WP-Safety

FancyPost – Post Blocks, Grids & Sliders for Block Editor and Elementor Security & Risk Analysis

wordpress.org/plugins/post-block

FancyPost provides advanced post blocks, grids, layouts, carousels, and sliders for Block Editor & Elementor. Includes featured posts and sliders.

600 active installs v6.0.1 PHP + WP 4.5+ Updated Dec 20, 2025
elementorgutenberg-blockspost-blockpost-gridpost-layout
77
B · Generally Safe
CVEs total3
Unpatched1
Last CVEApr 1, 2025
Plugin page Download
Safety Verdict

Is FancyPost – Post Blocks, Grids & Sliders for Block Editor and Elementor Safe to Use in 2026?

Mostly Safe

Score 77/100

FancyPost – Post Blocks, Grids & Sliders for Block Editor and Elementor is generally safe to use. 3 past CVEs were resolved. Keep it updated.

3 known CVEs 1 unpatched Last CVE: Apr 1, 2025Updated 3mo ago
Risk Assessment

The 'post-block' plugin version 6.0.1 presents a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a significant number of nonce and capability checks, there are notable areas of concern. The presence of two AJAX handlers without authentication checks creates a direct attack surface for unauthorized actions. Furthermore, the taint analysis revealing one unsanitized path, even without a critical or high severity, indicates a potential for code injection or data leakage that warrants attention.

The vulnerability history for this plugin is a significant red flag, with three known CVEs, one of which remains unpatched. The common vulnerability types of Cross-site Scripting and Missing Authorization, particularly in conjunction with the unprotected AJAX endpoints, suggest a recurring pattern of insecure handling of user input and access control. The fact that the last vulnerability was in April 2025, and it's still unpatched, implies a lack of timely security maintenance and remediation. While the plugin has strengths in its query sanitization and some security checks, the unpatched vulnerability and the unprotected entry points significantly elevate the overall risk.

Key Concerns

  • Unprotected AJAX handlers
  • Unsanitized path in taint analysis
  • Unpatched CVE history
  • Medium severity CVEs in history
Vulnerabilities
3

FancyPost – Post Blocks, Grids & Sliders for Block Editor and Elementor Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-31875medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FancyPost <= 6.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 1, 2025Unpatched
CVE-2024-10536medium · 4.3Missing Authorization

FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor <= 6.0.0 - Missing Authorization to Authenticated (Subscriber+) Shortcode Export

Jan 6, 2025 Patched in 6.0.1 (14d)
CVE-2024-38686medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor <= 5.3.1 - Authenticated (Author+) Stored Cross-Site Scripting

Jul 10, 2024 Patched in 5.3.2 (9d)
Code Analysis
Analyzed Mar 16, 2026

FancyPost – Post Blocks, Grids & Sliders for Block Editor and Elementor Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
292
943 escaped
Nonce Checks
12
Capability Checks
4
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

76% escaped1235 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

10 flows1 with unsanitized paths
fpblock_backup_callback (custom-fields\options\admin-backup.php:49)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

FancyPost – Post Blocks, Grids & Sliders for Block Editor and Elementor Attack Surface

Entry Points9
Unprotected2

AJAX Handlers 8

authwp_ajax_fpblock-get-iconscustom-fields\functions\actions.php:50
authwp_ajax_fpblock-exportcustom-fields\functions\actions.php:87
authwp_ajax_fpblock-importcustom-fields\functions\actions.php:123
authwp_ajax_fpblock-resetcustom-fields\functions\actions.php:150
authwp_ajax_fpblock-chosencustom-fields\functions\actions.php:189
authwp_ajax_shortcode_exportcustom-fields\options\admin-backup.php:215
authwp_ajax_filter_posts_by_paginationincludes\class-post-block.php:82
noprivwp_ajax_filter_posts_by_paginationincludes\class-post-block.php:83

Shortcodes 1

[fpblock] includes\class-post-block.php:345
WordPress Hooks 53
actionadmin_menuadmin\class-fancy-post-pro.php:18
actionadmin_post_FancyPostPRO_el_deactivate_licenseadmin\class-fancy-post-pro.php:19
actionadmin_post_FancyPostPRO_el_activate_licenseadmin\class-fancy-post-pro.php:27
actionadmin_menuadmin\class-fancy-post-pro.php:28
actionwp_enqueue_scriptscustom-fields\classes\abstract.class.php:21
actionadmin_menucustom-fields\classes\admin-options.class.php:105
actionadmin_bar_menucustom-fields\classes\admin-options.class.php:106
actionnetwork_admin_menucustom-fields\classes\admin-options.class.php:110
filteradmin_footer_textcustom-fields\classes\admin-options.class.php:430
actionadd_meta_boxescustom-fields\classes\metabox-options.class.php:50
actionsave_postcustom-fields\classes\metabox-options.class.php:51
actionedit_attachmentcustom-fields\classes\metabox-options.class.php:52
actionadmin_initcustom-fields\classes\profile-options.class.php:32
actionshow_user_profilecustom-fields\classes\profile-options.class.php:44
actionedit_user_profilecustom-fields\classes\profile-options.class.php:45
actionpersonal_options_updatecustom-fields\classes\profile-options.class.php:47
actionedit_user_profile_updatecustom-fields\classes\profile-options.class.php:48
actionafter_setup_themecustom-fields\classes\setup.class.php:73
actioninitcustom-fields\classes\setup.class.php:74
actionswitch_themecustom-fields\classes\setup.class.php:75
actionadmin_enqueue_scriptscustom-fields\classes\setup.class.php:76
actionwp_enqueue_scriptscustom-fields\classes\setup.class.php:77
actionwp_headcustom-fields\classes\setup.class.php:78
filteradmin_body_classcustom-fields\classes\setup.class.php:79
actionadmin_footercustom-fields\fields\icon\icon.php:41
actioncustomize_controls_print_footer_scriptscustom-fields\fields\icon\icon.php:42
actionadmin_print_footer_scriptscustom-fields\fields\link\link.php:65
actionprint_default_editor_scriptscustom-fields\fields\wp_editor\wp_editor.php:62
actionadmin_menucustom-fields\options\admin-license.php:68
actionadmin_post_FancyPostPRO_el_deactivate_licensecustom-fields\options\admin-license.php:69
actionadmin_post_FancyPostPRO_el_activate_licensecustom-fields\options\admin-license.php:76
actionadmin_menucustom-fields\options\admin-license.php:77
actionplugins_loadedincludes\class-post-block.php:248
actionadmin_enqueue_scriptsincludes\class-post-block.php:262
actionadmin_enqueue_scriptsincludes\class-post-block.php:263
actioninitincludes\class-post-block.php:267
filterpost_updated_messagesincludes\class-post-block.php:268
filtermanage_frhdfp_blocks_posts_columnsincludes\class-post-block.php:269
actionmanage_frhdfp_blocks_posts_custom_columnincludes\class-post-block.php:270
actionadmin_noticesincludes\class-post-block.php:271
actionadmin_menuincludes\class-post-block.php:272
filterplugin_action_linksincludes\class-post-block.php:273
actionactivated_pluginincludes\class-post-block.php:274
filterblock_categories_allincludes\class-post-block.php:292
filterblock_categoriesincludes\class-post-block.php:294
actionadmin_noticesincludes\class-post-block.php:310
actionadmin_initincludes\class-post-block.php:312
actionwp_enqueue_scriptsincludes\class-post-block.php:332
actionwp_enqueue_scriptsincludes\class-post-block.php:333
actionsingle_templateincludes\class-post-block.php:336
actionfpblock_action_tag_for_shortcodeincludes\class-post-block.php:344
actioninitincludes\class-post-block.php:349
filterallowed_block_types_allincludes\class-post-block.php:352
Maintenance & Trust

FancyPost – Post Blocks, Grids & Sliders for Block Editor and Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 20, 2025
PHP min version
Downloads15K

Community Trust

Rating100/100
Number of ratings6
Active installs600
Alternatives

FancyPost – Post Blocks, Grids & Sliders for Block Editor and Elementor Alternatives

Smart Post Block – Post Grid Gutenberg Blocks

Smart Post Block – Post Grid Gutenberg Blocks

smart-post-block

A
92

A powerful Gutenberg block plugin for post layouts, post design, news magazine layouts, and blog post styling.

20 No CVEs
WP Blog Post Layouts

WP Blog Post Layouts

wp-blog-post-layouts

A
98

Versatile plugin specially designed to create beautiful posts layouts. Fully compatible with Gutenberg and Elementor. Comes with advanced features suc &hellip;

10K 1 CVE
BlogLentor – Blog Designer Pack for Elementor

BlogLentor – Blog Designer Pack for Elementor

bloglentor-for-elementor

B
79

Design and modify your blog with creative layouts. You can easily design your blog posts with slider, Carousel and different skins with pagination.

5K 1 unpatched
Guten Post Layout – An Advanced Post Grid Collection

Guten Post Layout – An Advanced Post Grid Collection

guten-post-layout

A
91

Most advanced post grid WordPress plugin for Gutenberg. Create post grids, lists, and sliders from default posts or custom post types for WordPress.

1K 1 CVE
Post Blocks & Tools

Post Blocks & Tools

bnm-blocks

A
99

Post grid, post list, and post slider Gutenberg blocks to design blog and magazine layouts easily.

300 1 CVE
Developer Profile

FancyPost – Post Blocks, Grids & Sliders for Block Editor and Elementor Developer Profile

Pluginic

7 plugins · 3K total installs

90
trust score
Avg Security Score
94/100
Avg Patch Time
12 days
View full developer profile
Detection Fingerprints

How We Detect FancyPost – Post Blocks, Grids & Sliders for Block Editor and Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/post-block/admin/css/post-block-admin.css/wp-content/plugins/post-block/admin/js/post-block-admin.js/wp-content/plugins/post-block/admin/css/getting-started.css
Script Paths
/wp-content/plugins/post-block/admin/js/post-block-admin.js
Version Parameters
post-block-admin.css?ver=post-block-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
frhd-option-bodyfrhd-setting-headerfrhd-setting-header-infofrhd-setting-header-info-contentfrhd-plugin-aboutfrhd-plugin-versionfrhd-dashboard-navfrhd-current+1 more
Data Attributes
id="frhd-plugin-version"
FAQ

Frequently Asked Questions about FancyPost – Post Blocks, Grids & Sliders for Block Editor and Elementor