontend.css?ver=combo-blocks/assets/css/swiper.min.css?ver=combo-blocks/assets/js/frontend.js?ver=combo-blocks/assets/js/frontend-editor.js?ver=combo-blocks/assets/js/frontend-editor-blocks.js?ver=combo-blocks/assets/js/admin.js?ver=combo-blocks/assets/js/swiper.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp-block-comboblocks-textwp-block-comboblocks-iconwp-block-comboblocks-post-gridwp-block-comboblocks-post-querywp-block-comboblocks-post-query-paginationwp-block-comboblocks-wordpress-orgwp-block-comboblocks-wordpress-org-itemwp-block-comboblocks-menu-wrap+135 more

Data Attributes

data-cb-plugin-url

JS Globals

comboBlocksScriptDatacomboBlocksVarscb_admin_object

FAQ

ComboBlocks — Block Library & Page Builder Security & Risk Analysis

Is ComboBlocks — Block Library & Page Builder Safe to Use in 2026?

Generally Safe

Key Concerns

ComboBlocks — Block Library & Page Builder Security Vulnerabilities

ComboBlocks — Block Library & Page Builder Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

ComboBlocks — Block Library & Page Builder Attack Surface

REST API Routes 41

Shortcodes 1

ComboBlocks — Block Library & Page Builder Maintenance & Trust

Maintenance Signals

Community Trust

ComboBlocks — Block Library & Page Builder Alternatives

Greenshift – animation and page builder blocks

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

Page Builder: Pagelayer – Drag and Drop website builder

Page Builder Gutenberg Blocks – CoBlocks

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

ComboBlocks — Block Library & Page Builder Developer Profile

How We Detect ComboBlocks — Block Library & Page Builder

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about ComboBlocks — Block Library & Page Builder