Does GenerateBlocks have any unpatched vulnerabilities?

No. All known vulnerabilities in GenerateBlocks have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is GenerateBlocks compatible with WordPress 6.9.4?

According to WordPress.org data, GenerateBlocks 2.2.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is GenerateBlocks compatible with PHP 7.2+?

GenerateBlocks requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is GenerateBlocks updated?

GenerateBlocks was last updated on Dec 9, 2025. Frequent updates are generally a positive security signal.

What is GenerateBlocks's security score?

GenerateBlocks has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GenerateBlocks Security & Risk Analysis

wordpress.org/plugins/generateblocks

A small collection of lightweight WordPress blocks that can accomplish nearly anything.

200K active installs v2.2.0 PHP 7.2+ WP 6.5+ Updated Dec 9, 2025

blockseditorgutenbergpage-builderposts

A · Safe

CVEs total5

Unpatched0

Last CVEDec 12, 2025

Plugin page Download

Safety Verdict

Is GenerateBlocks Safe to Use in 2026?

Generally Safe

Score 95/100

GenerateBlocks has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Dec 12, 2025Updated 3mo ago

Risk Assessment

The static analysis for GenerateBlocks v2.2.0 indicates a generally strong security posture with excellent output escaping (98%) and a significant number of capability checks (42). The attack surface appears well-managed, with no unprotected entry points identified in the AJAX handlers or REST API routes. The limited use of dangerous functions and the high percentage of SQL queries utilizing prepared statements are also positive signs. However, the presence of 5 past medium-severity vulnerabilities, including improper authorization and cross-site scripting, warrants careful consideration. While there are no currently unpatched vulnerabilities, the historical pattern suggests that authorization and input sanitization have been areas of past concern for this plugin.

The taint analysis reported zero flows, which is a positive indicator of code sanitization. The presence of file operations and external HTTP requests, while not inherently problematic, could be potential vectors if not handled with extreme care and proper validation. The complete lack of nonce checks on AJAX handlers is a notable weakness, as it leaves these endpoints potentially susceptible to CSRF attacks if they were to handle sensitive operations. The plugin's history of medium-severity vulnerabilities, particularly those related to authorization and XSS, suggests that while the developers address issues, there have been recurring types of weaknesses that require ongoing vigilance.

In conclusion, GenerateBlocks v2.2.0 demonstrates a commitment to secure coding practices through robust output escaping and capability checks. The attack surface is largely protected, and past vulnerabilities have been addressed. The primary areas of concern are the historical pattern of authorization and XSS vulnerabilities and the absence of nonce checks on AJAX handlers. Users should remain aware of the plugin's update history and ensure they are using the latest versions to benefit from any security patches, while also being mindful of the potential risks associated with the noted historical vulnerability types.

Key Concerns

No nonce checks on AJAX handlers
5 medium severity past CVEs

Vulnerabilities

GenerateBlocks Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2024

2024

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

5 total CVEs

CVE-2025-12512medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

GenerateBlocks <= 2.1.2 - Authenticated (Contributor+) Information Exposure via Metadata

Dec 12, 2025 Patched in 2.2.0 (1d)

CVE-2025-11879medium · 6.5Improper Authorization

GenerateBlocks <= 2.1.1 - Improper Authorization to Authenticated (Contributor+) Arbitrary Options Disclosure

Oct 24, 2025 Patched in 2.1.2 (1d)

CVE-2024-13546medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

GenerateBlocks <= 1.9.1 - Authenticated (Contributor+) Sensitive Information Exposure via 'get_image_description'

Feb 28, 2025 Patched in 2.0.0 (1d)

CVE-2024-1452medium · 4.3Incorrect Authorization

GenerateBlocks <= 1.8.2 - Sensitive Information Exposure

Mar 1, 2024 Patched in 1.8.3 (13d)

CVE-2021-24751medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GenerateBlocks <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Nov 1, 2021 Patched in 1.4.0 (813d)

Code Analysis

Analyzed Mar 16, 2026

GenerateBlocks Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

59 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

75% prepared4 total queries

Output Escaping

98% escaped60 total outputs

Attack Surface

GenerateBlocks Attack Surface

Entry Points9

Unprotected0

REST API Routes 9

GET/wp-json/generateblocks/v1/meta/get-post-metaincludes\class-meta-handler.php:40

GET/wp-json/generateblocks/v1/meta/get-user-metaincludes\class-meta-handler.php:52

GET/wp-json/generateblocks/v1/meta/get-term-metaincludes\class-meta-handler.php:64

GET/wp-json/generateblocks/v1/meta/get-optionincludes\class-meta-handler.php:76

POST/wp-json/generateblocks/v1/get-wp-queryincludes\class-query-utils.php:34

POST/wp-json/generateblocks/v1/get-user-queryincludes\class-query-utils.php:46

POST/wp-json/generateblocks/v1/dynamic-tag-replacementsincludes\dynamic-tags\class-dynamic-tags.php:424

GET/wp-json/generateblocks/v1/post-recordincludes\dynamic-tags\class-dynamic-tags.php:436

GET/wp-json/generateblocks/v1/get-user-recordincludes\dynamic-tags\class-dynamic-tags.php:474

WordPress Hooks 74

filtergenerateblocks_defaultsincludes\class-dynamic-content.php:45

filtergenerateblocks_background_image_urlincludes\class-dynamic-content.php:46

filtergenerateblocks_button_countincludes\class-dynamic-content.php:47

filterexcerpt_lengthincludes\class-dynamic-content.php:171

filterexcerpt_moreincludes\class-dynamic-content.php:198

filterwp_kses_allowed_htmlincludes\class-dynamic-content.php:279

filterwp_insert_post_dataincludes\class-dynamic-tag-security.php:29

actioninitincludes\class-dynamic-tag-security.php:30

filterrest_pre_dispatchincludes\class-dynamic-tag-security.php:31

actionsave_postincludes\class-enqueue-css.php:62

actionsave_post_wp_blockincludes\class-enqueue-css.php:63

actioninitincludes\class-enqueue-css.php:64

filterwidget_update_callbackincludes\class-enqueue-css.php:65

actioncustomize_save_afterincludes\class-enqueue-css.php:66

actionwp_enqueue_scriptsincludes\class-enqueue-css.php:89

actionwp_enqueue_scriptsincludes\class-enqueue-css.php:90

actionrest_api_initincludes\class-meta-handler.php:30

actionadmin_initincludes\class-plugin-update.php:20

filtergenerateblocks_attr_grid-wrapperincludes\class-query-loop.php:45

filtergenerateblocks_attr_containerincludes\class-query-loop.php:46

filtergenerateblocks_attr_grid-itemincludes\class-query-loop.php:47

filtergenerateblocks_attr_button-containerincludes\class-query-loop.php:48

filtergenerateblocks_defaultsincludes\class-query-loop.php:49

filtergenerateblocks_query_loop_argsincludes\class-query-loop.php:50

actionrest_api_initincludes\class-query-utils.php:25

actioninitincludes\class-render-blocks.php:45

filterrender_blockincludes\class-render-blocks.php:48

filterrender_blockincludes\class-render-blocks.php:49

actionrest_api_initincludes\class-rest.php:62

actionadmin_menuincludes\class-settings.php:41

actiongenerateblocks_settings_areaincludes\class-settings.php:42

actiongenerateblocks_settings_areaincludes\class-settings.php:43

actionadmin_menuincludes\dashboard.php:12

filteradmin_body_classincludes\dashboard.php:113

actionin_admin_headerincludes\dashboard.php:131

actionadmin_enqueue_scriptsincludes\dashboard.php:146

actionadmin_initincludes\dashboard.php:251

filterwp_kses_allowed_htmlincludes\dynamic-tags\class-dynamic-tag-callbacks.php:383

filterwp_kses_allowed_htmlincludes\dynamic-tags\class-dynamic-tag-callbacks.php:491

filterexcerpt_lengthincludes\dynamic-tags\class-dynamic-tag-callbacks.php:645

filterexcerpt_moreincludes\dynamic-tags\class-dynamic-tag-callbacks.php:673

actioninitincludes\dynamic-tags\class-dynamic-tags.php:24

filterrender_blockincludes\dynamic-tags\class-dynamic-tags.php:25

actionrest_api_initincludes\dynamic-tags\class-dynamic-tags.php:26

filtergenerateblocks_before_dynamic_tag_replaceincludes\dynamic-tags\class-dynamic-tags.php:27

filtergenerateblocks_dynamic_tag_replacementincludes\dynamic-tags\class-dynamic-tags.php:28

filtergenerateblocks_css_outputincludes\functions.php:1166

filtergenerateblocks_css_dataincludes\functions.php:1204

filtergenerateblocks_css_outputincludes\functions.php:1270

actionenqueue_block_editor_assetsincludes\general.php:12

filterblock_categories_allincludes\general.php:314

actionwp_enqueue_scriptsincludes\general.php:333

actionenqueue_block_editor_assetsincludes\general.php:334

filtergenerateblocks_css_print_methodincludes\general.php:352

filterexcerpt_allowed_blocksincludes\general.php:368

filterexcerpt_allowed_wrapper_blocksincludes\general.php:384

filtergenerateblocks_before_container_closeincludes\general.php:398

filtergenerateblocks_do_contentincludes\general.php:447

filtergenerateblocks_attr_containerincludes\general.php:466

filtergenerateblocks_block_css_selectorincludes\general.php:492

actioninitincludes\general.php:555

filterblock_editor_settings_allincludes\general.php:583

filtergenerateblocks_css_outputincludes\general.php:620

filterblock_editor_settings_allincludes\general.php:641

actionenqueue_block_editor_assetsincludes\general.php:661

filterrender_blockincludes\general.php:689

filtergenerateblocks_allowed_option_keys_rest_apiincludes\general.php:727

filterquery_varsincludes\pattern-library\class-libraries.php:24

actioninitincludes\pattern-library\class-libraries.php:25

actiontemplate_includeincludes\pattern-library\class-libraries.php:26

filtershow_admin_barincludes\pattern-library\class-libraries.php:27

actionenqueue_block_editor_assetsincludes\pattern-library\class-libraries.php:28

actionrest_api_initincludes\pattern-library\class-pattern-library-rest.php:25

actionafter_setup_themeplugin.php:83

Maintenance & Trust

GenerateBlocks Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 9, 2025

PHP min version7.2

Downloads3.2M

Community Trust

Rating98/100

Number of ratings120

Active installs200K

Alternatives

GenerateBlocks Alternatives

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

20+ AI-powered Gutenberg Blocks with endless options, enabling top-notch efficiency for high-performance dynamic website creation.

600K 31 CVEs

Page Builder: Pagelayer – Drag and Drop website builder

pagelayer

The most advanced frontend drag & drop page builder. Pagelayer is a light weight but extremely powerful Website Builder.

400K 25 CVEs

GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor

gutenkit-blocks-addon

GutenKit – Ultimate no-code Gutenberg blocks to design stunning web pages and visually stunning posts in WordPress block editor.

70K 3 CVEs

Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor

gutentor

Advanced yet easy, Gutenberg editor page builder blocks. Create a masterpiece, pixel perfect website using modern WordPress Gutenberg blocks.

30K 1 unpatched

Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem

gutenverse

The best Gutenberg blocks editor, block addons, page builder and website builder for Full Site Editing FSE with ready to import template library.

30K 7 CVEs

Developer Profile

GenerateBlocks Developer Profile

Tom

9 plugins · 890K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

166 days

View full developer profile

Detection Fingerprints

How We Detect GenerateBlocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/generateblocks/assets/css/common.css/wp-content/plugins/generateblocks/assets/css/editor.css/wp-content/plugins/generateblocks/assets/js/editor.js/wp-content/plugins/generateblocks/assets/js/frontend.js/wp-content/plugins/generateblocks/assets/css/blocks.style.css/wp-content/plugins/generateblocks/assets/js/blocks.editor.js

Script Paths

/wp-content/plugins/generateblocks/assets/js/editor.js/wp-content/plugins/generateblocks/assets/js/frontend.js/wp-content/plugins/generateblocks/assets/js/blocks.editor.js

Version Parameters

generateblocks/assets/css/common.css?ver=generateblocks/assets/css/editor.css?ver=generateblocks/assets/js/editor.js?ver=generateblocks/assets/js/frontend.js?ver=generateblocks/assets/css/blocks.style.css?ver=generateblocks/assets/js/blocks.editor.js?ver=

HTML / DOM Fingerprints

CSS Classes

gb-blockgb-containergb-headlinegb-imagegb-buttongb-icongb-mediagb-query+2 more

Data Attributes

data-block-name="generateblocks/query"data-block-name="generateblocks/looper"data-block-name="generateblocks/container"data-block-name="generateblocks/headline"data-block-name="generateblocks/image"data-block-name="generateblocks/button"+7 more

JS Globals

generateblocksDatagenerateblocksEditor

REST Endpoints

/wp-json/generateblocks/v1/libraries

FAQ