Does Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE have any unpatched vulnerabilities?

No. All known vulnerabilities in Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE compatible with WordPress 6.9.4?

According to WordPress.org data, Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE 3.1.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Security & Risk Analysis

wordpress.org/plugins/otter-blocks

Quickly create WordPress pages with 20+ blocks, 100+ ready-to-import designs, and advanced editor extensions. It’s website building, Lego-style!

300K active installs v3.1.5 PHP 5.6+ WP 6.2+ Updated Feb 27, 2026

blockblocksgutenberggutenberg-blockspage-builder

A · Safe

CVEs total11

Unpatched0

Last CVEAug 27, 2025

Plugin page Download

Safety Verdict

Is Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Safe to Use in 2026?

Generally Safe

Score 94/100

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE has a strong security track record. Known vulnerabilities have been patched promptly.

11 known CVEsLast CVE: Aug 27, 2025Updated 1mo ago

Risk Assessment

The static analysis of Otter Blocks v3.1.5 shows a generally strong security posture with good practices in place. The plugin demonstrates a high percentage of properly escaped output and 100% of SQL queries utilize prepared statements, which are excellent indicators of secure coding. Furthermore, all identified AJAX entry points have authorization checks, and there are no direct REST API routes or shortcodes exposed, minimizing the external attack surface. The absence of dangerous functions and zero critical or high severity taint flows are also positive signs.

However, the plugin's vulnerability history is a significant concern. With a total of 11 known CVEs, including one high severity and ten medium severity vulnerabilities, there's a clear pattern of past security weaknesses. The common vulnerability types listed, such as Exposure of Sensitive Information, Path Traversal, Missing Authorization, Cross-site Scripting, and Improper Input Validation, suggest recurring issues that require careful attention. While there are currently no unpatched vulnerabilities, the sheer volume of past exploits indicates a need for ongoing vigilance and robust patching processes.

In conclusion, Otter Blocks v3.1.5 exhibits strong code hygiene in its static analysis, suggesting a foundation of secure development. Nevertheless, the extensive historical vulnerability record casts a shadow, pointing to a plugin that has historically struggled with maintaining a secure codebase. The presence of bundled libraries, while not explicitly flagged as outdated, could also represent a potential risk if they are not maintained separately. Continuous monitoring and proactive security audits are recommended.

Key Concerns

Significant number of past medium/high severity CVEs
Bundled outdated jQuery library (v1.12.4)

Vulnerabilities

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

9 CVEs in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

11 total CVEs

CVE-2025-55715medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Otter - Gutenberg Block <= 3.1.0 - Unauthenticated Sensitive Information Exposure

Aug 27, 2025 Patched in 3.1.1 (8d)

CVE-2024-11219medium · 5.3Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.6 - Unauthetnicated Path Traversal to Arbitrary Image View

Nov 26, 2024 Patched in 3.0.7 (1d)

CVE-2024-51671medium · 4.3Missing Authorization

Otter - Gutenberg Block <= 3.0.3 - Missing Authorization

Nov 1, 2024 Patched in 3.0.4 (6d)

CVE-2024-10367medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

Oct 31, 2024 Patched in 3.0.5 (1d)

CVE-2024-3725medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleTag'

Apr 16, 2024 Patched in 2.6.10 (17d)

CVE-2024-3343medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes

Apr 10, 2024 Patched in 2.6.9 (1d)

CVE-2024-3344medium · 6.4Unrestricted Upload of File with Dangerous Type

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.8 - Authenticated (Author+) Limited File Upload to Stored Cross-Site Scripting

Apr 10, 2024 Patched in 2.6.9 (1d)

CVE-2024-2841medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 28, 2024 Patched in 2.6.6 (1d)

CVE-2024-2729medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Otter Blocks <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 28, 2024 Patched in 2.6.6 (5d)

CVE-2024-2226medium · 6.4Improper Input Validation

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 13, 2024 Patched in 2.6.5 (28d)

CVE-2023-2288high · 8.8Deserialization of Untrusted Data

Otter - Gutenberg Blocks <= 2.2.5 - Authenticated (Author+) PHAR Deserialization

May 2, 2023 Patched in 2.2.6 (266d)

Code Analysis

Analyzed Mar 16, 2026

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

317 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Stripe PHPjQuery1.12.4

Output Escaping

98% escaped325 total outputs

Attack Surface

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_otter_animation_dismiss_welcome_noticeinc\class-blocks-animation.php:56

authwp_ajax_dismiss_otter_noticeinc\class-pro.php:195

authwp_ajax_dismiss_themeisle_event_notice_otterinc\plugins\class-limited-offers.php:94

WordPress Hooks 134

actioninitinc\class-base-css.php:63

actionenqueue_block_editor_assetsinc\class-blocks-animation.php:50

actionenqueue_block_assetsinc\class-blocks-animation.php:51

filterrender_blockinc\class-blocks-animation.php:52

actionadmin_noticesinc\class-blocks-animation.php:55

actionwp_footerinc\class-blocks-animation.php:180

actionenqueue_block_editor_assetsinc\class-blocks-css.php:32

actionwp_headinc\class-blocks-css.php:33

actionwp_loadedinc\class-blocks-css.php:34

filterotter_blocks_cssinc\class-blocks-css.php:35

actionenqueue_block_editor_assetsinc\class-blocks-export-import.php:32

actioninitinc\class-main.php:36

filterscript_loader_taginc\class-main.php:37

filtersafe_style_cssinc\class-main.php:38

filterwp_kses_allowed_htmlinc\class-main.php:39

actioninitinc\class-main.php:40

filterupload_mimesinc\class-main.php:43

filterwp_handle_upload_prefilterinc\class-main.php:44

filterwp_handle_sideload_prefilterinc\class-main.php:45

filterwp_check_filetype_and_extinc\class-main.php:46

filterwp_generate_attachment_metadatainc\class-main.php:47

filterotter_blocks_about_us_metadatainc\class-main.php:50

filterthemeisle_sdk_blackfriday_datainc\class-main.php:51

actionparse_queryinc\class-main.php:53

filterrest_post_collection_paramsinc\class-main.php:54

filterredirect_canonicalinc\class-main.php:552

actioninitinc\class-patterns.php:28

actionadmin_noticesinc\class-pro.php:31

actioninitinc\class-pro.php:34

actionadd_meta_boxesinc\class-pro.php:50

filtercron_schedulesinc\class-pro.php:51

actionwpinc\class-pro.php:52

actionotter_montly_scheduled_eventsinc\class-pro.php:53

actionadmin_initinc\class-pro.php:54

actionadmin_initinc\class-pro.php:57

actionadmin_noticesinc\class-pro.php:194

filterblock_categories_allinc\class-registration.php:87

actioninitinc\class-registration.php:88

actioninitinc\class-registration.php:89

actionenqueue_block_assetsinc\class-registration.php:90

actionenqueue_block_editor_assetsinc\class-registration.php:91

actionenqueue_block_assetsinc\class-registration.php:92

filterrender_blockinc\class-registration.php:93

filterrender_blockinc\class-registration.php:94

filterdynamic_sidebar_paramsinc\class-registration.php:95

filterrender_blockinc\class-registration.php:96

actionwp_footerinc\class-registration.php:98

filterthe_contentinc\class-registration.php:358

filterwp_footerinc\class-registration.php:378

actionwp_headinc\class-registration.php:506

actionwp_headinc\class-registration.php:1017

actionwp_footerinc\class-registration.php:1071

filterget_the_excerptinc\css\class-block-frontend.php:53

actionwpinc\css\class-block-frontend.php:54

actionwp_enqueue_scriptsinc\css\class-block-frontend.php:55

actionwp_headinc\css\class-block-frontend.php:56

filterget_the_excerptinc\css\class-block-frontend.php:57

actionwp_footerinc\css\class-block-frontend.php:58

actionwp_footerinc\css\class-block-frontend.php:59

actionwp_headinc\css\class-block-frontend.php:60

actionwp_footerinc\css\class-block-frontend.php:61

filterthe_contentinc\css\class-block-frontend.php:237

actionwp_footerinc\css\class-block-frontend.php:274

actionwp_footerinc\css\class-block-frontend.php:290

actionwp_footerinc\css\class-block-frontend.php:322

actionwp_footerinc\css\class-block-frontend.php:339

actionrest_api_initinc\css\class-css-handler.php:31

actionrest_api_initinc\css\class-css-handler.php:32

actionbefore_delete_postinc\css\class-css-handler.php:33

actioncustomize_save_afterinc\css\class-css-handler.php:34

actionrest_after_insert_wp_blockinc\css\class-css-handler.php:35

filtercustomize_dynamic_partial_argsinc\css\class-css-handler.php:36

filterwidget_block_contentinc\css\class-css-handler.php:71

filterotter_form_email_render_headinc\integrations\class-form-email.php:52

filterotter_form_email_render_bodyinc\integrations\class-form-email.php:57

filterotter_form_email_render_body_errorinc\integrations\class-form-email.php:62

actionotter_register_form_providersinc\integrations\class-form-providers.php:61

filterotter_select_form_providerinc\integrations\class-form-providers.php:66

filterrender_blockinc\plugins\class-block-conditions.php:29

actionwp_loadedinc\plugins\class-block-conditions.php:30

actionadmin_menuinc\plugins\class-dashboard.php:30

actionadmin_initinc\plugins\class-dashboard.php:31

actionadmin_headinc\plugins\class-dashboard.php:32

actionadmin_noticesinc\plugins\class-dashboard.php:33

actionadmin_headinc\plugins\class-dashboard.php:34

actionwp_dashboard_setupinc\plugins\class-dashboard.php:38

filterrender_blockinc\plugins\class-dynamic-content.php:26

filterrender_blockinc\plugins\class-dynamic-content.php:27

filterrender_blockinc\plugins\class-dynamic-content.php:28

filterrender_blockinc\plugins\class-dynamic-content.php:29

filterrender_blockinc\plugins\class-dynamic-content.php:30

filterotter_apply_dynamic_imageinc\plugins\class-dynamic-content.php:31

actionafter_switch_themeinc\plugins\class-fse-onboarding.php:31

actionenqueue_block_editor_assetsinc\plugins\class-fse-onboarding.php:32

actionadmin_menuinc\plugins\class-fse-onboarding.php:33

filterthemeisle_products_deal_priorityinc\plugins\class-limited-offers.php:92

actionadmin_noticesinc\plugins\class-limited-offers.php:93

actioninitinc\plugins\class-options-settings.php:29

actioninitinc\plugins\class-options-settings.php:30

actioninitinc\plugins\class-options-settings.php:31

actioninitinc\plugins\class-stripe-api.php:56

actioninitinc\plugins\class-template-cloud.php:24

filterrender_blockinc\render\amp\class-circle-counter-block.php:25

filterrender_blockinc\render\amp\class-lottie.block.php:25

filterrender_blockinc\render\amp\class-slider-block.php:27

filterrender_blockinc\render\class-masonry-variant.php:25

filterwp_img_tag_add_auto_sizesinc\render\class-posts-grid-block.php:26

actionwp_footerinc\render\class-review-block.php:44

filterallowed_redirect_hostsinc\render\class-stripe-checkout-block.php:34

actionwp_loadedinc\render\class-stripe-checkout-block.php:35

actionrest_api_initinc\server\class-dashboard-server.php:42

actionafter_switch_themeinc\server\class-dashboard-server.php:43

actionrest_api_initinc\server\class-dynamic-content-server.php:42

actionrest_api_initinc\server\class-form-server.php:78

filterotter_form_validate_forminc\server\class-form-server.php:125

filterotter_form_validate_forminc\server\class-form-server.php:126

filterotter_form_anti_spam_validationinc\server\class-form-server.php:131

filterotter_form_anti_spam_validationinc\server\class-form-server.php:132

filterotter_form_data_preparationinc\server\class-form-server.php:137

filterotter_form_email_build_bodyinc\server\class-form-server.php:142

filterotter_form_email_build_body_errorinc\server\class-form-server.php:143

actionotter_form_after_submitinc\server\class-form-server.php:148

actionotter_form_issues_handlerinc\server\class-form-server.php:153

actionotter_form_issues_handlerinc\server\class-form-server.php:154

actionotter_form_on_submission_confirmedinc\server\class-form-server.php:156

filterotter_form_session_confirmationinc\server\class-form-server.php:157

actionrest_api_initinc\server\class-fse-onboarding-server.php:42

actionrest_api_initinc\server\class-prompt-server.php:61

actionrest_api_initinc\server\class-stripe-server.php:42

actionrest_api_initinc\server\class-template-cloud-server.php:27

filterthemeisle_sdk_productsotter-blocks.php:44

filterotter_blocks_welcome_metadataotter-blocks.php:53

filterthemeisle_sdk_enable_telemetryotter-blocks.php:88

filterthemeisle_sdk_telemetry_productsotter-blocks.php:90

Scheduled Events 1

otter_montly_scheduled_events

Maintenance & Trust

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 27, 2026

PHP min version5.6

Downloads12.0M

Community Trust

Rating94/100

Number of ratings243

Active installs300K

Alternatives

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Alternatives

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

20+ AI-powered Gutenberg Blocks with endless options, enabling top-notch efficiency for high-performance dynamic website creation.

600K 31 CVEs

Page Builder: Pagelayer – Drag and Drop website builder

pagelayer

The most advanced frontend drag & drop page builder. Pagelayer is a light weight but extremely powerful Website Builder.

400K 25 CVEs

Page Builder Gutenberg Blocks – CoBlocks

coblocks

CoBlocks is a suite of page builder WordPress blocks for Gutenberg, with 10+ new blocks and a true page builder experience with rows and columns.

300K 1 unpatched

Stackable – Page Builder Gutenberg Blocks

stackable-ultimate-gutenberg-blocks

Custom Blocks that transform your WordPress Block Editor into a page builder

100K 7 CVEs

Greenshift – animation and page builder blocks

greenshift-animation-and-page-builder-blocks

More than 20 special blocks for Gutenberg to build complex pages and animations with highest possible web vitals score.

70K 19 CVEs

Developer Profile

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Developer Profile

Themeisle

37 plugins · 2.2M total installs

trust score

Avg Security Score

96/100

Avg Patch Time

420 days

View full developer profile

Detection Fingerprints

How We Detect Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/otter-blocks/build/animation/index.css/wp-content/plugins/otter-blocks/build/animation/index.js/wp-content/plugins/otter-blocks/build/animation/anim-count.js/wp-content/plugins/otter-blocks/build/animation/anim-typing.js/wp-content/plugins/otter-blocks/build/animation/frontend.js

Script Paths

/wp-content/plugins/otter-blocks/build/animation/index.js/wp-content/plugins/otter-blocks/build/animation/anim-count.js/wp-content/plugins/otter-blocks/build/animation/anim-typing.js/wp-content/plugins/otter-blocks/build/animation/frontend.js

Version Parameters

/wp-content/plugins/otter-blocks/build/animation/index.css?ver=/wp-content/plugins/otter-blocks/build/animation/index.js?ver=/wp-content/plugins/otter-blocks/build/animation/anim-count.js?ver=/wp-content/plugins/otter-blocks/build/animation/anim-typing.js?ver=/wp-content/plugins/otter-blocks/build/animation/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

anim-elementanim-visible

Data Attributes

data-otter-animationdata-otter-animation-effect

JS Globals

blocksAnimation

FAQ