Does PostExtra – News and Magazine Blog Post Blocks for Gutenberg & FSE have any unpatched vulnerabilities?

No. All known vulnerabilities in PostExtra – News and Magazine Blog Post Blocks for Gutenberg & FSE have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PostExtra – News and Magazine Blog Post Blocks for Gutenberg & FSE compatible with WordPress 6.9.4?

According to WordPress.org data, PostExtra – News and Magazine Blog Post Blocks for Gutenberg & FSE 1.3.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

PostExtra – News and Magazine Blog Post Blocks for Gutenberg & FSE Security & Risk Analysis

wordpress.org/plugins/post-extra

Magazine‑style post grids, lists, and carousels for Gutenberg and FSE – design high‑engagement blog and news layouts without coding.

100 active installs v1.3.2 PHP 7.4+ WP 6.1+ Updated Dec 16, 2025

blog-layoutgutenberg-blocksmagazine-layoutpost-gridpost-list

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is PostExtra – News and Magazine Blog Post Blocks for Gutenberg & FSE Safe to Use in 2026?

Generally Safe

Score 100/100

PostExtra – News and Magazine Blog Post Blocks for Gutenberg & FSE has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The 'post-extra' v1.3.2 plugin exhibits a generally good security posture, with strengths in its use of prepared statements for all SQL queries and proper output escaping for all identified outputs. The plugin also demonstrates a commitment to security by implementing nonce and capability checks on most of its entry points. The absence of known CVEs and historical vulnerabilities is a positive indicator of past development practices.

However, a significant concern arises from the presence of one AJAX handler that lacks authentication checks. This creates an unprotected entry point into the plugin's functionality, which could be exploited if the handler performs any sensitive operations. While the taint analysis did not reveal critical or high severity issues, the two identified flows with unsanitized paths warrant attention, as they could potentially lead to vulnerabilities depending on the specific code context.

In conclusion, while 'post-extra' v1.3.2 has strong foundational security practices in place, the unprotected AJAX handler represents a clear and present risk that needs immediate remediation. The two identified unsanitized path flows also require review to ensure they do not pose a latent threat. Addressing these specific points would further enhance the plugin's overall security.

Key Concerns

AJAX handler without authentication check
Flows with unsanitized paths detected

Vulnerabilities

None known

PostExtra – News and Magazine Blog Post Blocks for Gutenberg & FSE Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

PostExtra – News and Magazine Blog Post Blocks for Gutenberg & FSE Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5703 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2Freemius1.0

Output Escaping

100% escaped5728 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths

pxtr_pagi_previous_next (includes\post-extra-utils.php:19)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

PostExtra – News and Magazine Blog Post Blocks for Gutenberg & FSE Attack Surface

Entry Points4

Unprotected1

AJAX Handlers 4

authwp_ajax_pxtr_create_temp_typeincludes\admin\admin.php:12

authwp_ajax_pxtr_actionsincludes\admin\admin.php:14

authwp_ajax_admin_install_plugincludes\admin\admin.php:18

authwp_ajax_pxtr_pt_inputincludes\post-extra-site-builder.php:35

WordPress Hooks 54

filterrest_prepare_postblocks\archive-post\archive-post-grid-1\block.php:1182

actionrest_api_initblocks\archive-post\archive-post-grid-1\block.php:1198

filterrest_prepare_postblocks\news-ticker\block.php:498

filterrest_prepare_postblocks\post-blog-1\block.php:795

actionrest_api_initblocks\post-blog-1\block.php:811

filterrest_prepare_postblocks\post-blog-2\block.php:792

actionrest_api_initblocks\post-blog-2\block.php:808

filterrest_prepare_postblocks\post-grid-1\block.php:1161

actionrest_api_initblocks\post-grid-1\block.php:1177

filterrest_prepare_postblocks\post-grid-2\block.php:998

actionrest_api_initblocks\post-grid-2\block.php:1014

filterrest_prepare_postblocks\post-list-1\block.php:1339

actionrest_api_initblocks\post-list-1\block.php:1355

filterrest_prepare_postblocks\post-list-2\block.php:1184

actionrest_api_initblocks\post-list-2\block.php:1200

filterrest_prepare_postblocks\taxonomy\block.php:540

actionadmin_enqueue_scriptsincludes\admin\admin.php:7

actionadmin_menuincludes\admin\admin.php:10

actionadmin_initincludes\admin\admin.php:16

actionadmin_noticesincludes\admin\admin.php:62

filteradmin_footer_textincludes\admin\admin.php:107

actioninitincludes\post-extra-site-builder.php:17

actionadd_meta_boxesincludes\post-extra-site-builder.php:19

actionsave_postincludes\post-extra-site-builder.php:21

actionadmin_print_stylesincludes\post-extra-site-builder.php:23

actionadmin_enqueue_scriptsincludes\post-extra-site-builder.php:25

filtertemplate_includeincludes\post-extra-site-builder.php:28

filtertemplate_includeincludes\post-extra-site-builder.php:30

actionwpincludes\post-extra-site-builder.php:32

actionadd_meta_boxesincludes\post-extra-site-builder.php:33

actionsave_postincludes\post-extra-site-builder.php:34

actionrest_api_initincludes\post-extra-site-builder.php:38

actioncurrent_screenincludes\post-extra-site-builder.php:39

actionadmin_bar_menuincludes\post-extra-site-builder.php:40

actionwp_headincludes\post-extra-site-builder.php:189

actionwp_footerincludes\post-extra-site-builder.php:190

actionget_headerincludes\post-extra-site-builder.php:192

actionget_footerincludes\post-extra-site-builder.php:193

actionadmin_initpost-extra.php:24

actionadmin_noticespost-extra.php:29

filterblock_categories_allpost-extra.php:157

filterblock_categoriespost-extra.php:159

actionenqueue_block_editor_assetspost-extra.php:163

actioninitpost-extra.php:189

actioninitpost-extra.php:198

actionenqueue_block_assetspost-extra.php:559

actionplugins_loadedpost-extra.php:561

actionadmin_enqueue_scriptspost-meta.php:14

actionadmin_enqueue_scriptspost-meta.php:32

actionadmin_print_scriptspost-meta.php:47

actioncategory_add_form_fieldspost-meta.php:61

actioncategory_edit_form_fieldspost-meta.php:79

actioncreated_categorypost-meta.php:94

actionedited_categorypost-meta.php:95

Maintenance & Trust

PostExtra – News and Magazine Blog Post Blocks for Gutenberg & FSE Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 16, 2025

PHP min version7.4

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

PostExtra – News and Magazine Blog Post Blocks for Gutenberg & FSE Alternatives

Post Blocks & Tools

bnm-blocks

Post grid, post list, and post slider Gutenberg blocks to design blog and magazine layouts easily.

300 1 CVE

BoldPost – Gutenberg Post Grid & Layout Blocks

boldpost

100

Display posts beautifully with customizable grids, lists, sliders & category displays. Perfect for blogs, magazines & content-rich sites.

0 No CVEs

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX

ultimate-post

A highly customizable plugin to create news, magazines, and any kind of blog site with post grid, post filter, post slider, and post blocks.

40K 23 CVEs

Advanced Post Block – Showcase Posts with Grid, List, Card Layouts and Filters

advanced-post-block

Advanced Post Block lets you add dynamic post grids, lists, sliders, and tickers. Filter content by category, tag, author, or custom post type.

10K 1 CVE

Latest Posts Block – Dynamic Posts Grid, Posts List, Posts Tile with Stunning Layouts for WordPress Blogs & Pages

latest-posts-block-lite

100

Dynamic Posts Grid, Posts List, Posts Tile with Stunning Layouts for WordPress Blogs & Pages

8K No CVEs

Developer Profile

PostExtra – News and Magazine Blog Post Blocks for Gutenberg & FSE Developer Profile

Anant Sites

10 plugins · 3K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect PostExtra – News and Magazine Blog Post Blocks for Gutenberg & FSE

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/post-extra/assets/css/style.css

Script Paths

/wp-content/plugins/post-extra/build/index.js

Version Parameters

post-extra/assets/css/style.css?ver=post-extra/build/index.js?ver=

HTML / DOM Fingerprints

CSS Classes

post-extra-blockpx-post-gridpx-post-sliderpx-post-listpost-extra-carouselpxtr-image-hover-effectpost-extra-image-hover-1post-extra-image-hover-2+3 more

Data Attributes

data-post-extra-carousel

JS Globals

js_data

FAQ