WP-Safety

PatternsWP – Gutenberg Block Patterns & Page Templates Library Security & Risk Analysis

wordpress.org/plugins/patternswp

Explore a library of pre-designed Gutenberg block patterns and page templates that are compatible with any WordPress block theme.

500 active installs v1.0.9 PHP 7.0+ WP 6.0+ Updated Apr 4, 2026
blocksgutenberglibrarypatternstemplates
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is PatternsWP – Gutenberg Block Patterns & Page Templates Library Safe to Use in 2026?

Generally Safe

Score 100/100

PatternsWP – Gutenberg Block Patterns & Page Templates Library has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "patternswp" plugin version 1.0.8 demonstrates several positive security practices. The code extensively utilizes prepared statements for all its SQL queries and has a very high rate of proper output escaping, indicating a strong defense against common injection and XSS vulnerabilities. The absence of known CVEs and a clean vulnerability history further suggests a relatively secure plugin. Furthermore, there are no detected dangerous functions, file operations, or taint flows indicating a low risk of severe code execution or data compromise through complex exploits.

However, there are notable areas of concern. The plugin exposes four AJAX handlers, with two of them lacking any authentication or capability checks. This represents a significant attack surface that could be exploited by unauthenticated users to trigger arbitrary actions. While the plugin has a small number of nonces and capability checks, their placement on only two handlers might not cover the entire intended functionality. The presence of external HTTP requests, though not inherently a vulnerability, can sometimes be a vector for supply chain attacks if the target endpoints are compromised or if the requests themselves are vulnerable to manipulation.

In conclusion, "patternswp" v1.0.8 has a solid foundation in terms of secure coding practices for database interactions and output handling. The primary weakness lies in the unprotected AJAX endpoints, which pose a direct risk of unauthorized access and potential manipulation. Addressing these unprotected entry points should be the immediate priority to improve the plugin's overall security posture.

Key Concerns

  • Unprotected AJAX handlers
  • Limited nonce checks on AJAX
  • Limited capability checks on AJAX
Vulnerabilities
None known

PatternsWP – Gutenberg Block Patterns & Page Templates Library Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

PatternsWP – Gutenberg Block Patterns & Page Templates Library Release Timeline

v1.0.9Current
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Mar 16, 2026

PatternsWP – Gutenberg Block Patterns & Page Templates Library Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
5 prepared
Unescaped Output
1
34 escaped
Nonce Checks
2
Capability Checks
2
File Operations
0
External Requests
5
Bundled Libraries
0

SQL Query Safety

100% prepared5 total queries

Output Escaping

97% escaped35 total outputs
Attack Surface
2 unprotected

PatternsWP – Gutenberg Block Patterns & Page Templates Library Attack Surface

Entry Points4
Unprotected2

AJAX Handlers 4

authwp_ajax_patternswp_background_transient_load_ajaxincludes\class-patternswp-admin.php:21
noprivwp_ajax_patternswp_background_transient_load_ajaxincludes\class-patternswp-admin.php:22
authwp_ajax_fetch_patternspatternswp.php:141
noprivwp_ajax_fetch_patternspatternswp.php:142
WordPress Hooks 30
actionadmin_menuincludes\class-patternswp-admin.php:18
actionadmin_initincludes\class-patternswp-admin.php:19
actionadmin_initincludes\class-patternswp-admin.php:20
actionpatternswp_load_patterns_by_raincludes\class-patternswp-admin.php:23
actionadmin_initincludes\class-patternswp-admin.php:25
actionadmin_initincludes\class-patternswp-admin.php:28
actioninitincludes\class-patternswp-admin.php:31
actioninitincludes\class-patternswp-admin.php:32
actioninitincludes\class-patternswp-admin.php:33
actioninitincludes\class-patternswp-admin.php:36
actioninitincludes\class-patternswp-admin.php:37
actioninitincludes\class-patternswp-admin.php:38
filterpatternswp_patternsincludes\class-patternswp-admin.php:43
filterblock_editor_settings_allincludes\class-patternswp-admin.php:44
filterrest_wp_block_queryincludes\class-patternswp-admin.php:47
filtershould_load_remote_block_patternsincludes\class-patternswp-admin.php:50
filtershould_load_remote_patterns_default_overrideincludes\class-patternswp-admin.php:51
actionswitch_themeincludes\class-patternswp-admin.php:54
filterrest_prepare_wp_blockincludes\class-patternswp-admin.php:57
filterwp_block_patternsincludes\class-patternswp-admin.php:60
actionwp_loadedincludes\class-patternswp-admin.php:63
filterposts_whereincludes\class-patternswp-admin.php:831
actionupdate_option_patternswp_hide_theme_patternsincludes\class-patternswp-admin.php:1007
actionupdate_option_patternswp_hide_uncategorized_patternsincludes\class-patternswp-admin.php:1008
actionupdate_option_patternswp_hide_core_patternsincludes\class-patternswp-admin.php:1009
actionadmin_initincludes\class-patternswp-api.php:15
actionpatternswp_hourly_transient_loadincludes\class-patternswp-api.php:16
actionenqueue_block_editor_assetspatternswp.php:64
filterplugin_action_linkspatternswp.php:162
filterplugin_row_metapatternswp.php:174

Scheduled Events 2

patternswp_hourly_transient_load
patternswp_hourly_transient_load
Maintenance & Trust

PatternsWP – Gutenberg Block Patterns & Page Templates Library Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 4, 2026
PHP min version7.0
Downloads8K

Community Trust

Rating100/100
Number of ratings3
Active installs500
Alternatives

PatternsWP – Gutenberg Block Patterns & Page Templates Library Alternatives

Rocksite Kit – Kadence Blocks Patterns with Figma UI Kit

Rocksite Kit – Kadence Blocks Patterns with Figma UI Kit

rocksite-sections

A
85

Collection of ready-to-use Gutenberg sections (block patterns) based on Kadence Blocks Library: Hero Sections, Features Sections, Call to Actions etc.

100 No CVEs
Extendify

Extendify

extendify

A
100

The best WordPress templates, pattern, and layout library with 1,000+ designs built for the Gutenberg block editor.

500K No CVEs
Qi Blocks

Qi Blocks

qi-blocks

A
94

Qi Blocks is the largest collection of Gutenberg blocks developed by Qode Interactive.

60K 9 CVEs
Patterns Store – Creates a store to manage and display patterns & pattern kits

Patterns Store – Creates a store to manage and display patterns & pattern kits

patterns-store

A
92

Create a store to manage and display patterns, pattern kits, and theme JSON packages. Perfect for designers and developers.

20 No CVEs
Starter Sites & Templates by Neve

Starter Sites & Templates by Neve

templates-patterns-collection

A
100

This plugin gives you access to 100+ templates and ready-to-use starter sites. Neve theme is used for all the designs.

100K 1 CVE
Developer Profile

PatternsWP – Gutenberg Block Patterns & Page Templates Library Developer Profile

PatternsWP

1 plugin · 500 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect PatternsWP – Gutenberg Block Patterns & Page Templates Library

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/patternswp/build/patternswp-editor.js/wp-content/plugins/patternswp/build/style-patternswp-editor-styles.css
Script Paths
/wp-content/plugins/patternswp/build/patternswp-editor.js
Version Parameters
patternswp/build/patternswp-editor.js?ver=patternswp/build/style-patternswp-editor-styles.css?ver=

HTML / DOM Fingerprints

JS Globals
patternsWpData
REST Endpoints
/wp-json/patternswp/v1/patterns
FAQ

Frequently Asked Questions about PatternsWP – Gutenberg Block Patterns & Page Templates Library