Does HTML Block have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is HTML Block compatible with WordPress 6.4.8?

According to WordPress.org data, HTML Block 1.1 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is HTML Block compatible with PHP 5.4+?

HTML Block requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is HTML Block updated?

HTML Block was last updated on Nov 9, 2023. Frequent updates are generally a positive security signal.

What is HTML Block's security score?

HTML Block has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

HTML Block Security & Risk Analysis

wordpress.org/plugins/html-block

Create your HTML code and place it anywhere on your site using a shortcode.

300 active installs v1.1 PHP 5.4+ WP 4.9+ Updated Nov 9, 2023

blockcustomhtmltext

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is HTML Block Safe to Use in 2026?

Generally Safe

Score 85/100

HTML Block has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "html-block" plugin v1.1 exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, SQL queries, file operations, and external HTTP requests is a strong positive indicator. The plugin also benefits from not having any recorded vulnerabilities, which suggests a history of stable and secure development. However, there are a few areas that warrant attention and could be improved. The low percentage of properly escaped output indicates a potential risk of cross-site scripting (XSS) vulnerabilities, especially if the single shortcode allows for user-supplied input to be displayed directly. Furthermore, the lack of nonce checks and capability checks, even though the attack surface is small (one shortcode), means that if the shortcode's functionality were to become more complex or sensitive in the future, it could be vulnerable to CSRF attacks or unauthorized usage. While the current setup appears safe, proactive security measures should be considered for enhanced resilience.

Key Concerns

Output escaping is not fully implemented
No nonce checks for entry points
No capability checks for entry points

Vulnerabilities

None known

HTML Block Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

HTML Block Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

HTML Block Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

67% escaped3 total outputs

Attack Surface

HTML Block Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[html_block] includes\class.sn-hb-init.php:33

WordPress Hooks 6

actionadmin_headincludes\class.sn-hb-init.php:29

actionadmin_headincludes\class.sn-hb-init.php:30

filtermanage_edit-html-block_columnsincludes\class.sn-hb-init.php:31

actionmanage_html-block_posts_custom_columnincludes\class.sn-hb-init.php:32

actioninitinit.php:90

actionplugins_loadedinit.php:105

Maintenance & Trust

HTML Block Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedNov 9, 2023

PHP min version5.4

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs300

Alternatives

HTML Block Alternatives

Advance Custom HTML – Show Live Code, Share Snippets, Embed Code, and Style Them Your Way.

advance-custom-html

100

Advance Custom HTML lets you write and display HTML, CSS, PHP, and other code snippets on WordPress with live preview and syntax highlighting.

10K No CVEs

WPS HTML Blocks

wps-html-blocks

This plugin adds a custom HTML post type, with shortcode to place anywhere on your site.

1K No CVEs

C-Metric – Easy Block Editor

easy-block-editor

The C-Metric Gutenberg Block plugin lets you add dynamic rich text blocks under "C-METRIC" for flexible and powerful content management on your site

0 No CVEs

Piotnet Addons For Elementor

piotnet-addons-for-elementor

Piotnet Addons For Elementor (PAFE) adds many new features for Elementor

30K 2 unpatched

Custom Block Builder – Lazy Blocks

lazy-blocks

Easily create custom blocks and custom meta fields for Gutenberg without hard coding.

20K 3 CVEs

Developer Profile

HTML Block Developer Profile

sidngr

6 plugins · 610 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect HTML Block

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

JS Globals

sn_hb_admin_url

Shortcode Output

[html_block id="[html_block slug="

FAQ