WP-Safety

Info Cards – Add Text and Media in Card Layouts Security & Risk Analysis

wordpress.org/plugins/info-cards

Simple and easy way to create and display information cards anywhere.

2K active installs v2.0.8 PHP 7.1+ WP 5.8+ Updated Apr 12, 2026
blockcardsgutenberginfosection
96
A · Safe
CVEs total3
Unpatched0
Last CVEMar 18, 2026
Plugin page Download
Safety Verdict

Is Info Cards – Add Text and Media in Card Layouts Safe to Use in 2026?

Generally Safe

Score 96/100

Info Cards – Add Text and Media in Card Layouts has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Mar 18, 2026Updated 1mo ago
Risk Assessment

The "info-cards" plugin v2.0.8 exhibits a generally good security posture, with a robust implementation of security best practices. The static analysis reveals a small attack surface with all identified entry points (AJAX handlers, REST API routes, shortcodes) appearing to have proper authentication and permission checks. The code also demonstrates strong adherence to secure coding principles, with 100% of SQL queries using prepared statements, and an exceptionally high percentage (98%) of output properly escaped, significantly mitigating cross-site scripting risks. Nonce and capability checks are also present, further enhancing security. However, a notable concern is the presence of known vulnerabilities in its history, specifically two medium-severity CVEs related to Missing Authorization and Cross-Site Scripting. While currently unpatched CVEs are zero, the historical pattern indicates past weaknesses in these critical areas. The plugin also bundles the Freemius library, which, depending on its version and known vulnerabilities, could introduce additional risk if not actively managed. The single external HTTP request warrants attention to ensure it is secure and does not introduce vulnerabilities.

Key Concerns

  • Past medium severity vulnerabilities (Auth & XSS)
  • Bundled library (Freemius)
  • External HTTP request present
Vulnerabilities
3 published

Info Cards – Add Text and Media in Card Layouts Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2026-4120medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Info Cards <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes

Mar 18, 2026 Patched in 2.0.8 (1d)
CVE-2025-54711medium · 4.3Missing Authorization

Info Cards <= 1.0.11 - Missing Authorization

Aug 26, 2025 Patched in 2.0.0 (79d)
CVE-2025-26945medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Info Cards – Gutenberg block for creating Beautiful Cards <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 23, 2025 Patched in 1.0.6 (9d)
Version History

Info Cards – Add Text and Media in Card Layouts Release Timeline

v2.0.8Current
v2.0.71 CVE
CVE-2026-4120
v2.0.61 CVE
CVE-2026-4120
v2.0.51 CVE
CVE-2026-4120
v2.0.41 CVE
CVE-2026-4120
v2.0.31 CVE
CVE-2026-4120
v2.0.21 CVE
CVE-2026-4120
v2.0.11 CVE
CVE-2026-4120
v2.0.01 CVE
CVE-2026-4120
v1.0.112 CVEs
CVE-2026-4120 CVE-2025-54711
v1.0.102 CVEs
CVE-2026-4120 CVE-2025-54711
v1.0.92 CVEs
CVE-2026-4120 CVE-2025-54711
v1.0.82 CVEs
CVE-2026-4120 CVE-2025-54711
v1.0.72 CVEs
CVE-2026-4120 CVE-2025-54711
v1.0.62 CVEs
CVE-2026-4120 CVE-2025-54711
v1.0.53 CVEs
CVE-2026-4120 CVE-2025-26945 CVE-2025-54711
v1.0.43 CVEs
CVE-2026-4120 CVE-2025-26945 CVE-2025-54711
v1.0.33 CVEs
CVE-2026-4120 CVE-2025-26945 CVE-2025-54711
v1.0.23 CVEs
CVE-2026-4120 CVE-2025-26945 CVE-2025-54711
v1.0.13 CVEs
CVE-2026-4120 CVE-2025-26945 CVE-2025-54711
Code Analysis
Analyzed Mar 16, 2026

Info Cards – Add Text and Media in Card Layouts Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
48 escaped
Nonce Checks
5
Capability Checks
6
File Operations
0
External Requests
1
Bundled Libraries
1

Bundled Libraries

Freemius

Output Escaping

98% escaped49 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
fs_init (freemius-lite\inc\Base\FSActivate.php:68)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Info Cards – Add Text and Media in Card Layouts Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 3

authwp_ajax_fs_initfreemius-lite\inc\Base\FSActivate.php:42
authwp_ajax_bpicbPremiumCheckerinfo-cards.php:105
noprivwp_ajax_bpicbPremiumCheckerinfo-cards.php:106

Shortcodes 1

[icb] inc\IcbShortcode.php:10
WordPress Hooks 23
actionadmin_headfreemius-lite\inc\Base\FSActivate.php:29
actionadmin_enqueue_scriptsfreemius-lite\inc\Base\FSActivate.php:30
actionadmin_menufreemius-lite\inc\Base\FSActivate.php:33
actionadmin_footerfreemius-lite\inc\Base\FSActivate.php:38
actionadmin_footerfreemius-lite\inc\Base\FSActivate.php:39
actionadmin_noticesfreemius-lite\inc\Base\FSActivate.php:44
actioninitfreemius-lite\inc\Base\FS_Lite.php:29
actionadmin_menuinc\IcbAdminMeno.php:8
actionadmin_enqueue_scriptsinc\IcbAdminMeno.php:9
actionadmin_enqueue_scriptsinc\IcbShortcode.php:8
actioninitinc\IcbShortcode.php:9
filtermanage_icb_posts_columnsinc\IcbShortcode.php:12
actionmanage_icb_posts_custom_columninc\IcbShortcode.php:13
filteruse_block_editor_for_postinc\IcbShortcode.php:15
actionadmin_menuinc\ProadminMenu.php:8
actionadmin_enqueue_scriptsinc\ProadminMenu.php:9
actionadmin_menuinc\upgradePage.php:8
actioninitinfo-cards.php:102
actionenqueue_block_assetsinfo-cards.php:103
actionadmin_initinfo-cards.php:107
actionrest_api_initinfo-cards.php:108
filterdefault_titleinfo-cards.php:109
filterdefault_contentinfo-cards.php:115
Maintenance & Trust

Info Cards – Add Text and Media in Card Layouts Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 12, 2026
PHP min version7.1
Downloads29K

Community Trust

Rating100/100
Number of ratings2
Active installs2K
Alternatives

Info Cards – Add Text and Media in Card Layouts Alternatives

Print Page Block – Print Full Page or Specific Section

Print Page Block – Print Full Page or Specific Section

print-page

A
100

Print the entire page or part of any web page with just a single click.

1K 1 CVE
Section Collection – Add Ready-made Sections to Design Modern Websites

Section Collection – Add Ready-made Sections to Design Modern Websites

section-collection

A
100

Section Collection helps you create websites quickly with prebuilt design sections and responsive layouts for Gutenberg.

400 No CVEs
Cards Layout

Cards Layout

cards-layout

A
100

A powerful, customizable Gutenberg block to create stunning card layouts, responsive grids, and carousels for your content.

300 No CVEs
Gecko Blocks

Gecko Blocks

gecko-blocks

A
85

Provides multiple basic block types to be used in custom themes.

30 No CVEs
Gecko Section

Gecko Section

gecko-section

A
85

A full width wrapper block.

10 No CVEs
Developer Profile

Info Cards – Add Text and Media in Card Layouts Developer Profile

colorlibplugins

121 plugins · 740K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
130 days
View full developer profile
Detection Fingerprints

How We Detect Info Cards – Add Text and Media in Card Layouts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/info-cards/build/index.js/wp-content/plugins/info-cards/build/index.asset.php
Version Parameters
info-cards/build/index.js?ver=info-cards/build/index.asset.php?ver=

HTML / DOM Fingerprints

HTML Comments
DO NOT REMOVE THIS IF, IT IS ESSENTIAL FOR THE * function_exists` CALL ABOVE TO PROPERLY WORK.
Data Attributes
data-wp-element
JS Globals
ic_fsBPICB_Info_Cards
REST Endpoints
/wp-json/bplugins/v1/admin_menu
FAQ

Frequently Asked Questions about Info Cards – Add Text and Media in Card Layouts