
CP Blocks Security & Risk Analysis
wordpress.org/plugins/cp-blocksCP Blocks allows to insert complementary blocks of code, like buttons, design elements, new functionalities, etc. It supports inserting blocks into th …
Is CP Blocks Safe to Use in 2026?
Generally Safe
Score 99/100CP Blocks has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The cp-blocks plugin, version 1.1.1, exhibits a mixed security posture. On the positive side, it demonstrates good practices by implementing nonce and capability checks on all its AJAX handlers, and a high percentage of its SQL queries use prepared statements, alongside a significant portion of its output being properly escaped. The static analysis also shows no critical or high severity taint flows, which is encouraging. However, the presence of the `unserialize` function is a significant concern. This function is notoriously dangerous when used with user-supplied input, as it can lead to arbitrary object injection and remote code execution if not handled with extreme care and strict validation. Furthermore, the plugin has a history of two medium severity vulnerabilities, specifically Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS), with the last reported in September 2023. While these are currently patched, this history indicates a potential for vulnerabilities to arise in the plugin's handling of user input or state changes. The overall risk is moderate, stemming primarily from the `unserialize` function and the past vulnerability patterns, despite good practices in other areas.
Key Concerns
- Use of unserialize function
- History of 2 medium severity CVEs
CP Blocks Security Vulnerabilities
CVEs by Year
Severity Breakdown
2 total CVEs
CP Blocks <= 1.0.20 - Cross-Site Request Forgery to Settings Update
CP Blocks <= 1.0.14 - Authenticated Stored Cross-Site Scripting via License ID settings
CP Blocks Release Timeline
CP Blocks Code Analysis
Dangerous Functions Found
SQL Query Safety
Output Escaping
Data Flow Analysis
CP Blocks Attack Surface
AJAX Handlers 1
WordPress Hooks 14
Maintenance & Trust
CP Blocks Maintenance & Trust
Maintenance Signals
Community Trust
CP Blocks Alternatives
Code Manager
code-manager
Write, test and deploy PHP, JavaScript, CSS and HTML code blocks from the WordPress dashboard.
ZenBlocks
zenblocks
Custom blocks for the WordPress block editor with responsive controls and advanced button styling.
Layout Grid Block
layout-grid
A Gutenberg container block to let you align items consistently across a global grid.
Asset CleanUp: Page Speed Booster
wp-asset-clean-up
Make your website load FASTER by stopping specific styles (.CSS) & scripts (.JS) from loading. It works best with a page caching plugin / service.
MaxButtons – Create buttons
maxbuttons
Maxbuttons is the best and easiest button plugin for WordPress. Within minutes you can create beautiful buttons, share buttons and social icons.
CP Blocks Developer Profile
34 plugins · 87K total installs
How We Detect CP Blocks
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/cp-blocks/js/cff.connector.js/wp-content/plugins/cp-blocks/js/wpcf7.connector.js/wp-content/plugins/cp-blocks/js/cfte.connector.js/wp-content/plugins/cp-blocks/js/page.connector.js/wp-content/plugins/cp-blocks/js/gutenberg.jsjs/cff.connector.jsjs/wpcf7.connector.jsjs/cfte.connector.jsjs/page.connector.jsjs/gutenberg.jscp-blocks/js/cff.connector.js?ver=cp-blocks/js/wpcf7.connector.js?ver=cp-blocks/js/cfte.connector.js?ver=cp-blocks/js/page.connector.js?ver=cp-blocks/js/gutenberg.js?ver=HTML / DOM Fingerprints
data-cp-blocks-keycp_blocks_data<a href="javascript:jQuery(document).trigger('load_blocks_module','wpcf7');" title="Insert Block" class="button button-primary">Insert Block</a>