Cozy Blocks – All-in-One Website Builder with Gutenberg Blocks, 500+ Patterns and 40+ Homepage Templates for Full Site Editing (FSE) Security & Risk Analysis
wordpress.org/plugins/cozy-addonsBuild stunning WordPress sites with 50+ advanced blocks, 500+ patterns, and 40+ templates—a fast, effortless website builder.
Is Cozy Blocks – All-in-One Website Builder with Gutenberg Blocks, 500+ Patterns and 40+ Homepage Templates for Full Site Editing (FSE) Safe to Use in 2026?
Generally Safe
Score 96/100Cozy Blocks – All-in-One Website Builder with Gutenberg Blocks, 500+ Patterns and 40+ Homepage Templates for Full Site Editing (FSE) has a strong security track record. Known vulnerabilities have been patched promptly.
The Cozy Addons plugin exhibits a mixed security posture. While it demonstrates good practices in its use of prepared statements for SQL queries and robust output escaping, several areas raise concerns. A significant portion of its AJAX handlers and REST API routes lack proper authorization checks, creating a substantial attack surface for unauthorized actions. The plugin also has a history of six medium-severity vulnerabilities, with past common types including code injection and cross-site scripting, indicating a recurring pattern of input sanitization and authorization weaknesses. Although there are currently no unpatched vulnerabilities and no critical taint flows identified in this analysis, the presence of numerous unprotected entry points combined with past vulnerability trends warrants caution. The plugin's strengths lie in its careful handling of SQL and output, but its lack of comprehensive authorization on its entry points is a notable weakness that could be exploited.
Key Concerns
- 4 AJAX handlers without auth checks
- 11 REST API routes without permission callbacks
- 6 medium-severity vulnerabilities in history
- Bundled Freemius v1.0 library
Cozy Blocks – All-in-One Website Builder with Gutenberg Blocks, 500+ Patterns and 40+ Homepage Templates for Full Site Editing (FSE) Security Vulnerabilities
CVEs by Year
Severity Breakdown
6 total CVEs
Cozy Blocks <= 2.1.29 - Unauthenticated Arbitrary Shortcode Execution
Cozy Blocks <= 2.1.22 - Missing Authorization
Cozy Blocks <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Cozy Blocks <= 2.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting
Cozy Blocks <= 2.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting
Cozy Blocks <= 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
Cozy Blocks – All-in-One Website Builder with Gutenberg Blocks, 500+ Patterns and 40+ Homepage Templates for Full Site Editing (FSE) Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
Data Flow Analysis
Cozy Blocks – All-in-One Website Builder with Gutenberg Blocks, 500+ Patterns and 40+ Homepage Templates for Full Site Editing (FSE) Attack Surface
AJAX Handlers 31
REST API Routes 15
WordPress Hooks 77
Scheduled Events 1
Maintenance & Trust
Cozy Blocks – All-in-One Website Builder with Gutenberg Blocks, 500+ Patterns and 40+ Homepage Templates for Full Site Editing (FSE) Maintenance & Trust
Maintenance Signals
Community Trust
Cozy Blocks – All-in-One Website Builder with Gutenberg Blocks, 500+ Patterns and 40+ Homepage Templates for Full Site Editing (FSE) Alternatives
Greenshift – animation and page builder blocks
greenshift-animation-and-page-builder-blocks
More than 20 special blocks for Gutenberg to build complex pages and animations with highest possible web vitals score.
ComboBlocks — Block Library & Page Builder
combo-blocks
Landing Page Builder, Blog Builder, eCommerce Builder, Niche Site Builder, News Site Builder and More.
Spectra Gutenberg Blocks – Website Builder for the Block Editor
ultimate-addons-for-gutenberg
Power-up Gutenberg with advanced blocks for faster website creation. Build your WordPress website effortlessly using powerful building blocks!
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor
kadence-blocks
20+ AI-powered Gutenberg Blocks with endless options, enabling top-notch efficiency for high-performance dynamic website creation.
Page Builder: Pagelayer – Drag and Drop website builder
pagelayer
The most advanced frontend drag & drop page builder. Pagelayer is a light weight but extremely powerful Website Builder.
Cozy Blocks – All-in-One Website Builder with Gutenberg Blocks, 500+ Patterns and 40+ Homepage Templates for Full Site Editing (FSE) Developer Profile
40 plugins · 32K total installs
How We Detect Cozy Blocks – All-in-One Website Builder with Gutenberg Blocks, 500+ Patterns and 40+ Homepage Templates for Full Site Editing (FSE)
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/cozy-addons/assets/css/blocks.editor.min.css/wp-content/plugins/cozy-addons/assets/js/blocks.editor.min.js/wp-content/plugins/cozy-addons/assets/css/frontend.min.css/wp-content/plugins/cozy-addons/blocks/accordion/frontend.js/wp-content/plugins/cozy-addons/blocks/advanced-heading/frontend.js/wp-content/plugins/cozy-addons/blocks/blockquote/frontend.js/wp-content/plugins/cozy-addons/blocks/button/frontend.js/wp-content/plugins/cozy-addons/blocks/call-to-action/frontend.js+80 more/wp-content/plugins/cozy-addons/assets/js/cozy-block-editor.min.js/wp-content/plugins/cozy-addons/assets/js/frontend.min.jscozy-addons/assets/css/blocks.editor.min.css?ver=cozy-addons/assets/js/blocks.editor.min.js?ver=cozy-addons/assets/css/frontend.min.css?ver=cozy-addons/blocks/accordion/frontend.js?ver=cozy-addons/blocks/advanced-heading/frontend.js?ver=cozy-addons/blocks/blockquote/frontend.js?ver=cozy-addons/blocks/button/frontend.js?ver=cozy-addons/blocks/call-to-action/frontend.js?ver=cozy-addons/blocks/carousel/frontend.js?ver=cozy-addons/blocks/circle-progress/frontend.js?ver=cozy-addons/blocks/contact-form-7/frontend.js?ver=cozy-addons/blocks/countdown/frontend.js?ver=cozy-addons/blocks/divider/frontend.js?ver=cozy-addons/blocks/divider-one/frontend.js?ver=cozy-addons/blocks/dual-heading/frontend.js?ver=cozy-addons/blocks/flip-box/frontend.js?ver=cozy-addons/blocks/google-map/frontend.js?ver=cozy-addons/blocks/gallery/frontend.js?ver=cozy-addons/blocks/image-box/frontend.js?ver=cozy-addons/blocks/instagram/frontend.js?ver=cozy-addons/blocks/list/frontend.js?ver=cozy-addons/blocks/modal-popup/frontend.js?ver=cozy-addons/blocks/navigation-menu/frontend.js?ver=cozy-addons/blocks/number-counter/frontend.js?ver=cozy-addons/blocks/post-grid/frontend.js?ver=cozy-addons/blocks/post-slider/frontend.js?ver=cozy-addons/blocks/price-table/frontend.js?ver=cozy-addons/blocks/progressbar/frontend.js?ver=cozy-addons/blocks/pricing-table/frontend.js?ver=cozy-addons/blocks/section/frontend.js?ver=cozy-addons/blocks/slider/frontend.js?ver=cozy-addons/blocks/social-share/frontend.js?ver=cozy-addons/blocks/tabs/frontend.js?ver=cozy-addons/blocks/testimonial/frontend.js?ver=cozy-addons/blocks/testimonial-slider/frontend.js?ver=cozy-addons/blocks/timeline/frontend.js?ver=cozy-addons/blocks/tooltip/frontend.js?ver=cozy-addons/blocks/video/frontend.js?ver=cozy-addons/blocks/woo-add-to-cart/frontend.js?ver=cozy-addons/blocks/woo-products/frontend.js?ver=cozy-addons/blocks/woo-search/frontend.js?ver=cozy-addons/blocks/woo-categories/frontend.js?ver=cozy-addons/assets/js/frontend.min.js?ver=HTML / DOM Fingerprints
cozy-accordion-wrapcozy-accordion-itemcozy-accordion-headercozy-accordion-contentcozy-advanced-heading-wrapcozy-blockquote-wrapcozy-button-wrapcozy-cta-wrap+35 more<!-- wp:cozy-addons/accordion --><!-- wp:cozy-addons/advanced-heading --><!-- wp:cozy-addons/blockquote --><!-- wp:cozy-addons/button -->+35 moredata-block-client-iddata-cozy-accordiondata-cozy-tabsdata-cozy-sliderdata-cozy-carouseldata-cozy-testimonial-slider+1 morewindow.cozyBlockAccordionInitcozyAccordion_window.cozyBlockTabsInitcozyTabs_window.cozyBlockSliderInitcozySlider_+8 more