WP-Safety

Dev Content Blocks Security & Risk Analysis

wordpress.org/plugins/dev-content-blocks

Content blocks for global content, with revisions. Use HTML without formatting being broken. Not only for devs.

300 active installs v1.4.1 PHP 5.6+ WP 4.0.1+ Updated Dec 25, 2018
content-blockshtmlmodularreusable-contentshortcodes
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Dev Content Blocks Safe to Use in 2026?

Generally Safe

Score 85/100

Dev Content Blocks has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "dev-content-blocks" v1.4.1 plugin exhibits a generally good security posture based on the provided static analysis. It demonstrates strong adherence to secure coding practices by avoiding dangerous functions, not performing raw SQL queries, and utilizing prepared statements exclusively. The plugin also incorporates a reasonable number of nonce and capability checks, indicating an awareness of common WordPress security mechanisms. There are no recorded vulnerabilities in its history, which is a positive sign. However, a significant concern arises from the output escaping. With only 40% of outputs properly escaped, this leaves a considerable portion potentially vulnerable to Cross-Site Scripting (XSS) attacks. While the attack surface appears small and no critical taint flows were identified, the lack of robust output sanitization is the primary weakness that needs immediate attention. This is a critical area that could be exploited despite other positive security indicators.

Key Concerns

  • Output escaping is only 40% proper
Vulnerabilities
None known

Dev Content Blocks Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Dev Content Blocks Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
15
10 escaped
Nonce Checks
2
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

40% escaped25 total outputs
Attack Surface

Dev Content Blocks Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[dcb] shortcode.php:63
WordPress Hooks 21
actionadd_meta_boxesmetabox-blocks.php:4
actionsave_postmetabox-blocks.php:5
actionedit_form_after_titlemetabox-blocks.php:119
actionadd_meta_boxesmetabox-info.php:4
actionedit_form_after_titlemetabox-info.php:57
actionadd_meta_boxesmetabox-options.php:14
actionedit_form_after_titlemetabox-options.php:89
actionsave_postmetabox-options.php:105
actioninitpost-type.php:61
filtersingle_templatepost-type.php:81
actionwppost-type.php:96
actionadmin_enqueue_scriptspost-type.php:115
actionwp_restore_post_revisionrevisions.php:24
actionwp_creating_autosaverevisions.php:27
actionwp_before_creating_autosaverevisions.php:28
action_wp_put_post_revisionrevisions.php:31
filterwp_save_post_revision_post_has_changedrevisions.php:35
filterwp_prepare_revision_for_jsrevisions.php:38
filterwp_get_revision_ui_diffrevisions.php:41
filterget_post_metadatarevisions.php:123
filterwp_post_revision_meta_keysrevisions.php:294
Maintenance & Trust

Dev Content Blocks Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25
Last updatedDec 25, 2018
PHP min version5.6
Downloads4K

Community Trust

Rating100/100
Number of ratings1
Active installs300
Alternatives

Dev Content Blocks Alternatives

Reusable Content Blocks

Reusable Content Blocks

reusable-content-blocks

A
85

Reusable Content Blocks plugin allows you to insert contents (pages, posts, custom post types) created with WPBakery Page Builder into other contents, …

4K No CVEs
WP Shortcode by Drimify

WP Shortcode by Drimify

drimify-widget

A
100

Drimify Widget is a free WP plugin, that provides easy way to integrate your HTML5 games and interactive contents created on Drimify.com

60 No CVEs
Insert Title

Insert Title

insert-title

A
85

This plugin simply Insert post's or page's title in content area. If you are really sick of copying and pasting title in content again and a …

30 No CVEs
Post Content Shortcode

Post Content Shortcode

post-content-shortcode

A
100

Embed the content of another post using a simple shortcode. Useful for reusing content across pages or posts.

30 No CVEs
Custom HTML & JS Shortcodes by AnWP.pro

Custom HTML & JS Shortcodes by AnWP.pro

custom-html-js-shortcodes-by-anwppro

A
85

Easily create custom HTML and Javascript shortcodes. Syntax highlighting and revisions support.

10 No CVEs
Developer Profile

Dev Content Blocks Developer Profile

Allon Sacks

2 plugins · 370 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Dev Content Blocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/dev-content-blocks/css/jquery-ui.css/wp-content/plugins/dev-content-blocks/css/styles.css/wp-content/plugins/dev-content-blocks/js/scripts.js/wp-content/plugins/dev-content-blocks/ace/src-min-noconflict/ace.js/wp-content/plugins/dev-content-blocks/ace/src-min-noconflict/ext-language_tools.js
Script Paths
/wp-content/plugins/dev-content-blocks/js/scripts.js/wp-content/plugins/dev-content-blocks/ace/src-min-noconflict/ace.js/wp-content/plugins/dev-content-blocks/ace/src-min-noconflict/ext-language_tools.js
Version Parameters
dev-content-blocks/css/jquery-ui.css?ver=dev-content-blocks/css/styles.css?ver=dev-content-blocks/js/scripts.js?ver=dev-content-blocks/ace/src-min-noconflict/ace.js?ver=dev-content-blocks/ace/src-min-noconflict/ext-language_tools.js?ver=

HTML / DOM Fingerprints

CSS Classes
dc_dcb_editor_container
Data Attributes
name="dc_dcb_html"name="dc_dcb_css"name="dc_dcb_js"name="dc_dcb_show_post"name="dc_dcb_display_metabox_nonce"
JS Globals
acelanguageTools
Shortcode Output
[dcb
FAQ

Frequently Asked Questions about Dev Content Blocks