WP-Safety

MagicBlog – Modern Blog Widgets & Engagement Tools Security & Risk Analysis

wordpress.org/plugins/magicblog

Transform your WordPress blog with powerful engagement features, stunning Elementor widgets, and Gutenberg blocks for modern content creation.

0 active installs v1.0.2 PHP 7.4+ WP 6.2+ Updated Jul 27, 2025
blogblog-widgetselementorengagementgutenberg
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is MagicBlog – Modern Blog Widgets & Engagement Tools Safe to Use in 2026?

Generally Safe

Score 100/100

MagicBlog – Modern Blog Widgets & Engagement Tools has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago
Risk Assessment

The magicblog plugin v1.0.2 presents a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices by exclusively using prepared statements for all SQL queries, a high percentage of properly escaped output, and no file operations or external HTTP requests. The absence of known CVEs and vulnerabilities in its history is also a significant strength, indicating a potentially stable and well-maintained codebase.

However, several concerns emerge from the static analysis. A notable area of risk is the significant attack surface, with 15 out of 46 entry points lacking authentication checks. Furthermore, the taint analysis revealed 2 flows with unsanitized paths, classified as high severity. While these are not immediately critical, the presence of unsanitized paths, especially when combined with unprotected entry points, can be a pathway for various exploits if not handled with extreme care. The limited number of flows analyzed (5) might also mean that other, more critical, unsanitized paths could exist but were not detected by the analysis.

In conclusion, magicblog v1.0.2 has robust foundations in secure data handling for SQL and output. Nevertheless, the identified unprotected entry points and high-severity taint flows necessitate immediate attention. Addressing these specific areas is crucial to mitigate potential security risks and solidify the plugin's overall security. The lack of historical vulnerabilities is a positive sign, but the current static analysis findings should not be overlooked.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows (unsanitized paths)
Vulnerabilities
None known

MagicBlog – Modern Blog Widgets & Engagement Tools Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

MagicBlog – Modern Blog Widgets & Engagement Tools Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
108 prepared
Unescaped Output
29
401 escaped
Nonce Checks
30
Capability Checks
24
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared108 total queries

Output Escaping

93% escaped430 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
import_data (admin\class-admin.php:759)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
15 unprotected

MagicBlog – Modern Blog Widgets & Engagement Tools Attack Surface

Entry Points46
Unprotected15

AJAX Handlers 39

authwp_ajax_magicblog_dismiss_subheaderadmin\class-admin.php:13
authwp_ajax_magicblog_get_analyticsadmin\class-admin.php:284
authwp_ajax_magicblog_save_settingsadmin\class-admin.php:285
authwp_ajax_magicblog_export_dataadmin\class-admin.php:286
authwp_ajax_magicblog_rebuild_statsadmin\class-admin.php:287
authwp_ajax_magicblog_optimize_tablesadmin\class-admin.php:288
authwp_ajax_magicblog_reset_all_dataadmin\class-admin.php:289
authwp_ajax_magicblog_import_dataadmin\class-admin.php:290
authwp_ajax_magicblog_dismiss_elementor_noticeadmin\class-admin.php:291
authwp_ajax_magicblog_test_theme_compatibilityadmin\class-admin.php:294
authwp_ajax_magicblog_test_plugin_compatibilityadmin\class-admin.php:297
authwp_ajax_magicblog_resolve_plugin_conflictadmin\class-admin.php:298
authwp_ajax_magicblog_run_performance_testadmin\class-admin.php:301
authwp_ajax_magicblog_optimize_databaseadmin\class-admin.php:302
authwp_ajax_magicblog_clear_all_cacheadmin\class-admin.php:303
authwp_ajax_magicblog_warm_cacheadmin\class-admin.php:304
authwp_ajax_magicblog_toggle_query_monitoradmin\class-admin.php:305
authwp_ajax_magicblog_browser_testadmin\class-admin.php:308
authwp_ajax_magicblog_store_browser_testadmin\class-admin.php:309
authwp_ajax_magicblog_clear_rate_limitsadmin\class-admin.php:310
authwp_ajax_magicblog_dismiss_elementor_noticeelementor\class-extension.php:29
authwp_ajax_magicblog_track_engagementincludes\class-ajax-handler.php:15
noprivwp_ajax_magicblog_track_engagementincludes\class-ajax-handler.php:16
authwp_ajax_magicblog_get_statsincludes\class-ajax-handler.php:18
noprivwp_ajax_magicblog_get_statsincludes\class-ajax-handler.php:19
authwp_ajax_magicblog_clear_rate_limitsincludes\class-ajax-handler.php:22
noprivwp_ajax_magicblog_track_engagementincludes\class-caching-integration.php:16
authwp_ajax_magicblog_track_engagementincludes\class-caching-integration.php:17
authwp_ajax_magicblog_track_engagementincludes\class-caching-integration.php:203
noprivwp_ajax_magicblog_track_engagementincludes\class-caching-integration.php:208
authwp_ajax_magicblog_test_plugin_compatibilityincludes\class-plugin-compatibility-tester.php:56
authwp_ajax_magicblog_resolve_conflictincludes\class-plugin-conflict-resolver.php:18
authwp_ajax_magicblog_track_engagementincludes\class-plugin-conflict-resolver.php:82
authwp_ajax_magicblog_track_engagementincludes\class-plugin.php:112
noprivwp_ajax_magicblog_track_engagementincludes\class-plugin.php:113
authwp_ajax_magicblog_get_statsincludes\class-plugin.php:114
noprivwp_ajax_magicblog_get_statsincludes\class-plugin.php:115
authwp_ajax_magicblog_test_theme_compatibilityincludes\class-theme-compatibility-tester.php:33
authwp_ajax_magicblog_get_theme_test_resultsincludes\class-theme-compatibility-tester.php:34

REST API Routes 3

POST/wp-json/magicblog/v1/stats/bulkincludes\class-blocks.php:208
GET/wp-json/magicblog/v1/stats/(?P<post_id>\d+)includes\class-rest-api.php:11
POST/wp-json/magicblog/v1/engagementincludes\class-rest-api.php:25

Shortcodes 4

[magicblog_stats] public\class-public.php:138
[magicblog_views] public\class-public.php:142
[magicblog_likes] public\class-public.php:146
[magicblog_rating] public\class-public.php:150
WordPress Hooks 56
actioninitelementor\class-extension.php:23
actionadmin_noticeselementor\class-extension.php:26
actionelementor/widgets/widgets_registeredelementor\class-extension.php:44
actionelementor/controls/controls_registeredelementor\class-extension.php:45
actionelementor/frontend/after_enqueue_styleselementor\class-extension.php:48
actionelementor/frontend/after_enqueue_scriptselementor\class-extension.php:49
actionelementor/elements/categories_registeredelementor\class-extension.php:52
actionadmin_footerelementor\class-extension.php:235
actioninitincludes\class-blocks.php:28
filterblock_categories_allincludes\class-blocks.php:29
actionenqueue_block_editor_assetsincludes\class-blocks.php:30
actionwp_enqueue_scriptsincludes\class-blocks.php:31
actionrest_api_initincludes\class-blocks.php:32
actioninitincludes\class-caching-integration.php:15
filterrocket_cache_reject_uriincludes\class-caching-integration.php:18
filterwpsc_cache_pageincludes\class-caching-integration.php:19
filterlitespeed_cache_is_cacheableincludes\class-caching-integration.php:20
filterrocket_cache_reject_uriincludes\class-caching-integration.php:69
filterrocket_cache_query_stringsincludes\class-caching-integration.php:75
filterrocket_exclude_jsincludes\class-caching-integration.php:82
actioninitincludes\class-caching-integration.php:90
filterwpsc_cache_pageincludes\class-caching-integration.php:101
filterw3tc_can_cacheincludes\class-caching-integration.php:106
filterw3tc_cache_groupsincludes\class-caching-integration.php:114
actionlitespeed_cache_is_not_cacheableincludes\class-caching-integration.php:122
filterlitespeed_cache_varyincludes\class-caching-integration.php:130
actioninitincludes\class-database-performance-optimizer.php:16
filtermagicblog_get_statsincludes\class-database-performance-optimizer.php:17
actionmagicblog_clear_cacheincludes\class-database-performance-optimizer.php:18
actionshutdownincludes\class-database-performance-optimizer.php:27
actioninitincludes\class-plugin-conflict-resolver.php:17
filterrocket_cache_reject_uriincludes\class-plugin-conflict-resolver.php:91
filterrocket_cache_query_stringsincludes\class-plugin-conflict-resolver.php:100
actioninitincludes\class-plugin-conflict-resolver.php:110
actionadd_meta_boxesincludes\class-plugin-conflict-resolver.php:129
actionplugins_loadedincludes\class-plugin.php:55
actionadmin_enqueue_scriptsincludes\class-plugin.php:61
actionadmin_enqueue_scriptsincludes\class-plugin.php:62
actionadmin_enqueue_scriptsincludes\class-plugin.php:63
actionadmin_menuincludes\class-plugin.php:66
actionwp_enqueue_scriptsincludes\class-plugin.php:89
actionwp_enqueue_scriptsincludes\class-plugin.php:90
actionwp_enqueue_scriptsincludes\class-plugin.php:94
actioninitincludes\class-plugin.php:98
actioninitincludes\class-plugin.php:102
actioninitincludes\class-plugin.php:108
actionrest_api_initincludes\class-plugin.php:119
actionplugins_loadedincludes\class-plugin.php:139
actionrest_api_initincludes\class-rest-api.php:7
actioninitincludes\class-theme-compatibility-manager.php:23
actionwp_enqueue_scriptsincludes\class-theme-compatibility-manager.php:24
filterbody_classincludes\class-theme-compatibility-manager.php:139
actionadmin_noticesincludes\class-theme-compatibility-manager.php:343
actionwp_footerpublic\class-public.php:109
filterthe_contentpublic\class-public.php:247
filterthe_contentpublic\class-public.php:251

Scheduled Events 1

magicblog_update_stats
Maintenance & Trust

MagicBlog – Modern Blog Widgets & Engagement Tools Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 27, 2025
PHP min version7.4
Downloads344

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

MagicBlog – Modern Blog Widgets & Engagement Tools Alternatives

PB Addons

PB Addons

pb-addons

A
92

Blog widgets for WordPress, Elementor.

0 No CVEs
Text Case Converter

Text Case Converter

text-case-converter

A
100

Text Case Converter is an open source WordPress plugin using which you can change your page or post text into uppercase or lowercase or capitalize or &hellip;

300 No CVEs
Starter Templates – AI-Powered Templates for Elementor & Gutenberg

Starter Templates – AI-Powered Templates for Elementor & Gutenberg

astra-sites

A
89

The growing library of 300+ ready-to-use templates that work with all WordPress themes including Astra, Hello, OceanWP, GeneratePress and more

2.0M 7 CVEs
Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud!

Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud!

templately

A
95

Templately is an AI-powered WordPress templates cloud for Elementor and Gutenberg that offers 6,500+ ready template designs for a wide range of niches

400K 6 CVEs
Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor)

Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor)

content-views-query-and-display-post-page

A
96

Easy to show posts, pages, custom posts in customizable grid, list, slider, accordion... Available as Widgets (for Elementor), Shortcode, and Blocks.

100K 4 CVEs
Developer Profile

MagicBlog – Modern Blog Widgets & Engagement Tools Developer Profile

Mian Shahzad Raza

4 plugins · 600 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect MagicBlog – Modern Blog Widgets & Engagement Tools

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/magicblog/admin/css/global-admin.css/wp-content/plugins/magicblog/admin/css/admin.css/wp-content/plugins/magicblog/admin/fonts/fonts.css/wp-content/plugins/magicblog/admin/js/chart.umd.min.js/wp-content/plugins/magicblog/admin/js/admin.js/wp-content/plugins/magicblog/admin/js/tools.js/wp-content/plugins/magicblog/admin/js/admin-page.js
Script Paths
/wp-content/plugins/magicblog/admin/js/chart.umd.min.js/wp-content/plugins/magicblog/admin/js/admin.js/wp-content/plugins/magicblog/admin/js/tools.js/wp-content/plugins/magicblog/admin/js/admin-page.js
Version Parameters
magicblog/admin/css/global-admin.css?ver=magicblog/admin/css/admin.css?ver=magicblog/admin/fonts/fonts.css?ver=magicblog/admin/js/admin.js?ver=magicblog/admin/js/tools.js?ver=magicblog/admin/js/admin-page.js?ver=

HTML / DOM Fingerprints

CSS Classes
magicblog_subheader
HTML Comments
<!-- Handle sub-header dismissal --><!-- Check if sub-header should be shown --><!-- Check if any form was saved across all admin pages --><!-- Global Plugin Styles -->+8 more
Data Attributes
data-magicblog-action
JS Globals
magicblogToolsDatamagicblogAdminPage
REST Endpoints
/wp-json/magicblog/
FAQ

Frequently Asked Questions about MagicBlog – Modern Blog Widgets & Engagement Tools