Does CP Blocks have any unpatched vulnerabilities?

No. All known vulnerabilities in CP Blocks have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CP Blocks compatible with WordPress 6.8.5?

According to WordPress.org data, CP Blocks 1.1.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is CP Blocks updated?

CP Blocks was last updated on Apr 2, 2025. Frequent updates are generally a positive security signal.

What is CP Blocks's security score?

CP Blocks has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CP Blocks Security & Risk Analysis

wordpress.org/plugins/cp-blocks

CP Blocks allows to insert complementary blocks of code, like buttons, design elements, new functionalities, etc. It supports inserting blocks into th …

1K active installs v1.1.1 PHP + WP 3.0.5+ Updated Apr 2, 2025

blocksbuttoncssdesignscript

A · Safe

CVEs total2

Unpatched0

Last CVESep 5, 2023

Plugin page Download

Safety Verdict

Is CP Blocks Safe to Use in 2026?

Generally Safe

Score 91/100

CP Blocks has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Sep 5, 2023Updated 1yr ago

Risk Assessment

The cp-blocks plugin, version 1.1.1, exhibits a mixed security posture. On the positive side, it demonstrates good practices by implementing nonce and capability checks on all its AJAX handlers, and a high percentage of its SQL queries use prepared statements, alongside a significant portion of its output being properly escaped. The static analysis also shows no critical or high severity taint flows, which is encouraging. However, the presence of the `unserialize` function is a significant concern. This function is notoriously dangerous when used with user-supplied input, as it can lead to arbitrary object injection and remote code execution if not handled with extreme care and strict validation. Furthermore, the plugin has a history of two medium severity vulnerabilities, specifically Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS), with the last reported in September 2023. While these are currently patched, this history indicates a potential for vulnerabilities to arise in the plugin's handling of user input or state changes. The overall risk is moderate, stemming primarily from the `unserialize` function and the past vulnerability patterns, despite good practices in other areas.

Key Concerns

Use of unserialize function
History of 2 medium severity CVEs

Vulnerabilities

CP Blocks Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2023-41732medium · 4.3Cross-Site Request Forgery (CSRF)

CP Blocks <= 1.0.20 - Cross-Site Request Forgery to Settings Update

Sep 5, 2023 Patched in 1.0.21 (140d)

CVE-2022-0448medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CP Blocks <= 1.0.14 - Authenticated Stored Cross-Site Scripting via License ID settings

Feb 2, 2022 Patched in 1.0.15 (720d)

Code Analysis

Analyzed Mar 16, 2026

CP Blocks Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

65 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializeif ( ! is_admin() || ( ! $current_user_access && ! @in_array( $current_user->ID, unserialize( $this-admin-int-license.inc.php:6

SQL Query Safety

60% prepared5 total queries

Output Escaping

92% escaped71 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<admin-int-license.inc> (admin-int-license.inc.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

CP Blocks Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_cp_feedbackfeedback\cp-feedback.php:23

WordPress Hooks 14

actionadmin_bar_menubanner.php:106

filteroption_sbp_settingscp-blocks-plugin.php:20

actioninitcp-blocks-plugin.php:51

actionadmin_enqueue_scriptscp-blocks-plugin.php:54

actionadmin_menucp-blocks-plugin.php:55

actionmedia_buttonscp-blocks-plugin.php:56

actionenqueue_block_editor_assetscp-blocks-plugin.php:57

actionmedia_buttonscp-blocks-plugin.php:58

actionwp_dashboard_setupcp-blocks-plugin.php:60

actionplugins_loadedcp-main-class.inc.php:17

actionadmin_initcp-main-class.inc.php:20

filtertiny_mce_before_initcp-main-class.inc.php:21

actionadmin_enqueue_scriptsfeedback\cp-feedback.php:22

actionadmin_footerfeedback\cp-feedback.php:32

Maintenance & Trust

CP Blocks Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 2, 2025

PHP min version

Downloads34K

Community Trust

Rating100/100

Number of ratings12

Active installs1K

Alternatives

CP Blocks Alternatives

Code Manager

code-manager

100

Write, test and deploy PHP, JavaScript, CSS and HTML code blocks from the WordPress dashboard.

500 No CVEs

Layout Grid Block

layout-grid

A Gutenberg container block to let you align items consistently across a global grid.

200K No CVEs

Asset CleanUp: Page Speed Booster

wp-asset-clean-up

Make your website load FASTER by stopping specific styles (.CSS) & scripts (.JS) from loading. It works best with a page caching plugin / service.

100K 6 CVEs

MaxButtons – Create buttons

maxbuttons

Maxbuttons is the best and easiest button plugin for WordPress. Within minutes you can create beautiful buttons, share buttons and social icons.

80K 13 CVEs

Gravity Booster – Styles & Layouts for Gravity Forms

styles-and-layouts-for-gravity-forms

100

Gravity Booster - Styles and Layouts for Gravity Forms plugin lets you design and style Gravity Forms without CSS coding. You can also use it for addi …

40K No CVEs

Developer Profile

CP Blocks Developer Profile

codepeople

34 plugins · 89K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

964 days

View full developer profile

Detection Fingerprints

How We Detect CP Blocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cp-blocks/js/cff.connector.js/wp-content/plugins/cp-blocks/js/wpcf7.connector.js/wp-content/plugins/cp-blocks/js/cfte.connector.js/wp-content/plugins/cp-blocks/js/page.connector.js/wp-content/plugins/cp-blocks/js/gutenberg.js

Script Paths

js/cff.connector.jsjs/wpcf7.connector.jsjs/cfte.connector.jsjs/page.connector.jsjs/gutenberg.js

Version Parameters

cp-blocks/js/cff.connector.js?ver=cp-blocks/js/wpcf7.connector.js?ver=cp-blocks/js/cfte.connector.js?ver=cp-blocks/js/page.connector.js?ver=cp-blocks/js/gutenberg.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-cp-blocks-key

JS Globals

cp_blocks_data

Shortcode Output

<a href="javascript:jQuery(document).trigger('load_blocks_module','wpcf7');" title="Insert Block" class="button button-primary">Insert Block</a>

FAQ