Does Content Blocks (Custom Post Widget) have any unpatched vulnerabilities?

No. All known vulnerabilities in Content Blocks (Custom Post Widget) have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Content Blocks (Custom Post Widget) compatible with WordPress 6.9.4?

According to WordPress.org data, Content Blocks (Custom Post Widget) 3.4.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Content Blocks (Custom Post Widget) updated?

Content Blocks (Custom Post Widget) was last updated on Jan 27, 2026. Frequent updates are generally a positive security signal.

What is Content Blocks (Custom Post Widget)'s security score?

Content Blocks (Custom Post Widget) has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Content Blocks (Custom Post Widget) Security & Risk Analysis

wordpress.org/plugins/custom-post-widget

This plugin enables you to edit and display Content Blocks in a sidebar widget or using a shortcode.

10K active installs v3.4.1 PHP + WP 4.6+ Updated Jan 27, 2026

blockcontent-blockcustom-postshortcodewidget

A · Safe

CVEs total5

Unpatched0

Last CVEFeb 19, 2025

Plugin page Download

Safety Verdict

Is Content Blocks (Custom Post Widget) Safe to Use in 2026?

Generally Safe

Score 96/100

Content Blocks (Custom Post Widget) has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Feb 19, 2025Updated 2mo ago

Risk Assessment

The static analysis of the 'custom-post-widget' plugin v3.4.1 reveals a generally good security posture with several strengths. Notably, there are no observed dangerous functions, all SQL queries use prepared statements, and file operations and external HTTP requests are absent. The plugin also demonstrates a decent effort in securing its entry points, with a high percentage of outputs properly escaped and a good number of capability checks in place. The presence of a nonce check is also a positive sign.

Key Concerns

Significant historical vulnerability count
Previous Cross-site Scripting (XSS) vulnerabilities
Previous PHP Remote File Inclusion vulnerabilities
Moderate unescaped output percentage

Vulnerabilities

Content Blocks (Custom Post Widget) Security Vulnerabilities

CVEs by Year

4 CVEs in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

5 total CVEs

CVE-2024-6432medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Content Blocks (Custom Post Widget) <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter

Feb 19, 2025 Patched in 3.3.6 (1d)

CVE-2024-44051medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Content Blocks (Custom Post Widget) <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 5, 2024 Patched in 3.3.6 (30d)

CVE-2024-3565medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Content Blocks (Custom Post Widget) <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_block Shortcode

May 31, 2024 Patched in 3.3.1 (1d)

CVE-2024-3564high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Content Blocks (Custom Post Widget) <= 3.3.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode

May 31, 2024 Patched in 3.3.1 (1d)

CVE-2024-34566medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Content Blocks (Custom Post Widget) <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 7, 2024 Patched in 3.3.1 (9d)

Code Analysis

Analyzed Mar 16, 2026

Content Blocks (Custom Post Widget) Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

77 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

84% escaped92 total outputs

Attack Surface

Content Blocks (Custom Post Widget) Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[cpw_content_block] custom-post-widget.php:125

[content_block] shortcode.php:100

WordPress Hooks 17

actionwidgets_initcustom-post-widget.php:35

actionplugins_loadedcustom-post-widget.php:37

actioninitcustom-post-widget.php:55

actionplugins_loadedcustom-post-widget.php:61

filterplugin_row_metacustom-post-widget.php:81

actionadmin_enqueue_scriptscustom-post-widget.php:96

actionmedia_buttonscustom-post-widget.php:102

actionadmin_footercustom-post-widget.php:103

actionadmin_headcustom-post-widget.php:106

actionvc_before_initcustom-post-widget.php:166

actionelementor/widgets/registerelementor-widget.php:14

actionadd_meta_boxes_content_blockmeta-box.php:10

actionsave_postmeta-box.php:59

filtermanage_edit-content_block_columnsmeta-box.php:66

actionmanage_posts_custom_columnmeta-box.php:78

actioninitpost-type.php:37

filterpost_updated_messagespost-type.php:62

Maintenance & Trust

Content Blocks (Custom Post Widget) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 27, 2026

PHP min version

Downloads728K

Community Trust

Rating98/100

Number of ratings80

Active installs10K

Alternatives

Content Blocks (Custom Post Widget) Alternatives

Apollo13 Framework Extensions

apollo13-framework-extensions

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs

Reusable Blocks Extended

reusable-blocks-extended

100

Extend Gutenberg Reusable Blocks feature with a complete admin panel, widgets, shortcodes and PHP functions.

20K 1 CVE

Reusable Content Blocks

reusable-content-blocks

Reusable Content Blocks plugin allows you to insert contents (pages, posts, custom post types) created with WPBakery Page Builder into other contents, …

4K No CVEs

List Last Changes

list-last-changes

Shows a list of the last changes of a WordPress site.

1K 1 CVE

Simple Ticker

simple-ticker

100

Displays the ticker.

500 1 CVE

Developer Profile

Content Blocks (Custom Post Widget) Developer Profile

Johan van der Wijk

4 plugins · 25K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect Content Blocks (Custom Post Widget)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/custom-post-widget/assets/css/custom-post-widget.css/wp-content/plugins/custom-post-widget/assets/js/clipboard-init.js

Script Paths

wp-content/plugins/custom-post-widget/assets/js/clipboard-init.js

Version Parameters

custom-post-widget.css?ver=clipboard-init.js?ver=

HTML / DOM Fingerprints

CSS Classes

content_block

Data Attributes

data-clipboard-text

JS Globals

clipboard

Shortcode Output

<div class="content_block"><div class='content_block_wrapper'><div class='content_block_title'><h3 class='content_block_title'>

FAQ