Does Frontis Blocks — Block Library for the Block Editor have any unpatched vulnerabilities?

No. All known vulnerabilities in Frontis Blocks — Block Library for the Block Editor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Frontis Blocks — Block Library for the Block Editor compatible with WordPress 6.9.4?

According to WordPress.org data, Frontis Blocks — Block Library for the Block Editor 1.1.9 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Frontis Blocks — Block Library for the Block Editor compatible with PHP 7.4+?

Frontis Blocks — Block Library for the Block Editor requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is Frontis Blocks — Block Library for the Block Editor's security score?

Frontis Blocks — Block Library for the Block Editor has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Frontis Blocks — Block Library for the Block Editor Security & Risk Analysis

wordpress.org/plugins/frontis-blocks

Frontis Blocks is a block library with 40+ blocks, global styles, sliders/galleries, CTAs, and map/form integrations, plus ready-made patterns to help …

800 active installs v1.1.9 PHP 7.4+ WP 6.0+ Updated Mar 2, 2026

blockblocksblocks-editorgutenberggutenberg-blocks

A · Safe

CVEs total2

Unpatched0

Last CVEJan 23, 2026

Plugin page Download

Safety Verdict

Is Frontis Blocks — Block Library for the Block Editor Safe to Use in 2026?

Generally Safe

Score 96/100

Frontis Blocks — Block Library for the Block Editor has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 23, 2026Updated 1mo ago

Risk Assessment

The "frontis-blocks" plugin v1.1.9 exhibits a mixed security posture. On the positive side, the plugin demonstrates strong practices in core areas like SQL query sanitization (93% prepared statements) and output escaping (98% properly escaped), minimizing the risk of common vulnerabilities like SQL injection and XSS. The presence of a good number of nonce and capability checks also suggests an awareness of WordPress security best practices.

However, significant concerns arise from the attack surface analysis. With 5 unprotected entry points out of 11 total, specifically from the REST API routes, there's a clear risk of unauthorized access or manipulation. The taint analysis further amplifies these concerns, revealing 3 high-severity flows with unsanitized paths and 8 flows with unsanitized paths in total. This indicates potential avenues for code injection or data leakage that have not been adequately mitigated.

The vulnerability history, although currently showing no unpatched CVEs, reveals a pattern of past high and medium severity vulnerabilities, notably Server-Side Request Forgery (SSRF). The existence of two prior CVEs and a recent one in 2026 (likely a typo, but indicative of historical issues) suggests a recurring need for robust security development and thorough code auditing within this plugin. While the current version might be clean, past issues and identified taint flows warrant caution.

Key Concerns

Unprotected REST API routes
High severity unsanitized taint flows
Total unsanitized taint flows
Past high severity vulnerability
Unprotected AJAX handlers

Vulnerabilities

Frontis Blocks — Block Library for the Block Editor Security Vulnerabilities

CVEs by Year

2 CVEs in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2026-0807high · 7.2Server-Side Request Forgery (SSRF)

Frontis Blocks <= 1.1.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter

Jan 23, 2026 Patched in 1.1.7 (1d)

CVE-2025-68030medium · 6.5Server-Side Request Forgery (SSRF)

Frontis Blocks <= 1.1.5 - Unauthenticated Server-Side Request Forgery

Jan 20, 2026 Patched in 1.1.6 (9d)

Code Analysis

Analyzed Mar 16, 2026

Frontis Blocks — Block Library for the Block Editor Code Analysis

Dangerous Functions

Raw SQL Queries

41 prepared

Unescaped Output

307 escaped

Nonce Checks

Capability Checks

File Operations

116

External Requests

Bundled Libraries

SQL Query Safety

93% prepared44 total queries

Output Escaping

98% escaped312 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

15 flows8 with unsanitized paths

upload_files (includes\Admin\Ajax\TemplateLibrary.php:96)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

Frontis Blocks — Block Library for the Block Editor Attack Surface

Entry Points11

Unprotected5

AJAX Handlers 1

noprivwp_ajax_fb_save_form_submissionincludes\Admin\Ajax\FormBuilder.php:39

REST API Routes 10

POST/wp-json/frontis-blocks/v1/save-optionincludes\Admin\Admin.php:449

POST/wp-json/frontis-blocks/v1/get-optionsincludes\Admin\Admin.php:457

GET/wp-json/wp/v2/frontis-blocks/iconsincludes\Admin\Admin.php:465

GET/wp-json/custom/v1/proxy-imageincludes\Admin\Admin.php:473

GET/wp-json/frontis/v1/global-settingsincludes\Admin\Admin.php:481

GET/wp-json/frontis/v1/template-settingsincludes\Admin\Admin.php:502

GET/wp-json/frontis/v1/templateincludes\Admin\Admin.php:523

GET/wp-json/frontis/v1/page-settingsincludes\Admin\Admin.php:537

POST/wp-json/wp/v2/frontis-blocks/postincludes\RestApi\Blocks\PostGrid.php:33

GET/wp-json/frontis-blocks/v1/searchincludes\RestApi\Blocks\Search.php:28

WordPress Hooks 48

actionplugins_loadedincludes\Activator\Activator.php:33

actionupgrader_process_completeincludes\Activator\Activator.php:34

actionadmin_initincludes\Activator\Activator.php:35

actionadmin_menuincludes\Admin\Admin.php:27

actionadmin_initincludes\Admin\Admin.php:28

actionadmin_enqueue_scriptsincludes\Admin\Admin.php:29

actionadmin_enqueue_scriptsincludes\Admin\Admin.php:30

actionplugin_action_linksincludes\Admin\Admin.php:31

actionrest_api_initincludes\Admin\Admin.php:34

actionenqueue_block_editor_assetsincludes\Admin\Admin.php:35

actioninitincludes\Admin\Admin.php:36

filterquery_varsincludes\Admin\Admin.php:40

actiontemplate_redirectincludes\Admin\Admin.php:46

actionwp_headincludes\Admin\Ajax\GlobalSettings.php:24

actionrest_api_initincludes\Admin\Ajax\GlobalSettings.php:25

actionadd_meta_boxesincludes\Assets\AssetsGenerationStatus.php:14

actionadmin_headincludes\Assets\AssetsGenerationStatus.php:15

actionwpincludes\BackgroundProcess\AssetsGenerationProcess.php:13

filtercron_schedulesincludes\BackgroundProcess\AssetsGenerationProcess.php:14

actionfb_process_assets_generationincludes\BackgroundProcess\AssetsGenerationProcess.php:15

actioninitincludes\Core\Blocks.php:30

filterblock_categories_allincludes\Core\Blocks.php:31

filterrender_blockincludes\Core\Blocks.php:32

actionsave_postincludes\Core\Blocks.php:33

actionsave_postincludes\Core\Blocks.php:36

actioncreated_termincludes\Core\Blocks.php:37

actionedited_termincludes\Core\Blocks.php:38

actiondelete_termincludes\Core\Blocks.php:39

actionprofile_updateincludes\Core\Blocks.php:40

actionuser_registerincludes\Core\Blocks.php:41

actionwp_enqueue_scriptsincludes\Core\Enqueues.php:35

actionenqueue_block_editor_assetsincludes\Core\Enqueues.php:36

actionwp_footerincludes\Core\Enqueues.php:37

actionwp_footerincludes\Core\Enqueues.php:129

filterscript_loader_tagincludes\Core\Enqueues.php:158

actionadmin_post_frontis_rollbackincludes\Core\Rollback.php:56

filterupload_mimesincludes\Core\SupportRive.php:22

filterwp_check_filetype_and_extincludes\Core\SupportRive.php:24

filterupload_mimesincludes\Core\SupportSVG.php:26

filterwp_handle_upload_prefilterincludes\Core\SupportSVG.php:27

filterwp_prepare_attachment_for_jsincludes\Core\SupportSVG.php:28

actionadmin_initincludes\Core\SupportSVG.php:29

filterwp_check_filetype_and_extincludes\Core\SupportSVG.php:132

actionplugins_loadedincludes\Plugin.php:144

actionrest_api_initincludes\RestApi\Blocks\PostCategory.php:37

actionrest_api_initincludes\RestApi\Blocks\PostGrid.php:24

actionrest_api_initincludes\RestApi\Blocks\Search.php:23

actioninitincludes\RestApi\RestApi.php:27

Scheduled Events 1

fb_process_assets_generation

Maintenance & Trust

Frontis Blocks — Block Library for the Block Editor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 2, 2026

PHP min version7.4

Downloads12K

Community Trust

Rating100/100

Number of ratings2

Active installs800

Alternatives

Frontis Blocks — Block Library for the Block Editor Alternatives

WP Travel Gutenberg Blocks

wp-travel-blocks

WP Travel Gutenberg Blocks is the easiest, most flexible way to display your Trips using the Gutenberg blocks.

1K 4 CVEs

Custom Content Blocks

asl-blocks

The plugin adds several custom blocks for the WordPress editor Gutenberg

10 No CVEs

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

Power-up Gutenberg with advanced blocks for faster website creation. Build your WordPress website effortlessly using powerful building blocks!

1.0M 26 CVEs

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

20+ AI-powered Gutenberg Blocks with endless options, enabling top-notch efficiency for high-performance dynamic website creation.

600K 31 CVEs

Page Builder: Pagelayer – Drag and Drop website builder

pagelayer

The most advanced frontend drag & drop page builder. Pagelayer is a light weight but extremely powerful Website Builder.

400K 25 CVEs

Developer Profile

Frontis Blocks — Block Library for the Block Editor Developer Profile

WP Messiah

12 plugins · 26K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

132 days

View full developer profile

Detection Fingerprints

How We Detect Frontis Blocks — Block Library for the Block Editor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/frontis-blocks/assets/admin/dashboard.css/wp-content/plugins/frontis-blocks/assets/dist/main.js

Script Paths

/wp-content/plugins/frontis-blocks/assets/dist/main.js

Version Parameters

frontis-blocks/assets/admin/dashboard.css?ver=frontis-blocks/assets/dist/main.js?ver=

HTML / DOM Fingerprints

CSS Classes

frontis-blocks-admin

HTML Comments

Data Attributes

data-pagedata-template-proxydata-url

JS Globals

frontisBlocks

REST Endpoints

/wp-json/frontis-blocks/v1/settings/wp-json/frontis-blocks/v1/template-library

FAQ