Does Custom CSS for Blocks have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Custom CSS for Blocks compatible with WordPress 6.1.10?

According to WordPress.org data, Custom CSS for Blocks 1.0 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

Is Custom CSS for Blocks compatible with PHP 5.4+?

Custom CSS for Blocks requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Custom CSS for Blocks updated?

Custom CSS for Blocks was last updated on Dec 28, 2022. Frequent updates are generally a positive security signal.

What is Custom CSS for Blocks's security score?

Custom CSS for Blocks has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Custom CSS for Blocks Security & Risk Analysis

wordpress.org/plugins/custom-css-for-blocks

Custom CSS for Blocks.

0 active installs v1.0 PHP 5.4+ WP 5.6+ Updated Dec 28, 2022

blockscsscustom-csseditorsass

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Custom CSS for Blocks Safe to Use in 2026?

Generally Safe

Score 85/100

Custom CSS for Blocks has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "custom-css-for-blocks" v1.0 plugin demonstrates a mixed security posture. On the positive side, it exhibits a very small attack surface with no unprotected entry points, and all SQL queries utilize prepared statements, indicating good practices in database interaction. The absence of known CVEs and a clean vulnerability history further suggests a relatively secure track record.

However, there are several areas for concern revealed by the static analysis. The plugin makes extensive use of dangerous functions like `unserialize` and `assert`, which can be potent vectors for code injection if not handled with extreme care and proper input validation. The limited number of output escaping instances, with only one out of three properly escaped, indicates a significant risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the plugin performs a substantial number of file operations without any recorded nonce checks or capability checks for a large portion of these operations, increasing the potential for unauthorized file manipulation or access.

In conclusion, while the plugin has a clean history and a minimal attack surface, the heavy reliance on dangerous functions, insufficient output escaping, and potential for insecure file operations present notable risks. These weaknesses, if not addressed, could lead to serious security incidents.

Key Concerns

Dangerous functions used
Low percentage of properly escaped output
No nonce checks
Limited capability checks

Vulnerabilities

None known

Custom CSS for Blocks Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Custom CSS for Blocks Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

Custom CSS for Blocks Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$c = unserialize($c);php-vendor/scssphp/src/Cache.php:136

assertassert($this->scope !== null);php-vendor/scssphp/src/Compiler.php:538

assertassert($sourceMapGenerator !== null);php-vendor/scssphp/src/Compiler.php:552

assertassert($this->scope !== null);php-vendor/scssphp/src/Compiler.php:745

unserialize$value = unserialize($value);php-vendor/scssphp/src/Compiler.php:809

assertassert($block->parent !== null);php-vendor/scssphp/src/Compiler.php:827

assertassert($media instanceof MediaBlock);php-vendor/scssphp/src/Compiler.php:1294

assertassert($this->scope !== null);php-vendor/scssphp/src/Compiler.php:1300

assertassert($block instanceof AtRootBlock);php-vendor/scssphp/src/Compiler.php:1439

assertassert($selfParent !== null, 'at-root blocks must have a selfParent set.');php-vendor/scssphp/src/Compiler.php:1462

assertassert($this->scope !== null);php-vendor/scssphp/src/Compiler.php:1474

assertassert($this->scope !== null);php-vendor/scssphp/src/Compiler.php:1481

assertassert($this->rootBlock !== null);php-vendor/scssphp/src/Compiler.php:1506

assertassert($block instanceof DirectiveBlock || $block instanceof OutputBlock);php-vendor/scssphp/src/Compiler.php:1714

assertassert($this->scope->parent !== null);php-vendor/scssphp/src/Compiler.php:1785

assertassert($this->scope !== null);php-vendor/scssphp/src/Compiler.php:1790

assertassert($block instanceof NestedPropertyBlock);php-vendor/scssphp/src/Compiler.php:1807

assertassert($child[1] instanceof NestedPropertyBlock);php-vendor/scssphp/src/Compiler.php:1826

assertassert($this->scope->parent !== null);php-vendor/scssphp/src/Compiler.php:1848

assertassert($this->scope !== null);php-vendor/scssphp/src/Compiler.php:1882

assertassert($block->selectors !== null);php-vendor/scssphp/src/Compiler.php:1911

assertassert($this->scope !== null);php-vendor/scssphp/src/Compiler.php:1916

assertassert($block->selfParent !== null);php-vendor/scssphp/src/Compiler.php:1934

assertassert($this->scope !== null);php-vendor/scssphp/src/Compiler.php:1990

assertassert($block instanceof CallableBlock);php-vendor/scssphp/src/Compiler.php:3098

assertassert($selectors !== null);php-vendor/scssphp/src/Compiler.php:3126

assertassert($if instanceof IfBlock);php-vendor/scssphp/src/Compiler.php:3150

assertassert($each instanceof EachBlock);php-vendor/scssphp/src/Compiler.php:3168

assertassert($while instanceof WhileBlock);php-vendor/scssphp/src/Compiler.php:3203

assertassert($for instanceof ForBlock);php-vendor/scssphp/src/Compiler.php:3216

assertassert($mixin instanceof CallableBlock);php-vendor/scssphp/src/Compiler.php:3277

assertassert($kebabCaseName !== null);php-vendor/scssphp/src/Compiler.php:3917

assertassert($env->block instanceof MediaBlock);php-vendor/scssphp/src/Compiler.php:5018

assertassert(!empty($parsedPrototypes));php-vendor/scssphp/src/Compiler.php:6418

assertassert(\is_string($arg[0][1]));php-vendor/scssphp/src/Compiler.php:6716

assertassert(\is_string($name));php-vendor/scssphp/src/Compiler.php:6741

assertassert($originalRestArgumentName !== null);php-vendor/scssphp/src/Compiler.php:6872

assertassert($default !== null);php-vendor/scssphp/src/Compiler.php:6893

assertassert(\is_array($value));php-vendor/scssphp/src/Compiler.php:7305

assertassert(\is_array($value));php-vendor/scssphp/src/Compiler.php:7410

assertassert(!empty($selectorsMap));php-vendor/scssphp/src/Compiler.php:10057

assertassert(! empty($block->selectors));php-vendor/scssphp/src/Formatter/Compressed.php:70

assertassert(! empty($block->selectors));php-vendor/scssphp/src/Formatter/Crunched.php:74

assertassert($replacedLine !== null);php-vendor/scssphp/src/Formatter/Expanded.php:61

assertassert($replacedLine !== null);php-vendor/scssphp/src/Formatter/Nested.php:72

assertassert(! empty($block->selectors));php-vendor/scssphp/src/Formatter.php:168

assertassert($out !== false);php-vendor/scssphp/src/Formatter.php:300

assertassert($this->currentBlock->sourceLine !== null);php-vendor/scssphp/src/Formatter.php:343

assertassert($this->currentBlock->sourceName !== null);php-vendor/scssphp/src/Formatter.php:344

assertassert($this->currentBlock->sourceLine !== null);php-vendor/scssphp/src/Formatter.php:360

assertassert($this->currentBlock->sourceName !== null);php-vendor/scssphp/src/Formatter.php:361

assertassert($this->env !== null);php-vendor/scssphp/src/Parser.php:294

assertassert($if instanceof IfBlock);php-vendor/scssphp/src/Parser.php:791

assertassert($this->env !== null);php-vendor/scssphp/src/Parser.php:1056

assertassert(\is_array($include));php-vendor/scssphp/src/Parser.php:1065

assertassert($this->env !== null);php-vendor/scssphp/src/Parser.php:1077

assertassert($this->env !== null);php-vendor/scssphp/src/Parser.php:1146

assertassert($this->env !== null);php-vendor/scssphp/src/Parser.php:1181

assertassert($this->env !== null);php-vendor/scssphp/src/Parser.php:1681

assertassert($this->env !== null);php-vendor/scssphp/src/Parser.php:1698

assertassert($this->env !== null);php-vendor/scssphp/src/Parser.php:1729

assertassert(\is_array($value) || $value instanceof Number);php-vendor/scssphp/src/Parser.php:2240

assertassert(\is_array($value));php-vendor/scssphp/src/Parser.php:2244

assertassert(\is_array($nextValue) || $nextValue instanceof Number);php-vendor/scssphp/src/Parser.php:2273

assertassert($file !== null);php-vendor/scssphp/src/SourceMap/SourceMapGenerator.php:151

assertassert($jsonSourceMap !== false);php-vendor/scssphp/src/SourceMap/SourceMapGenerator.php:233

Output Escaping

33% escaped3 total outputs

Attack Surface

Custom CSS for Blocks Attack Surface

Entry Points1

Unprotected0

REST API Routes 1

POST/wp-json/ccfg-rest/scsscustom-css-for-blocks.php:213

WordPress Hooks 6

actionplugins_loadedcustom-css-for-blocks.php:44

actioninitcustom-css-for-blocks.php:87

actionenqueue_block_editor_assetscustom-css-for-blocks.php:95

actionwp_print_stylescustom-css-for-blocks.php:186

actionrest_api_initcustom-css-for-blocks.php:250

actioninitcustom-css-for-blocks.php:273

Maintenance & Trust

Custom CSS for Blocks Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedDec 28, 2022

PHP min version5.4

Downloads795

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Custom CSS for Blocks Alternatives

BlockGlow — Per-block Custom CSS

blockglow

100

Adds a "Custom CSS" inspector panel to every Gutenberg block and saves per-block CSS files to uploads for front-end enqueuing.

0 No CVEs

Blocks CSS: CSS Editor for Gutenberg Blocks

blocks-css

100

Blocks CSS allows you add custom CSS to your Blocks straight from the Block Editor (Gutenberg).

5K No CVEs

Instant CSS

instant-css

Write your styles beautifully with the power of Visual Studio Code

4K 2 CVEs

Code Manager

code-manager

100

Write, test and deploy PHP, JavaScript, CSS and HTML code blocks from the WordPress dashboard.

500 No CVEs

Responsive CSS EDITOR

responsive-css-editor

WPWOX Responsive CSS Editor provides the easier and efficient method to create breakpoints and add css to them.

400 1 unpatched

Developer Profile

Custom CSS for Blocks Developer Profile

wpbits

2 plugins · 2K total installs

trust score

Avg Security Score

79/100

Avg Patch Time

109 days

View full developer profile

Detection Fingerprints

How We Detect Custom CSS for Blocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/custom-css-for-blocks/build/index.js

Script Paths