WP-Safety

DesignSetGo Security & Risk Analysis

wordpress.org/plugins/designsetgo

Professional WordPress blocks without page builder bloat. 53 blocks + 16 universal extensions that enhance ANY block.

30 active installs v2.0.40 PHP 8.0+ WP 6.7+ Updated Unknown
animationsblocksform-buildergutenbergresponsive
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is DesignSetGo Safe to Use in 2026?

Generally Safe

Score 100/100

DesignSetGo has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The 'designsetgo' plugin v2.0.40 demonstrates a generally good security posture, with a high percentage of properly escaped outputs and the exclusive use of prepared statements for SQL queries. The plugin also implements a reasonable number of capability checks and nonce checks, indicating an awareness of common WordPress security practices. Furthermore, the absence of any recorded vulnerabilities or CVEs in its history suggests a history of stable and secure development.

However, there are specific areas of concern identified in the static analysis. The presence of 2 AJAX handlers and 21 REST API routes, with 2 REST API routes lacking permission callbacks, introduces potential attack vectors that are not adequately protected. Additionally, the use of the `preg_replace(/e)` function, while only appearing twice, is a known indicator of potential Regular Expression Denial of Service (ReDoS) vulnerabilities or other issues related to its evaluation mode. While taint analysis shows no current issues, the identified unprotected entry points and the use of a potentially dangerous function warrant careful consideration.

In conclusion, 'designsetgo' v2.0.40 has strong foundations in secure coding practices, particularly in data handling and output sanitization. The plugin's clean vulnerability history is a significant positive. The primary risks lie in the exposed REST API endpoints and the presence of the `preg_replace(/e)` function, which require immediate attention to mitigate potential security weaknesses and maintain its otherwise robust security profile.

Key Concerns

  • REST API routes without permission callbacks
  • Dangerous function: preg_replace(/e)
Vulnerabilities
None known

DesignSetGo Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

DesignSetGo Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
26 prepared
Unescaped Output
21
631 escaped
Nonce Checks
8
Capability Checks
48
File Operations
22
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

preg_replace(/e)preg_replace( '/eincludes\class-custom-css-renderer.php:286
preg_replace(/e)preg_replace( '/<em[^>]*>(.*?)<\/eincludes\markdown\class-converter.php:217

SQL Query Safety

100% prepared26 total queries

Output Escaping

97% escaped652 total outputs
Attack Surface
2 unprotected

DesignSetGo Attack Surface

Entry Points23
Unprotected2

AJAX Handlers 2

authwp_ajax_designsetgo_scan_blocksincludes\admin\class-block-migrator.php:64
authwp_ajax_designsetgo_convert_blocksincludes\admin\class-block-migrator.php:65

REST API Routes 21

POST/wp-json/designsetgo/v1/draft-mode/createincludes\admin\class-draft-mode-rest.php:360
POST/wp-json/designsetgo/v1/draft-mode/(?P<id>\d+)/publishincludes\admin\class-draft-mode-rest.php:397
DELETE/wp-json/designsetgo/v1/draft-mode/(?P<id>\d+)includes\admin\class-draft-mode-rest.php:416
GET/wp-json/designsetgo/v1/draft-mode/status/(?P<post_id>\d+)includes\admin\class-draft-mode-rest.php:435
POST/wp-json/designsetgo/v1/gdpr/exportincludes\admin\class-gdpr-compliance.php:380
DELETE/wp-json/designsetgo/v1/gdpr/deleteincludes\admin\class-gdpr-compliance.php:401
GET/wp-json/designsetgo/v1/global-stylesincludes\admin\class-global-styles.php:465
POST/wp-json/designsetgo/v1/global-stylesincludes\admin\class-global-styles.php:475
GET/wp-json/designsetgo/v1/settingsincludes\admin\class-settings.php:314
POST/wp-json/designsetgo/v1/settingsincludes\admin\class-settings.php:325
GET/wp-json/designsetgo/v1/blocksincludes\admin\class-settings.php:384
GET/wp-json/designsetgo/v1/extensionsincludes\admin\class-settings.php:395
GET/wp-json/designsetgo/v1/statsincludes\admin\class-settings.php:406
POST/wp-json/designsetgo/v1/form/submitincludes\blocks\class-form-handler.php:159
GET/wp-json/designsetgo/v1/llms-txt/post-typesincludes\llms-txt\class-rest-controller.php:76
POST/wp-json/designsetgo/v1/llms-txt/flush-cacheincludes\llms-txt\class-rest-controller.php:88
POST/wp-json/designsetgo/v1/llms-txt/generate-filesincludes\llms-txt\class-rest-controller.php:100
GET/wp-json/designsetgo/v1/llms-txt/markdown/(?P<post_id>\d+)includes\llms-txt\class-rest-controller.php:112
GET/wp-json/designsetgo/v1/llms-txt/statusincludes\llms-txt\class-rest-controller.php:132
POST/wp-json/designsetgo/v1/llms-txt/resolve-conflictincludes\llms-txt\class-rest-controller.php:144
POST/wp-json/designsetgo/v1/llms-txt/dismiss-conflictincludes\llms-txt\class-rest-controller.php:156
WordPress Hooks 95
actionwp_abilities_api_categories_initincludes\abilities\class-abilities-registry.php:66
actionwp_abilities_api_initincludes\abilities\class-abilities-registry.php:69
actionadmin_menuincludes\admin\class-admin-menu.php:33
actionadmin_menuincludes\admin\class-admin-menu.php:34
actionadmin_enqueue_scriptsincludes\admin\class-admin-menu.php:35
filterdesignsetgo_register_blockincludes\admin\class-block-manager.php:24
filterdesignsetgo_load_extensionincludes\admin\class-block-manager.php:25
actionadmin_enqueue_scriptsincludes\admin\class-block-migrator.php:66
filterpage_row_actionsincludes\admin\class-draft-mode-admin.php:44
filtermanage_pages_columnsincludes\admin\class-draft-mode-admin.php:48
actionmanage_pages_custom_columnincludes\admin\class-draft-mode-admin.php:49
actionadmin_enqueue_scriptsincludes\admin\class-draft-mode-admin.php:52
actioninitincludes\admin\class-draft-mode-preview.php:84
filterthe_postsincludes\admin\class-draft-mode-preview.php:90
actionwpincludes\admin\class-draft-mode-preview.php:93
actiondesignsetgo_draft_createdincludes\admin\class-draft-mode-preview.php:96
actiondesignsetgo_draft_publishedincludes\admin\class-draft-mode-preview.php:97
actiondesignsetgo_draft_discardedincludes\admin\class-draft-mode-preview.php:98
actiondesignsetgo_draft_createdincludes\admin\class-draft-mode-preview.php:101
actionwp_footerincludes\admin\class-draft-mode-preview.php:123
filterbody_classincludes\admin\class-draft-mode-preview.php:126
filterpost_thumbnail_idincludes\admin\class-draft-mode-preview.php:129
actionrest_api_initincludes\admin\class-draft-mode-rest.php:46
actionbefore_delete_postincludes\admin\class-draft-mode.php:52
filterwp_privacy_personal_data_exportersincludes\admin\class-gdpr-compliance.php:35
filterwp_privacy_personal_data_erasersincludes\admin\class-gdpr-compliance.php:36
actionadmin_initincludes\admin\class-gdpr-compliance.php:39
actionrest_api_initincludes\admin\class-gdpr-compliance.php:42
actionadmin_noticesincludes\admin\class-gdpr-compliance.php:45
filterwp_theme_json_data_themeincludes\admin\class-global-styles.php:24
actionrest_api_initincludes\admin\class-global-styles.php:27
actionrest_api_initincludes\admin\class-settings.php:29
actionrest_api_initincludes\blocks\class-form-handler.php:107
actionwp_enqueue_scriptsincludes\blocks\class-form-handler.php:108
actiondesignsetgo_cleanup_old_submissionsincludes\blocks\class-form-handler.php:111
actionsave_postincludes\blocks\class-form-handler.php:114
actioninitincludes\blocks\class-form-submissions.php:27
actionadd_meta_boxesincludes\blocks\class-form-submissions.php:28
filtermanage_dsgo_form_submission_posts_columnsincludes\blocks\class-form-submissions.php:29
actionmanage_dsgo_form_submission_posts_custom_columnincludes\blocks\class-form-submissions.php:30
actioninitincludes\blocks\class-loader.php:24
actioninitincludes\blocks\class-loader.php:25
actioninitincludes\blocks\class-loader.php:26
actioninitincludes\blocks\class-loader.php:27
filterblock_type_metadataincludes\blocks\class-loader.php:28
filterwp_theme_json_data_defaultincludes\blocks\class-loader.php:280
filterrender_block_designsetgo/modalincludes\blocks\class-modal-hooks.php:26
actionwp_footerincludes\blocks\class-modal-hooks.php:27
actionenqueue_block_assetsincludes\class-assets.php:24
actionwp_enqueue_scriptsincludes\class-assets.php:25
actionsave_postincludes\class-assets.php:28
actiondeleted_postincludes\class-assets.php:29
filterstyle_loader_tagincludes\class-assets.php:32
actionwp_headincludes\class-assets.php:33
actionwp_enqueue_scriptsincludes\class-assets.php:34
actionwp_enqueue_scriptsincludes\class-button-global-styles.php:75
actionenqueue_block_assetsincludes\class-button-global-styles.php:76
filterrender_blockincludes\class-custom-css-renderer.php:93
actionwp_footerincludes\class-custom-css-renderer.php:94
filterregister_block_type_argsincludes\class-extension-attributes.php:52
actionwp_enqueue_scriptsincludes\class-icon-injector.php:43
actionenqueue_block_editor_assetsincludes\class-icon-injector.php:44
actioninitincludes\class-overlay-header.php:41
filterbody_classincludes\class-overlay-header.php:42
actionwp_enqueue_scriptsincludes\class-overlay-header.php:43
actionenqueue_block_editor_assetsincludes\class-plugin.php:590
filterblock_categories_allincludes\class-plugin.php:593
filterdesignsetgo_register_blockincludes\class-plugin.php:596
filterrender_block_designsetgo/mapincludes\class-plugin.php:599
filterrender_blockincludes\class-plugin.php:602
filterrender_block_designsetgo/icon-buttonincludes\class-plugin.php:605
filterrender_block_designsetgo/form-builderincludes\class-plugin.php:608
filtersafe_style_cssincludes\class-plugin.php:611
filtersafecss_filter_attr_allow_cssincludes\class-plugin.php:612
filterwp_kses_allowed_htmlincludes\class-plugin.php:613
filterwp_theme_json_data_themeincludes\class-section-styles.php:41
actionwp_enqueue_scriptsincludes\class-sticky-header.php:26
actionwp_headincludes\class-sticky-header.php:27
filterbody_classincludes\class-sticky-header.php:28
filterrender_blockincludes\class-svg-pattern-renderer.php:44
actioninitincludes\llms-txt\class-controller.php:98
filterquery_varsincludes\llms-txt\class-controller.php:99
filterredirect_canonicalincludes\llms-txt\class-controller.php:100
actiontemplate_redirectincludes\llms-txt\class-controller.php:101
actionsave_postincludes\llms-txt\class-controller.php:102
actiondelete_postincludes\llms-txt\class-controller.php:103
actiontransition_post_statusincludes\llms-txt\class-controller.php:104
actionupdate_option_designsetgo_settingsincludes\llms-txt\class-controller.php:105
actioninitincludes\llms-txt\class-controller.php:106
actionrest_api_initincludes\llms-txt\class-controller.php:107
actionadmin_noticesincludes\llms-txt\class-controller.php:108
actionadmin_initincludes\llms-txt\class-controller.php:109
filterrobots_txtincludes\llms-txt\class-controller.php:110
actioninitincludes\patterns\class-loader.php:79
actioninitincludes\patterns\class-loader.php:80

Scheduled Events 1

designsetgo_cleanup_old_submissions
Maintenance & Trust

DesignSetGo Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedUnknown
PHP min version8.0
Downloads3K

Community Trust

Rating100/100
Number of ratings2
Active installs30
Alternatives

DesignSetGo Alternatives

JetFormBuilder — Dynamic Blocks Form Builder

JetFormBuilder — Dynamic Blocks Form Builder

jetformbuilder

A
89

Advanced form builder plugin for Gutenberg. Create forms from the ground up, customize the existing ones, and style them up – all in one editor.

90K 7 CVEs
UiCore Animate – Free Animations, Transitions, and Interactions Addon for Elementor & Gutenberg blocks

UiCore Animate – Free Animations, Transitions, and Interactions Addon for Elementor & Gutenberg blocks

uicore-animate

A
100

UiCore Animate adds page transitions, smooth scroll, and engaging animations to Elementor and Gutenberg blocks, for smoother, engaging experiences.

40K No CVEs
Visibility Controls for Editor Blocks

Visibility Controls for Editor Blocks

visibility-controls-for-editor-blocks

A
100

Easily hide or show Gutenberg blocks on mobile, tablet, and desktop devices using customizable breakpoints for responsive design.

700 No CVEs
Animate Blocks

Animate Blocks

animate-blocks

A
85

Animate Gutenberg blocks plugin for WordPress.

500 No CVEs
Tabs Block

Tabs Block

tabs-block

A
100

Tabs Block is a simple plugin that adds a Gutenberg block for adding Tabs content to your posts and pages.

400 No CVEs
Developer Profile

DesignSetGo Developer Profile

Justin Nealey

1 plugin · 30 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect DesignSetGo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/designsetgo/build/admin.css/wp-content/plugins/designsetgo/build/admin.js
Script Paths
/wp-content/plugins/designsetgo/build/admin.js
Version Parameters
designsetgo/build/admin.js?ver=designsetgo/build/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
designsetgo-admin-app
Data Attributes
data-designsetgo-form-builder
JS Globals
designSetGoAdmin
REST Endpoints
/designsetgo/v1
FAQ

Frequently Asked Questions about DesignSetGo