WP-Safety

Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns Security & Risk Analysis

wordpress.org/plugins/essential-blocks

Gutenberg block editor with AI. 70+ Gutenberg blocks, patterns, WooCommerce blocks, post grid, gallery, menu with Gutenberg block library.

200K active installs v6.0.5 PHP 7.4+ WP 5.8+ Updated Mar 9, 2026
block-editorgenerate-with-aigutenberggutenberg-templatesgutenberg-woocommerce
83
B · Generally Safe
CVEs total28
Unpatched0
Last CVEDec 16, 2025
Plugin page Download
Safety Verdict

Is Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns Safe to Use in 2026?

Mostly Safe

Score 83/100

Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns is generally safe to use. 28 past CVEs were resolved. Keep it updated.

28 known CVEsLast CVE: Dec 16, 2025Updated 27d ago
Risk Assessment

The static analysis of essential-blocks v6.0.5 reveals a mixed security posture. On the positive side, the plugin demonstrates strong adherence to secure coding practices in several areas. The vast majority of SQL queries utilize prepared statements (94%), and a high percentage of output is properly escaped (96%). Nonce and capability checks are also implemented frequently, indicating an awareness of common WordPress security mechanisms. The absence of unprotected AJAX handlers and REST API routes is a significant strength, reducing the direct attack surface.

Key Concerns

  • Dangerous function (unserialize) found
  • Flows with unsanitized paths identified
  • High severity taint flows present
  • High historical CVE count (28)
  • Historical critical CVE present
  • Historical high severity CVEs present
  • Bundled TinyMCE library
Vulnerabilities
28

Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns Security Vulnerabilities

CVEs by Year

11 CVEs in 2023
2023
9 CVEs in 2024
2024
8 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
2
Medium
25

28 total CVEs

CVE-2025-11369medium · 4.3Missing Authorization

Essential Blocks <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information Disclosure

Dec 16, 2025 Patched in 5.7.3 (57d)
CVE-2025-11361medium · 6.4Server-Side Request Forgery (SSRF)

Essential Blocks <= 5.7.1 - Authenticated (Author+) Server-Side Request Forgery

Oct 17, 2025 Patched in 5.7.2 (45d)
CVE-2025-11270medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 17, 2025 Patched in 5.7.2 (1d)
CVE-2025-4682medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Slider and Post Carousel Widgets

May 26, 2025 Patched in 5.4.1 (1d)
CVE-2025-1664medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 7, 2025 Patched in 5.3.2 (1d)
CVE-2024-13803medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 25, 2025 Patched in 5.3.0 (1d)
CVE-2025-26871medium · 4.3Missing Authorization

Essential Blocks for Gutenberg <= 4.8.3 - Missing Authorization

Feb 22, 2025 Patched in 4.8.4 (10d)
CVE-2024-12045medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting

Jan 7, 2025 Patched in 5.1.1 (1d)
CVE-2024-47385medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Essential Blocks for Gutenberg <= 4.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 30, 2024 Patched in 4.9.0 (11d)
CVE-2024-5595medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 12, 2024 Patched in 4.7.0 (29d)
CVE-2024-4891medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 16, 2024 Patched in 4.5.13 (2d)
CVE-2024-3818medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.9 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting via "Social Icons" Block

Apr 18, 2024 Patched in 4.5.10 (1d)
CVE-2024-31306medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Essential Blocks for Gutenberg <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 5, 2024 Patched in 4.5.4 (7d)
CVE-2024-30467medium · 4.3Missing Authorization

Essential Blocks for Gutenberg <= 4.4.9 - Missing Authorization

Mar 28, 2024 Patched in 4.4.10 (7d)
CVE-2024-2255medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 19, 2024 Patched in 4.5.4 (4d)
CVE-2024-1854medium · 6.4Improper Input Validation

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 28, 2024 Patched in 4.5.2 (15d)
CVE-2023-7071medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 9, 2024 Patched in 4.4.7 (203d)
CVE-2023-51359medium · 5.4Missing Authorization

Essential Blocks for Gutenberg <= 4.2.0 - Incorrect Authorization Checks

Dec 26, 2023 Patched in 4.2.1 (28d)
CVE-2023-6623critical · 9.8Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Essential Blocks <= 4.4.2 - Unauthenticated Local File Inclusion

Dec 21, 2023 Patched in 4.4.3 (48d)
CVE-2023-47760medium · 4.3Missing Authorization

Essential Blocks for Gutenberg <= 4.2.0 - Missing Authorization via AJAX actions

Nov 13, 2023 Patched in 4.2.1 (71d)
CVE-2023-4402high · 8.1Deserialization of Untrusted Data

Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products

Sep 13, 2023 Patched in 4.2.1 (132d)
CVE-2023-4386high · 8.1Deserialization of Untrusted Data

Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries

Sep 13, 2023 Patched in 4.2.1 (132d)
CVE-2023-2084medium · 4.3Missing Authorization

Essential Blocks <= 4.0.6 - Missing Authorization via get

Apr 18, 2023 Patched in 4.0.7 (280d)
CVE-2023-2086medium · 4.3Missing Authorization

Essential Blocks <= 4.0.6 - Missing Authorization via template_count

Apr 18, 2023 Patched in 4.0.7 (280d)
CVE-2023-2085medium · 4.3Missing Authorization

Essential Blocks <= 4.0.6 - Missing Authorization via templates

Apr 18, 2023 Patched in 4.0.7 (280d)
CVE-2023-2087medium · 4.3Cross-Site Request Forgery (CSRF)

Essential Blocks <= 4.0.6 - Cross-Site Request Forgery via save

Apr 18, 2023 Patched in 4.0.7 (280d)
CVE-2023-2083medium · 4.3Missing Authorization

Essential Blocks <= 4.0.6 - Missing Authorization via save

Apr 18, 2023 Patched in 4.0.7 (280d)
CVE-2022-47594medium · 4.3Missing Authorization

Essential Blocks for Gutenberg <= 3.8.5 - Cross-Site Request Forgery

Jan 20, 2023 Patched in 3.8.6 (368d)
Code Analysis
Analyzed Mar 16, 2026

Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns Code Analysis

Dangerous Functions
7
Raw SQL Queries
1
16 prepared
Unescaped Output
31
689 escaped
Nonce Checks
44
Capability Checks
54
File Operations
26
External Requests
14
Bundled Libraries
1

Dangerous Functions Found

unserialize$field_settings = isset( $settings->settings ) ? unserialize( $settings->settings ) : [ ];includes\Integrations\Form.php:52
unserialize$form_fields = unserialize( $settings->fields );includes\Integrations\Form.php:87
unserialize$formSettings = unserialize( $settings->form_options );includes\Integrations\Form.php:100
unserialize$form_fields = unserialize( $settings->fields );includes\Integrations\Form.php:111
unserialize$response[ 'fields' ] = (object) unserialize( $result->fields );includes\Integrations\Form.php:205
unserialize$response[ 'form_options' ] = (object) unserialize( $result->form_options );includes\Integrations\Form.php:208
unserialize$response[ 'settings' ] = (object) unserialize( $result->settings );includes\Integrations\Form.php:211

Bundled Libraries

TinyMCE

SQL Query Safety

94% prepared17 total queries

Output Escaping

96% escaped720 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

16 flows7 with unsanitized paths
send_data (includes\Dependencies\Insights.php:480)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns Attack Surface

Entry Points11
Unprotected0

AJAX Handlers 11

authwp_ajax_save_eb_admin_optionsincludes\Admin\Admin.php:56
authwp_ajax_get_eb_admin_optionsincludes\Admin\Admin.php:57
authwp_ajax_eb_save_quick_toolbar_blocksincludes\Admin\Admin.php:58
authwp_ajax_hide_pattern_libraryincludes\Admin\Admin.php:59
authwp_ajax_reset_eb_admin_optionsincludes\Admin\Admin.php:60
authwp_ajax_get_eb_admin_templatesincludes\Admin\Admin.php:61
authwp_ajax_get_eb_admin_template_countincludes\Admin\Admin.php:62
authwp_ajax_eb_admin_promotionincludes\Admin\Admin.php:63
authwp_ajax_eb_dismiss_pointerincludes\Admin\PointerNotices.php:33
authwp_ajax_eb_quick_setup_save_trackingincludes\Admin\QuickSetup.php:16
authwp_ajax_eb_save_quick_setupincludes\Admin\QuickSetup.php:17
WordPress Hooks 101
actionadmin_initincludes\Admin\Admin.php:42
actioninitincludes\Admin\Admin.php:44
actionadmin_menuincludes\Admin\Admin.php:46
actionin_plugin_update_message-essential-blocks/essential-blocks.phpincludes\Admin\Admin.php:49
filterblock_categories_allincludes\Admin\Admin.php:51
actionadmin_enqueue_scriptsincludes\Admin\Admin.php:53
actionadmin_enqueue_scriptsincludes\Admin\Admin.php:54
actionplugin_action_linksincludes\Admin\Admin.php:64
actioneb_admin_page_settingincludes\Admin\Admin.php:65
actionin_admin_headerincludes\Admin\Admin.php:66
actionadmin_initincludes\Admin\Admin.php:69
actionadmin_initincludes\Admin\Admin.php:70
actionadmin_footerincludes\Admin\Admin.php:71
actionadmin_initincludes\Admin\Admin.php:208
actionadmin_noticesincludes\Admin\Admin.php:1080
actionadmin_enqueue_scriptsincludes\Admin\PointerNotices.php:32
actioninitincludes\Admin\PointerNotices.php:36
actionadmin_menuincludes\Admin\QuickSetup.php:13
actionadmin_enqueue_scriptsincludes\Admin\QuickSetup.php:14
actionadmin_enqueue_scriptsincludes\Admin\QuickSetup.php:15
actionin_admin_headerincludes\Admin\QuickSetup.php:19
filterwoocommerce_product_add_to_cart_textincludes\API\Product.php:128
actionrest_api_initincludes\API\Server.php:11
filterwoocommerce_is_sold_individuallyincludes\Blocks\AddToCart.php:95
filterwoocommerce_product_single_add_to_cart_textincludes\Blocks\AddToCart.php:97
filterwoocommerce_breadcrumb_defaultsincludes\Blocks\Breadcrumbs.php:254
filterwp_kses_allowed_htmlincludes\Blocks\Form.php:83
filterwoocommerce_product_tabsincludes\Blocks\ProductDetails.php:100
filterwoocommerce_product_additional_information_headingincludes\Blocks\ProductDetails.php:101
filterwoocommerce_product_description_headingincludes\Blocks\ProductDetails.php:102
filterwp_kses_allowed_htmlincludes\Blocks\TableOfContents.php:467
filterwoocommerce_product_add_to_cart_textincludes\Blocks\WooProductGrid.php:164
actionadmin_initincludes\Core\BlocksPatterns.php:26
actionwp_headincludes\Core\FaqSchema.php:20
filterrender_blockincludes\Core\FontLoader.php:37
actionwp_footerincludes\Core\FontLoader.php:40
actionadmin_initincludes\Core\Maintenance.php:14
filtertheme_page_templatesincludes\Core\PageTemplates.php:22
filtertheme_post_templatesincludes\Core\PageTemplates.php:23
filterwp_insert_post_dataincludes\Core\PageTemplates.php:26
filtertemplate_includeincludes\Core\PageTemplates.php:30
actioninitincludes\Core\PageTemplates.php:31
actioninitincludes\Core\Scripts.php:35
actionadmin_initincludes\Core\Scripts.php:79
actionadmin_initincludes\Core\Scripts.php:80
actionenqueue_block_editor_assetsincludes\Core\Scripts.php:83
actionenqueue_block_editor_assetsincludes\Core\Scripts.php:84
actionwp_enqueue_scriptsincludes\Core\Scripts.php:85
actionadmin_enqueue_scriptsincludes\Core\Scripts.php:86
actioninitincludes\Core\Scripts.php:87
actionwp_headincludes\Core\Scripts.php:90
actionadmin_print_footer_scriptsincludes\Dependencies\Insights.php:173
actionadmin_print_footer_scripts-plugins.phpincludes\Dependencies\Insights.php:174
actionadmin_print_styles-plugins.phpincludes\Dependencies\Insights.php:175
actionadmin_initincludes\Dependencies\Notice\Notice.php:75
actionadmin_noticesincludes\Dependencies\Notice\Utils\CacheBank.php:28
actionadmin_footerincludes\Dependencies\Notice\Utils\CacheBank.php:29
actionin_admin_headerincludes\Dependencies\Notice\Utils\CacheBank.php:141
actioninitincludes\Dependencies\Notice\Utils\NoticeRemover.php:19
actioneb_process_ai_jobincludes\Integrations\AI\JobManager.php:323
actioneb_cleanup_ai_jobsincludes\Integrations\AI\JobManager.php:335
actioneb_cleanup_stuck_ai_jobsincludes\Integrations\AI\JobManager.php:336
actionsave_postincludes\Integrations\BlockUsage.php:11
actioninitincludes\Integrations\TemplatelyPatterns.php:33
actioneb_pattern_update_cronincludes\Integrations\TemplatelyPatterns.php:34
filterdynamic_sidebar_paramsincludes\Modules\StyleHandler.php:71
actionsave_postincludes\Modules\StyleHandler.php:73
actionwpincludes\Modules\StyleHandler.php:74
actioneb_after_save_responsiveBreakpoints_settingsincludes\Modules\StyleHandler.php:76
actioneb_after_reset_responsiveBreakpoints_settingsincludes\Modules\StyleHandler.php:77
filtergenerate_element_post_idincludes\Modules\StyleHandler.php:78
actionwp_footerincludes\Modules\StyleHandler.php:79
actionwp_enqueue_scriptsincludes\Modules\StyleHandler.php:82
filterrender_blockincludes\Modules\StyleHandler.php:84
actiontemplately_printed_locationincludes\Modules\StyleHandler.php:89
actionwp_enqueue_scriptsincludes\Modules\StyleHandler.php:92
filter404_templateincludes\Modules\StyleHandler.php:603
filterarchive_templateincludes\Modules\StyleHandler.php:604
filtercategory_templateincludes\Modules\StyleHandler.php:605
filterfrontpage_templateincludes\Modules\StyleHandler.php:606
filterhome_templateincludes\Modules\StyleHandler.php:607
filterindex_templateincludes\Modules\StyleHandler.php:608
filterpage_templateincludes\Modules\StyleHandler.php:609
filtersearch_templateincludes\Modules\StyleHandler.php:610
filtersingle_templateincludes\Modules\StyleHandler.php:611
filtersingular_templateincludes\Modules\StyleHandler.php:612
filtertag_templateincludes\Modules\StyleHandler.php:613
filtertaxonomy_templateincludes\Modules\StyleHandler.php:614
actioninitincludes\Plugin.php:141
filterwp_kses_allowed_htmlincludes\Plugin.php:153
actionplugins_loadedincludes\Plugin.php:156
actionwp_loadedincludes\Plugin.php:158
filterupload_mimesincludes\Plugin.php:160
filterwp_check_filetype_and_extincludes\Plugin.php:161
filterwp_handle_upload_prefilterincludes\Plugin.php:162
filterrender_blockincludes\Plugin.php:165
actioninitincludes\Plugin.php:267
filtersafe_style_cssincludes\Utils\Helper.php:114
filtersafe_style_cssincludes\Utils\Helper.php:264
filterrender_blockincludes\Utils\LiquidGlassRenderer.php:28
actionwp_headincludes\Utils\LiquidGlassRenderer.php:29

Scheduled Events 5

eb_cleanup_completed_job
eb_process_ai_job
eb_cleanup_ai_jobs
eb_cleanup_stuck_ai_jobs
eb_pattern_update_cron
Maintenance & Trust

Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 9, 2026
PHP min version7.4
Downloads8.0M

Community Trust

Rating98/100
Number of ratings204
Active installs200K
Alternatives

Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns Alternatives

Gutentools

Gutentools

gutentools

A
100

Gutentools is a powerful block editor plugin designed for seamless full-site editing.

4K No CVEs
Responsive Blocks – Page Builder for Blocks & Patterns

Responsive Blocks – Page Builder for Blocks & Patterns

responsive-block-editor-addons

A
95

50+ blocks to create rich sections in the Gutenberg editor. Use professional starter block patterns & templates to create websites within minutes.

4K 8 CVEs
Necessary Blocks – Page Builder, Gutenberg Blocks & Patterns

Necessary Blocks – Page Builder, Gutenberg Blocks & Patterns

necessary-blocks

A
100

Gutenberg blocks to create sites in the Gutenberg Blocks Editor with 50+ necessary blocks, patterns, templates with lots of customizing features.

30 No CVEs
Magnet Blocks – Block Collection for Modern Websites

Magnet Blocks – Block Collection for Modern Websites

magnet-blocks

A
100

Build stunning websites with premium Gutenberg blocks. Includes pricing cards, team members, animated statistics, taglines, and more.

0 No CVEs
Classic Editor

Classic Editor

classic-editor

A
100

Enables the previous "classic" editor and the old-style Edit Post screen with TinyMCE, Meta Boxes, etc. Supports all plugins that extend this screen.

9.0M No CVEs
Developer Profile

Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns Developer Profile

WPDeveloper

46 plugins · 4.0M total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
163 days
View full developer profile
Detection Fingerprints

How We Detect Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/essential-blocks/build/admin.css/wp-content/plugins/essential-blocks/build/admin.js/wp-content/plugins/essential-blocks/build/block-editor.css/wp-content/plugins/essential-blocks/build/block-editor.js/wp-content/plugins/essential-blocks/build/frontend.css/wp-content/plugins/essential-blocks/build/frontend.js/wp-content/plugins/essential-blocks/assets/css/admin-menu.css/wp-content/plugins/essential-blocks/assets/js/eb-admin-scripts.js+3 more
Script Paths
/wp-content/plugins/essential-blocks/build/admin.js/wp-content/plugins/essential-blocks/build/block-editor.js/wp-content/plugins/essential-blocks/build/frontend.js/wp-content/plugins/essential-blocks/assets/js/eb-admin-scripts.js/wp-content/plugins/essential-blocks/assets/js/eb-frontend.js/wp-content/plugins/essential-blocks/assets/js/eb-editor.js
Version Parameters
essential-blocks/build/admin.css?ver=essential-blocks/build/admin.js?ver=essential-blocks/build/block-editor.css?ver=essential-blocks/build/block-editor.js?ver=essential-blocks/build/frontend.css?ver=essential-blocks/build/frontend.js?ver=essential-blocks/assets/css/admin-menu.css?ver=essential-blocks/assets/js/eb-admin-scripts.js?ver=essential-blocks/assets/js/eb-frontend.js?ver=essential-blocks/assets/js/eb-editor.js?ver=essential-blocks/assets/css/editor.css?ver=

HTML / DOM Fingerprints

CSS Classes
eb-admin-noticeeb-menu-noticeessential-blocks-proessential-blockseb-admin-wrappereb-admin-pageeb-quick-toolbareb-promotion-notice+2 more
HTML Comments
<!-- Essential Blocks Admin Settings --><!-- Essential Blocks Welcome Page --><!-- Essential Blocks Admin Menu Notice --><!-- Plugin Upgrade Notice -->+4 more
Data Attributes
data-eb-block-iddata-eb-template-slugdata-eb-template-iddata-eb-block-typedata-nonce
JS Globals
EssentialBlockseb_admin_paramseb_dataEB_BLOCKS_URLEB_NONCE
REST Endpoints
/wp-json/essential-blocks/v1/settings/save/wp-json/essential-blocks/v1/settings/get/wp-json/essential-blocks/v1/toolbar/save/wp-json/essential-blocks/v1/patterns/hide/wp-json/essential-blocks/v1/settings/reset/wp-json/essential-blocks/v1/templates/get/wp-json/essential-blocks/v1/templates/count/wp-json/essential-blocks/v1/promotion
Shortcode Output
[essential_blocks_template][essential_blocks_pricing][essential_blocks_testimonials][essential_blocks_faq]
FAQ

Frequently Asked Questions about Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns