WP-Safety

Omnipress Security & Risk Analysis

wordpress.org/plugins/omnipress

A powerful Gutenberg plugin with pre-built patterns, advanced blocks, and demo sites to speed up website creation using Full Site Editing.

900 active installs v1.6.7 PHP 7.4+ WP 5.8+ Updated Jan 8, 2026
blockblocksfull-site-editinggutenberg-blockswordpress-demos
47
D · High Risk
CVEs total6
Unpatched2
Last CVEJan 25, 2026
Download
Safety Verdict

Is Omnipress Safe to Use in 2026?

High Risk

Score 47/100

Omnipress carries significant security risk with 6 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

6 known CVEs 2 unpatched Last CVE: Jan 25, 2026Updated 2mo ago
Risk Assessment

The omnipress plugin v1.6.7 presents a mixed security posture. On the positive side, the plugin demonstrates good practices in several areas, including 100% of SQL queries using prepared statements, a high percentage of properly escaped output, and a substantial number of nonce and capability checks, indicating an awareness of common WordPress security vulnerabilities. However, significant concerns are raised by the presence of unprotected entry points and historical vulnerability patterns.

The static analysis reveals one unprotected REST API route, which is a critical entry point that could be exploited without proper authorization checks. While taint analysis shows no critical or high-severity unsanitized flows, the presence of 5 flows with unsanitized paths, even if categorized as lower severity, warrants attention as potential avenues for exploitation. The plugin also performs a considerable number of file operations and external HTTP requests, which, if not handled securely, could introduce risks.

The vulnerability history is a major red flag. With 6 known CVEs, 2 of which are currently unpatched, and a history including high and medium severity vulnerabilities like PHP Remote File Inclusion, Cross-site Scripting, and Authorization Bypass, the plugin has a proven track record of exploitable weaknesses. The recurrence of specific vulnerability types suggests systemic issues in code sanitization and access control. While the last vulnerability was in 2026 (a future date, likely a typo in the provided data, but assuming it reflects past activity), the existence of unpatched vulnerabilities is a severe risk. The plugin's strengths in prepared statements and output escaping are overshadowed by the historical prevalence of vulnerabilities and the identified unprotected entry point, suggesting a high overall risk for sites using this version.

Key Concerns

  • Unprotected REST API route
  • Unpatched CVEs (2 total)
  • High number of CVEs (6 total)
  • History of high/medium severity vulns
  • Flows with unsanitized paths (5)
Vulnerabilities
6

Omnipress Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
3 CVEs in 2025
2025
2 CVEs in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

High
1
Medium
5

6 total CVEs

CVE-2026-25432medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Omnipress <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 25, 2026Unpatched
CVE-2026-24538high · 7.5Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Omnipress <= 1.6.7 - Authenticated (Contributor+) Local File Inclusion

Jan 24, 2026Unpatched
CVE-2025-12163medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Omnipress <= 1.6.5 - Authenticated (Author+) Stored Cross-Site Scripting

Dec 4, 2025 Patched in 1.6.6 (7d)
CVE-2025-53276medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Omnipress <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 27, 2025 Patched in 1.6.5 (168d)
CVE-2024-13407medium · 4.3Authorization Bypass Through User-Controlled Key

Omnipress <= 1.5.4 - Authenticated (Contributor+) Post Disclosure

Mar 13, 2025 Patched in 1.5.5 (1d)
CVE-2024-49278medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Omnipress <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 15, 2024 Patched in 1.5.0 (149d)
Code Analysis
Analyzed Mar 16, 2026

Omnipress Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
9 prepared
Unescaped Output
103
907 escaped
Nonce Checks
14
Capability Checks
23
File Operations
23
External Requests
7
Bundled Libraries
0

SQL Query Safety

100% prepared9 total queries

Output Escaping

90% escaped1010 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths
count_user_visit (classes\class-popup-builder.php:195)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Omnipress Attack Surface

Entry Points5
Unprotected1

AJAX Handlers 4

authwp_ajax_op_popup_status_updaterclasses\class-popup-builder.php:147
authwp_ajax_manage_optionincludes\Core\OptionManager.php:28
noprivwp_ajax_manage_optionincludes\Core\OptionManager.php:29
authwp_ajax_process_csvincludes\Models\TestimonialModel.php:27

REST API Routes 1

GET/wp-json/omnipress/v1/formsincludes\Blocks\BlockTypes\WpFormsExtender.php:70
WordPress Hooks 71
actioninitclasses\class-popup-builder.php:132
actionwp_enqueue_scriptsclasses\class-popup-builder.php:133
actionwp_body_openclasses\class-popup-builder.php:136
filtermanage_omnipress-popup_posts_columnsclasses\class-popup-builder.php:139
actionmanage_omnipress-popup_posts_custom_columnclasses\class-popup-builder.php:141
actionadmin_enqueue_scriptsclasses\class-popup-builder.php:143
actionenqueue_block_editor_assetsclasses\class-popup-builder.php:144
actionwp_trash_postclasses\class-popup-builder.php:148
actionadmin_bar_menuincludes\Admin\Extensions\coming-soon.php:74
filteromnipress_extension_setting_fieldsincludes\Admin\Extensions\Extensions.php:85
actionadmin_initincludes\Admin\Extensions\Extensions.php:88
actionadmin_enqueue_scriptsincludes\Admin\Extensions\Extensions.php:93
filteromnipress_extensions_menusincludes\Admin\Extensions\Extensions.php:96
filteromnipress_extensions_menusincludes\Admin\Extensions\Extensions.php:119
actionadmin_initincludes\Admin\Extensions\Init.php:33
filteromnipress_sub_menusincludes\Admin\Extensions\Init.php:34
actionadmin_menuincludes\Admin\Init.php:143
actioninitincludes\Admin\Init.php:146
actionadmin_noticesincludes\Admin\Init.php:147
actionadmin_footerincludes\Admin\Init.php:150
actionadmin_initincludes\Admin\Init.php:152
actionadmin_enqueue_scriptsincludes\Admin\Init.php:153
actionafter_setup_themeincludes\Admin\Init.php:154
actionsave_postincludes\Admin\Init.php:155
actionadmin_noticesincludes\Admin\Init.php:157
actionadmin_post_op_notice_dismissalincludes\Admin\Init.php:160
filteromnipress_localize_admin_scriptincludes\Admin\Init.php:165
filterwp_theme_json_data_themeincludes\Admin\Init.php:258
filteromnipress_localize_admin_scriptincludes\Admin\Init.php:370
filter_omnipress_blocks_localizeincludes\Blocks\BlockGeneralSettings.php:61
filteromnipress_localize_admin_scriptincludes\Blocks\BlockGeneralSettings.php:62
actioninitincludes\Blocks\BlockRegistrar.php:85
actionomnipress_after_blocks_registerincludes\Blocks\BlockRegistrar.php:86
filterblock_categories_allincludes\Blocks\BlockRegistrar.php:87
actionwp_footerincludes\Blocks\BlockStyles.php:46
actionsave_postincludes\Blocks\BlockStyles.php:48
filterrender_blockincludes\Blocks\BlockStyles.php:59
filtercurrent_page_templateincludes\Blocks\BlockStyles.php:62
actionwp_footerincludes\Blocks\BlockTypes\Image.php:89
filternext_posts_link_attributesincludes\Blocks\BlockTypes\QueryPaginationNext.php:78
filterrender_block_contextincludes\Blocks\BlockTypes\QueryTemplate.php:170
filteromnipress_product_filter_out_of_stock_countincludes\Blocks\BlockTypes\SingleProduct.php:52
actionrest_api_initincludes\Blocks\BlockTypes\WpFormsExtender.php:26
actioninitincludes\BlockTemplates.php:49
filterwp_import_post_data_rawincludes\class-omnipress-importer.php:32
filtertemplate_includeincludes\Controllers\ComingSoonController.php:109
filterpre_option_page_on_frontincludes\Controllers\ComingSoonController.php:112
actioninitincludes\Controllers\PatternsController.php:78
actioninitincludes\Controllers\PatternsController.php:79
filtertemplate_includeincludes\Controllers\ThemeFontsHandler.php:14
filterwp_theme_json_data_themeincludes\Controllers\ThemeFontsHandler.php:15
actionwp_enqueue_scriptsincludes\Core\AbstractAssetsHandler.php:47
actionenqueue_block_editor_assetsincludes\Core\AbstractAssetsHandler.php:48
actionenqueue_block_assetsincludes\Core\AbstractAssetsHandler.php:49
actionwp_enqueue_scriptsincludes\Core\AbstractAssetsHandler.php:50
filterstyle_loader_tagincludes\Core\AbstractAssetsHandler.php:55
actionadmin_enqueue_scriptsincludes\Core\OptionManager.php:234
actionadmin_footerincludes\Init.php:117
filterimport_post_meta_keyincludes\Libraries\importer\class-wp-import.php:78
filterhttp_request_timeoutincludes\Libraries\importer\class-wp-import.php:79
actionadmin_initincludes\Libraries\importer\init.php:40
actionadmin_footerincludes\Libraries\stats\class-stats.php:76
actioninitincludes\Models\TestimonialModel.php:22
actioninitincludes\Models\TestimonialModel.php:23
actionadd_meta_boxesincludes\Models\TestimonialModel.php:24
actionsave_postincludes\Models\TestimonialModel.php:25
actionadmin_menuincludes\Models\TestimonialModel.php:26
actionrest_api_initincludes\RestApi\RestApi.php:51
actionplugins_loadedomnipress.php:119
actionadmin_initomnipress.php:120
actioninitomnipress.php:121
Maintenance & Trust

Omnipress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 8, 2026
PHP min version7.4
Downloads47K

Community Trust

Rating100/100
Number of ratings1
Active installs900
Alternatives

Omnipress Alternatives

Greenshift – animation and page builder blocks

Greenshift – animation and page builder blocks

greenshift-animation-and-page-builder-blocks

A
89

More than 20 special blocks for Gutenberg to build complex pages and animations with highest possible web vitals score.

70K 19 CVEs
Nova Blocks by Pixelgrade

Nova Blocks by Pixelgrade

nova-blocks

A
96

A collection of distinctive Gutenberg blocks, committed to making your site shine like a newborn star.

900 3 CVEs
Advanced Block Controls (ABC) — Core Blocks Page Builder and Full Site Editing Toolkit

Advanced Block Controls (ABC) — Core Blocks Page Builder and Full Site Editing Toolkit

advanced-block-controls

A
100

Enhancing core Gutenberg blocks with advanced page builder controls, eliminating the need for third-party blocks to build professional websites.

80 No CVEs
Gutenwave Blocks – Gutenberg Page Builder Blocks for Block Editor & FSE

Gutenwave Blocks – Gutenberg Page Builder Blocks for Block Editor & FSE

gutenwave-blocks

A
100

Build stunning websites with Gutenberg. Free responsive blocks, starter templates & full site editing support in one lightweight plugin.

50 No CVEs
Spectra Gutenberg Blocks – Website Builder for the Block Editor

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

A
92

Power-up Gutenberg with advanced blocks for faster website creation. Build your WordPress website effortlessly using powerful building blocks!

1.0M 26 CVEs
Developer Profile

Omnipress Developer Profile

omnipressteam

7 plugins · 2K total installs

79
trust score
Avg Security Score
87/100
Avg Patch Time
81 days
View full developer profile
Detection Fingerprints

How We Detect Omnipress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/omnipress/assets/css/main.css/wp-content/plugins/omnipress/assets/css/responsive.css/wp-content/plugins/omnipress/assets/js/omnipress-scripts.js/wp-content/plugins/omnipress/assets/js/main.js
Script Paths
/wp-content/plugins/omnipress/assets/js/omnipress-scripts.js/wp-content/plugins/omnipress/assets/js/main.js
Version Parameters
omnipress/assets/css/main.css?ver=omnipress/assets/css/responsive.css?ver=omnipress/assets/js/omnipress-scripts.js?ver=omnipress/assets/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes
omnipress-sectionomnipress-blockomnipress-popup-builder
Data Attributes
data-omnipress-delaydata-omnipress-triggerdata-omnipress-positiondata-omnipress-repetition
JS Globals
OmnipressCoreOmnipressPopupBuilder
FAQ

Frequently Asked Questions about Omnipress