WP-Safety

Content Blocks Builder – Create blocks, repeater blocks with carousel, grid, popup layouts Security & Risk Analysis

wordpress.org/plugins/content-blocks-builder

Group core blocks into containers or repeaters to create layouts like grid, carousel, popup, accordion all in the Block Editor. Fast. Easy.

1K active installs v2.8.10 PHP 7.4+ WP 6.6+ Updated Mar 9, 2026
blockscarouselgridgutenbergpopup
99
A · Safe
CVEs total1
Unpatched0
Last CVEJan 7, 2025
Plugin page Download
Safety Verdict

Is Content Blocks Builder – Create blocks, repeater blocks with carousel, grid, popup layouts Safe to Use in 2026?

Generally Safe

Score 99/100

Content Blocks Builder – Create blocks, repeater blocks with carousel, grid, popup layouts has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jan 7, 2025Updated 2mo ago
Risk Assessment

The "content-blocks-builder" v2.8.10 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of properly escaped outputs and predominantly uses prepared statements for SQL queries. The absence of dangerous functions and a low number of file operations are also encouraging signs. However, a significant concern arises from the attack surface exposed through the REST API, with 10 out of 15 routes lacking proper permission callbacks. This creates a substantial opportunity for unauthorized access or manipulation if these endpoints are not adequately secured by other means.

The plugin's vulnerability history, while showing no currently unpatched CVEs, does reveal a past medium severity Cross-Site Scripting (XSS) vulnerability. The fact that the last known vulnerability was in the future (2025-01-07) might indicate an anomaly in the data or a projection rather than a historical event. The single previously disclosed CVE, even if patched, warrants continued vigilance. The taint analysis shows a flow with an unsanitized path, though it is not classified as critical or high severity, it still represents a potential weak point that could be exploited in combination with other factors.

In conclusion, while the core code quality appears solid with good sanitization and SQL practices, the unprotected REST API endpoints represent a primary risk. The past XSS vulnerability, though patched, should be considered. The plugin is generally well-maintained with no critical or high severity issues, but the exposed REST API routes necessitate careful consideration and potentially additional security measures to mitigate risks.

Key Concerns

  • REST API routes without permission callbacks
  • Flows with unsanitized paths (taint analysis)
  • Bundled Freemius library v1.0
  • 1 medium severity CVE (past vulnerability)
Vulnerabilities
1 published

Content Blocks Builder – Create blocks, repeater blocks with carousel, grid, popup layouts Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-22810medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Content Blocks Builder <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 7, 2025 Patched in 2.7.7 (8d)
Version History

Content Blocks Builder – Create blocks, repeater blocks with carousel, grid, popup layouts Release Timeline

v2.8.10Current
v2.8.9
v2.8.8
v2.8.7
v2.8.6
v2.8.5
v2.8.4
v2.8.3
v2.8.2
v2.8.1
v2.8.0
v2.7.13
v2.7.12
v2.7.11
v2.7.10
v2.7.9
v2.7.8
v2.7.7
v2.7.61 CVE
CVE-2025-22810
v2.7.51 CVE
CVE-2025-22810
Code Analysis
Analyzed Mar 16, 2026

Content Blocks Builder – Create blocks, repeater blocks with carousel, grid, popup layouts Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
4 prepared
Unescaped Output
8
87 escaped
Nonce Checks
3
Capability Checks
8
File Operations
1
External Requests
10
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

80% prepared5 total queries

Output Escaping

92% escaped95 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
copy_item_admin_notice (includes\copy-post.php:266)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
10 unprotected

Content Blocks Builder – Create blocks, repeater blocks with carousel, grid, popup layouts Attack Surface

Entry Points15
Unprotected10

REST API Routes 15

POST/wp-json/boldblocks/v1/copyPost/(?P<id>[\d]+)includes\copy-post.php:220
GET/wp-json/cbb/v1/getIconLibrary/includes\icon-library.php:36
GET/wp-json/boldblocks/v1/getBlocks/includes\library.php:293
GET/wp-json/boldblocks/v1/getFullBlockData/includes\library.php:303
GET/wp-json/boldblocks/v1/getBlockKeywords/includes\library.php:431
GET/wp-json/boldblocks/v1/getVariations/includes\library.php:568
GET/wp-json/boldblocks/v1/getFullVariationData/includes\library.php:578
GET/wp-json/boldblocks/v1/getVariationKeywords/includes\library.php:706
GET/wp-json/boldblocks/v1/getPatterns/includes\library.php:829
GET/wp-json/boldblocks/v1/getFullPatternData/includes\library.php:839
GET/wp-json/boldblocks/v1/getPatternKeywords/includes\library.php:967
GET/wp-json/boldblocks/v1/getPatternCategories/includes\patterns.php:553
GET/wp-json/boldblocks/v1/getDocs/includes\settings.php:422
GET/wp-json/boldblocks/v1/getGoogleFonts/includes\typography.php:128
POST/wp-json/boldblocks/v1/createVariation/includes\variations.php:450
WordPress Hooks 152
actioninitcontent-blocks-builder.php:165
actionenqueue_block_assetscontent-blocks-builder.php:167
actionplugins_loadedcontent-blocks-builder.php:169
filtershow_deactivation_feedback_formfreemius.php:51
filterhide_freemius_powered_byfreemius.php:52
filterpermission_diagnostic_defaultfreemius.php:54
filterpermission_extensions_defaultfreemius.php:55
filtershow_admin_noticefreemius.php:57
filterconnect_message_on_updatefreemius.php:102
actionafter_uninstallfreemius.php:149
actioninitincludes\block-overrides.php:56
filterregister_block_type_argsincludes\block-overrides.php:59
actioninitincludes\block-overrides.php:62
actionrender_blockincludes\block-overrides.php:65
filtercbb_pre_render_dynamic_contentincludes\block-overrides.php:68
filtercbb_block_overrides_supported_blocksincludes\block-overrides.php:71
actionadmin_initincludes\copy-post.php:27
actionrest_api_initincludes\copy-post.php:30
actionadmin_action_cbb_copy_itemincludes\copy-post.php:33
actionadmin_noticesincludes\copy-post.php:36
actionenqueue_block_editor_assetsincludes\copy-post.php:39
filterpost_row_actionsincludes\copy-post.php:49
filterpage_row_actionsincludes\copy-post.php:50
actioninitincludes\custom-blocks.php:113
actionadmin_headincludes\custom-blocks.php:118
actioninitincludes\custom-blocks.php:121
actioninitincludes\custom-blocks.php:124
filterboldblocks_get_pattern_allowed_blocksincludes\custom-blocks.php:127
filterboldblocks_post_revision_meta_keysincludes\custom-blocks.php:130
filterbody_classincludes\custom-blocks.php:133
filteruser_has_capincludes\custom-blocks.php:139
filterenter_title_hereincludes\custom-blocks.php:142
actionadmin_enqueue_scriptsincludes\custom-blocks.php:145
filterscript_loader_srcincludes\custom-blocks.php:148
actioncbb_version_upgradedincludes\custom-blocks.php:154
filterrender_blockincludes\custom-blocks.php:157
filterrender_blockincludes\custom-blocks.php:160
actionrest_api_initincludes\custom-blocks.php:163
filterwp_inline_script_attributesincludes\custom-blocks.php:166
filterrender_blockincludes\custom-blocks.php:169
actionadmin_enqueue_scriptsincludes\custom-blocks.php:172
actioninitincludes\custom-blocks.php:175
filterblock_editor_settings_allincludes\custom-blocks.php:178
filterpostmeta_form_keysincludes\custom-blocks.php:181
actionadd_meta_boxesincludes\custom-blocks.php:184
filterrender_block_contextincludes\custom-blocks.php:2109
filterquery_loop_block_query_varsincludes\custom-blocks.php:2156
filterquery_varsincludes\custom-blocks.php:2159
filterthe_postsincludes\custom-blocks.php:2162
actioninitincludes\custom-style.php:76
actioninitincludes\custom-style.php:79
filterrender_blockincludes\custom-style.php:82
filterrender_blockincludes\custom-style.php:85
filterrender_blockincludes\custom-style.php:88
filterrender_blockincludes\custom-style.php:91
filterrender_blockincludes\custom-style.php:94
filterrender_block_dataincludes\custom-style.php:97
filterrender_blockincludes\custom-style.php:100
filterrender_block_core/queryincludes\custom-style.php:103
filterrender_block_core/queryincludes\custom-style.php:106
actionwp_enqueue_scriptsincludes\custom-style.php:109
actioninitincludes\custom-style.php:112
filterrender_block_contextincludes\custom-style.php:115
filterrender_blockincludes\custom-style.php:118
filtercbb_get_block_styleincludes\custom-style.php:121
filtercbb_support_block_styleincludes\custom-style.php:124
filtercbb_get_block_layoutincludes\custom-style.php:127
filterrender_block_core/template-partincludes\custom-style.php:130
filterrender_blockincludes\custom-style.php:133
filterrender_blockincludes\custom-style.php:136
filterrender_block_dataincludes\custom-style.php:139
filterrender_blockincludes\custom-style.php:142
filtercontent_blocks_builder_get_header_left_linksincludes\freemius-config.php:34
actionadmin_initincludes\freemius-config.php:40
actionrest_api_initincludes\icon-library.php:27
actionadmin_menuincludes\library.php:47
actionin_admin_headerincludes\library.php:50
actionadmin_menuincludes\library.php:53
actionin_admin_headerincludes\library.php:56
actioncbb_version_upgradedincludes\library.php:59
actionadmin_enqueue_scriptsincludes\library.php:62
actionrest_api_initincludes\library.php:65
actionrest_api_initincludes\library.php:68
actionadmin_enqueue_scriptsincludes\library.php:71
actionrest_api_initincludes\library.php:74
actionrest_api_initincludes\library.php:77
actionenqueue_block_editor_assetsincludes\library.php:80
actionrest_api_initincludes\library.php:83
actionrest_api_initincludes\library.php:86
filterrest_boldblocks_block_collection_paramsincludes\library.php:89
filterrest_boldblocks_variation_collection_paramsincludes\library.php:90
filterrest_boldblocks_pattern_collection_paramsincludes\library.php:91
filterrest_boldblocks_block_queryincludes\library.php:94
filterrest_boldblocks_variation_queryincludes\library.php:95
filterrest_boldblocks_pattern_queryincludes\library.php:96
actioninitincludes\maintenance.php:27
actioninitincludes\maintenance.php:30
actionadmin_noticesincludes\maintenance.php:33
filterwp_robotsincludes\maintenance.php:186
actionwp_restore_post_revisionincludes\meta-revisioning.php:28
actionwp_creating_autosaveincludes\meta-revisioning.php:31
actionwp_before_creating_autosaveincludes\meta-revisioning.php:32
action_wp_put_post_revisionincludes\meta-revisioning.php:35
filterwp_save_post_revision_post_has_changedincludes\meta-revisioning.php:38
filterwp_prepare_revision_for_jsincludes\meta-revisioning.php:41
filterwp_get_revision_ui_diffincludes\meta-revisioning.php:44
actioninitincludes\patterns.php:64
actionenqueue_block_editor_assetsincludes\patterns.php:67
actioninitincludes\patterns.php:70
actionrest_api_initincludes\patterns.php:77
actionrest_api_initincludes\patterns.php:80
filterboldblocks_post_revision_meta_keysincludes\patterns.php:83
filterenter_title_hereincludes\patterns.php:86
actioncbb_version_upgradedincludes\patterns.php:92
actionadd_meta_boxesincludes\patterns.php:95
actionadmin_headincludes\post-type.php:54
actionin_admin_headerincludes\settings.php:55
actionadmin_menuincludes\settings.php:58
actionadmin_enqueue_scriptsincludes\settings.php:61
actioncontent_block_builder_activateincludes\settings.php:64
actioninitincludes\settings.php:67
actionrest_api_initincludes\settings.php:70
actioncbb_version_upgradedincludes\settings.php:73
actionadmin_footer_textincludes\settings.php:76
actionadmin_initincludes\settings.php:79
actioncbb_version_upgradedincludes\settings.php:82
actioninitincludes\settings.php:85
actionwp_enqueue_scriptsincludes\theme.php:47
filterblock_editor_settings_allincludes\theme.php:50
filterwp_theme_json_data_defaultincludes\theme.php:53
filterwp_theme_json_data_themeincludes\theme.php:56
actioninitincludes\typography.php:27
actionrest_api_initincludes\typography.php:30
actionwp_enqueue_scriptsincludes\typography.php:33
actionenqueue_block_assetsincludes\typography.php:34
filterwp_resource_hintsincludes\typography.php:36
actionwp_headincludes\typography.php:37
filterbody_classincludes\typography.php:40
actioninitincludes\variations.php:71
actionpre_get_postsincludes\variations.php:77
actioninitincludes\variations.php:80
actionload-edit.phpincludes\variations.php:83
actionenqueue_block_editor_assetsincludes\variations.php:86
actionadmin_initincludes\variations.php:89
actionrest_api_initincludes\variations.php:92
filterboldblocks_post_revision_meta_keysincludes\variations.php:95
actioncbb_version_upgradedincludes\variations.php:101
filterblock_editor_settings_allincludes\variations.php:104
actionadmin_enqueue_scriptsincludes\variations.php:107
actionadd_meta_boxesincludes\variations.php:110
filterrequestincludes\variations.php:613
filterrestrict_manage_postsincludes\variations.php:614
Maintenance & Trust

Content Blocks Builder – Create blocks, repeater blocks with carousel, grid, popup layouts Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedMar 9, 2026
PHP min version7.4
Downloads44K

Community Trust

Rating100/100
Number of ratings13
Active installs1K
Alternatives

Content Blocks Builder – Create blocks, repeater blocks with carousel, grid, popup layouts Alternatives

Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor)

Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor)

content-views-query-and-display-post-page

A
96

Easy to show posts, pages, custom posts in customizable grid, list, slider, accordion... Available as Widgets (for Elementor), Shortcode, and Blocks.

100K 4 CVEs
WP Blog Post Layouts

WP Blog Post Layouts

wp-blog-post-layouts

A
90

Versatile plugin specially designed to create beautiful posts layouts. Fully compatible with Gutenberg and Elementor. Comes with advanced features suc &hellip;

10K 1 CVE
Latest Posts Block – Dynamic Posts Grid, Posts List, Posts Tile with Stunning Layouts for WordPress Blogs & Pages

Latest Posts Block – Dynamic Posts Grid, Posts List, Posts Tile with Stunning Layouts for WordPress Blogs & Pages

latest-posts-block-lite

A
100

Dynamic Posts Grid, Posts List, Posts Tile with Stunning Layouts for WordPress Blogs & Pages

7K No CVEs
LIQUID BLOCKS – Slider, Carousel, Accordion

LIQUID BLOCKS – Slider, Carousel, Accordion

liquid-blocks

A
99

This plugin extends the block editor.

4K 1 CVE
Guten Post Layout – An Advanced Post Grid Collection

Guten Post Layout – An Advanced Post Grid Collection

guten-post-layout

A
91

Most advanced post grid WordPress plugin for Gutenberg. Create post grids, lists, and sliders from default posts or custom post types for WordPress.

1K 1 CVE
Developer Profile

Content Blocks Builder – Create blocks, repeater blocks with carousel, grid, popup layouts Developer Profile

Phi Phan

8 plugins · 28K total installs

100
trust score
Avg Security Score
100/100
Avg Patch Time
5 days
View full developer profile
Detection Fingerprints

How We Detect Content Blocks Builder – Create blocks, repeater blocks with carousel, grid, popup layouts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/content-blocks-builder/build/index.js/wp-content/plugins/content-blocks-builder/build/index.css
Script Paths
/wp-content/plugins/content-blocks-builder/build/index.asset.php
Version Parameters
content-blocks-builder/build/index.js?ver=content-blocks-builder/build/index.css?ver=

HTML / DOM Fingerprints

CSS Classes
wp-block-boldblocks-containerwp-block-boldblocks-repeater
Data Attributes
data-block-id
JS Globals
window.BoldBlocks
FAQ

Frequently Asked Questions about Content Blocks Builder – Create blocks, repeater blocks with carousel, grid, popup layouts