WP-Safety

Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid Security & Risk Analysis

wordpress.org/plugins/magazine-blocks

A collection of dynamic post blocks to quickly build stunning news, magazine, and blog websites.

7K active installs v1.8.3 PHP 7.0+ WP 5.4+ Updated Nov 3, 2025
editorgutenbergmagazine-blocksnewspost-blocks
97
A · Safe
CVEs total4
Unpatched0
Last CVEDec 30, 2024
Download
Safety Verdict

Is Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid Safe to Use in 2026?

Generally Safe

Score 97/100

Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Dec 30, 2024Updated 5mo ago
Risk Assessment

The "magazine-blocks" plugin v1.8.3 presents a mixed security posture. On the positive side, the plugin demonstrates good practices with a high percentage of SQL queries using prepared statements and nearly all output being properly escaped. The absence of critical or high-severity known CVEs, and the fact that all previously disclosed vulnerabilities are now patched, is also a strong indicator of ongoing maintenance. However, there are significant concerns stemming from the static analysis. The plugin exposes a notable attack surface with 7 AJAX handlers, 4 of which lack authentication checks. This is a critical oversight that could allow unauthenticated users to trigger potentially harmful functionality. The presence of file operations and external HTTP requests, while not inherently bad, could become problematic if combined with the unauthenticated AJAX endpoints.

The vulnerability history, while currently showing no unpatched issues, does reveal a pattern of 4 medium-severity Cross-Site Scripting (XSS) vulnerabilities. This suggests a past tendency for input sanitization or output escaping issues to be exploited. While these are currently resolved, the historical pattern warrants vigilance. The lack of taint analysis data is a limitation, but the identified unauthenticated AJAX handlers are a clear and present risk. Overall, the plugin has strengths in its handling of SQL and output, but the unauthenticated AJAX endpoints and historical XSS vulnerabilities require careful consideration, making it a moderate risk that needs attention.

Key Concerns

  • Unauthenticated AJAX handlers
  • Multiple medium severity CVEs historically
Vulnerabilities
4

Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid Security Vulnerabilities

CVEs by Year

4 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
4

4 total CVEs

CVE-2024-56258medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Magazine Blocks <= 1.3.20 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 30, 2024 Patched in 1.3.21 (10d)
CVE-2024-50429medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Magazine Blocks <= 1.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 24, 2024 Patched in 1.3.18 (7d)
CVE-2024-9218medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid <= 1.3.14 - Reflected Cross-Site Scripting

Oct 1, 2024 Patched in 1.3.15 (1d)
CVE-2024-34760medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Magazine Blocks <= 1.3.6 - Authenticated (Author+) Stored Cross-Site Scripting

May 14, 2024 Patched in 1.3.7 (7d)
Code Analysis
Analyzed Mar 16, 2026

Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
5 prepared
Unescaped Output
7
222 escaped
Nonce Checks
8
Capability Checks
12
File Operations
6
External Requests
7
Bundled Libraries
0

SQL Query Safety

83% prepared6 total queries

Output Escaping

97% escaped229 total outputs
Attack Surface
4 unprotected

Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid Attack Surface

Entry Points7
Unprotected4

AJAX Handlers 7

authwp_ajax_magazine_blocks_get_widget_blocksincludes\Ajax.php:44
authwp_ajax_magazine_blocks_get_library_dataincludes\Ajax.php:45
authwp_ajax_magazine_blocks_import_contentincludes\Ajax.php:46
authwp_ajax_magazine_blocks_save_block_cssincludes\Ajax.php:47
authwp_ajax_magazine_blocks_review_notice_dismissincludes\Review.php:40
authwp_ajax_magazine_blocks_pagination_loadmagazine-blocks.php:244
noprivwp_ajax_magazine_blocks_pagination_loadmagazine-blocks.php:245
WordPress Hooks 45
actionadmin_menuincludes\Admin.php:36
filteradmin_footer_textincludes\Admin.php:37
filterupdate_footerincludes\Admin.php:38
actionin_admin_headerincludes\Admin.php:39
actionadmin_initincludes\Admin.php:40
actioninitincludes\Blocks.php:122
filterpre_render_blockincludes\Blocks.php:127
filterwp_headincludes\Blocks.php:128
actionwp_enqueue_scriptsincludes\Blocks.php:129
actioncustomize_save_afterincludes\Blocks.php:131
actionrest_after_save_widgetincludes\Blocks.php:132
actionafter_switch_themeincludes\Blocks.php:133
actionsave_postincludes\Blocks.php:134
actiondelete_postincludes\Blocks.php:135
actionmagazine_blocks_responsive_breakpoints_changedincludes\Blocks.php:136
actionwp_headincludes\Blocks.php:137
actionenqueue_block_editor_assetsincludes\Blocks.php:151
actionenqueue_block_editor_assetsincludes\Blocks.php:157
filterexcerpt_lengthincludes\BlockTypes\Slider.php:495
actioninitincludes\MagazineBlocks.php:72
filterwp_check_filetype_and_extincludes\MagazineBlocks.php:73
actionwp_enqueue_scriptsincludes\MagazineBlocks.php:74
filtertemplate_includeincludes\MagazineBlocks.php:75
filtermagazine_blocks_block_styles_idincludes\MagazineBlocks.php:162
filtermagazine_blocks_content_for_css_generationincludes\MagazineBlocks.php:169
actionwp_enqueue_scriptsincludes\MagazineBlocks.php:178
actionmagazine_blocks_initincludes\MaintenanceMode.php:22
actiontemplate_redirectincludes\MaintenanceMode.php:34
filtertemplate_includeincludes\MaintenanceMode.php:35
actionsave_postincludes\PostTypes\SiteBuilder.php:20
actionrest_api_initincludes\RestApi\RestApi.php:34
actionadmin_headincludes\Review.php:38
actionadmin_noticesincludes\Review.php:39
actioninitincludes\ScriptStyle.php:60
actioninitincludes\ScriptStyle.php:61
filterwp_handle_uploadincludes\ScriptStyle.php:62
actionwp_headincludes\ScriptStyle.php:69
actionenqueue_block_editor_assetsincludes\ScriptStyle.php:75
actionadmin_enqueue_scriptsincludes\ScriptStyle.php:76
filterexcerpt_lengthincludes\traits\Blocks\PostRenderer.php:167
actionmagazine_blocks_version_updateincludes\Update.php:25
actionmagazine_blocks_delete_fonts_folderincludes\WebFontLoader.php:134
actionrest_api_initmagazine-blocks.php:189
actionenqueue_block_editor_assetsmagazine-blocks.php:191
actionwp_headmagazine-blocks.php:213

Scheduled Events 1

delete_fonts_folder
Maintenance & Trust

Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 3, 2025
PHP min version7.0
Downloads152K

Community Trust

Rating98/100
Number of ratings8
Active installs7K
Alternatives

Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid Alternatives

News in 100 Words

News in 100 Words

news-in-100-words

A
100

Automatically generates AI-powered 100-word news summaries for WordPress posts with editor support, front-end display, and Thunderbolt carousel.

0 No CVEs
PostCrafts – Advanced Post Blocks to Highlight, Summarize and Beautifully Organize Your Posts

PostCrafts – Advanced Post Blocks to Highlight, Summarize and Beautifully Organize Your Posts

postcrafts

A
100

PostCrafts is the best post grid, blog designer, news, magazine, and WordPress blog plugin that comes with various Gutenberg blocks.

0 No CVEs
Classic Editor

Classic Editor

classic-editor

A
100

Enables the previous "classic" editor and the old-style Edit Post screen with TinyMCE, Meta Boxes, etc. Supports all plugins that extend this screen.

9.0M No CVEs
Starter Templates – AI-Powered Templates for Elementor & Gutenberg

Starter Templates – AI-Powered Templates for Elementor & Gutenberg

astra-sites

A
89

The growing library of 300+ ready-to-use templates that work with all WordPress themes including Astra, Hello, OceanWP, GeneratePress and more

2.0M 7 CVEs
Classic Widgets

Classic Widgets

classic-widgets

A
100

Enables the previous "classic" widgets settings screens in Appearance - Widgets and the Customizer. Disables the block editor from managing widgets.

2.0M No CVEs
Developer Profile

Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid Developer Profile

BlockArt

2 plugins · 17K total installs

98
trust score
Avg Security Score
97/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/magazine-blocks/build/index.js/wp-content/plugins/magazine-blocks/build/index.asset.php/wp-content/plugins/magazine-blocks/build/style-index.css/wp-content/plugins/magazine-blocks/build/view.asset.php/wp-content/plugins/magazine-blocks/build/view.js
Script Paths
/wp-content/plugins/magazine-blocks/build/index.js/wp-content/plugins/magazine-blocks/build/view.js
Version Parameters
magazine-blocks/build/index.js?ver=magazine-blocks/build/index.asset.php?ver=magazine-blocks/build/style-index.css?ver=magazine-blocks/build/view.asset.php?ver=magazine-blocks/build/view.js?ver=

HTML / DOM Fingerprints

CSS Classes
mzb-post-metamzb-post-categoriescategory-linkcategory-link-mgz-block-wrappermgz-grid-itemmgz-post-contentmgz-post-title+10 more
HTML Comments
<!-- wp:magazine-blocks/featured-posts --><!-- /wp:magazine-blocks/featured-posts --><!-- wp:magazine-blocks/grid-module --><!-- /wp:magazine-blocks/grid-module -->+6 more
Data Attributes
data-block="magazine-blocks/featured-posts"data-block="magazine-blocks/grid-module"data-block="magazine-blocks/tab-posts"data-block="magazine-blocks/banner-posts"data-block="magazine-blocks/archive-posts"data-category-id
JS Globals
window.magazineBlocksFrontend
REST Endpoints
/wp-json/magazine-blocks/v1/categories/wp-json/magazine-blocks/v1/posts
FAQ

Frequently Asked Questions about Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid