WP-Safety

Premium Blocks – Gutenberg Blocks, Patterns & Templates Security & Risk Analysis

wordpress.org/plugins/premium-blocks-for-gutenberg

Premium Blocks for Gutenberg: Free Gutenberg blocks packed with performance-optimized tools, global styling options, responsive controls, pre-built te …

2K active installs v2.3.11 PHP 7.0+ WP 5.0+ Updated Apr 8, 2026
block-editorblocksgutenberggutenberg-addons
98
A · Safe
CVEs total3
Unpatched0
Last CVEDec 30, 2024
Plugin page Download
Safety Verdict

Is Premium Blocks – Gutenberg Blocks, Patterns & Templates Safe to Use in 2026?

Generally Safe

Score 98/100

Premium Blocks – Gutenberg Blocks, Patterns & Templates has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Dec 30, 2024Updated 1mo ago
Risk Assessment

The "premium-blocks-for-gutenberg" plugin v2.3.9 presents a mixed security posture. While the plugin demonstrates several good security practices, such as 100% use of prepared statements for SQL queries and a significant majority of outputs being properly escaped, there are notable areas of concern. The presence of 3 AJAX handlers without authentication checks directly exposes these entry points to unauthenticated attackers. Furthermore, the use of the `unserialize` function is a critical risk, as it can lead to Remote Code Execution if the serialized data originates from an untrusted source. Although taint analysis did not reveal critical or high-severity flows, the 8 flows with unsanitized paths warrant attention, suggesting potential for vulnerabilities if these paths are combined with other weaknesses.

The plugin's vulnerability history, with 3 medium-severity CVEs, all related to Cross-site Scripting (XSS), indicates a recurring pattern of input sanitization weaknesses. While there are currently no unpatched CVEs, this history suggests a tendency for XSS vulnerabilities to emerge. The fact that these vulnerabilities were also medium-severity means they likely required some level of user interaction or specific conditions to be exploited, but they are still significant. The plugin benefits from a lack of bundled libraries, reducing the risk of using outdated and vulnerable third-party code. However, the substantial attack surface, particularly the unprotected AJAX endpoints, combined with the `unserialize` function and past XSS issues, necessitates careful consideration of its security.

Key Concerns

  • AJAX handlers without authentication checks
  • Use of dangerous function: unserialize
  • Medium severity CVE history (3 total)
  • Flows with unsanitized paths
Vulnerabilities
3 published

Premium Blocks – Gutenberg Blocks, Patterns & Templates Security Vulnerabilities

CVEs by Year

3 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2024-56245medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Premium Blocks – Gutenberg Blocks for WordPress <= 2.1.42 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 30, 2024 Patched in 2.1.43 (10d)
CVE-2024-47368medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Premium Blocks – Gutenberg Blocks for WordPress <= 2.1.33 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 30, 2024 Patched in 2.1.34 (11d)
CVE-2024-37519medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Premium Blocks – Gutenberg Blocks for WordPress <= 2.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 5, 2024 Patched in 2.1.28 (6d)
Version History

Premium Blocks – Gutenberg Blocks, Patterns & Templates Release Timeline

v2.3.11Current
v2.3.10
v2.3.9
v2.3.8
v2.3.7
v2.3.6
v2.3.5
v2.3.4
v2.3.3
v2.3.2
v2.3.1
v2.3.0
v2.2.24
v2.2.23
v2.2.22
v2.2.21
v2.2.20
v2.2.19
v2.2.18
v2.2.17
Code Analysis
Analyzed Mar 16, 2026

Premium Blocks – Gutenberg Blocks, Patterns & Templates Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
8 prepared
Unescaped Output
43
179 escaped
Nonce Checks
15
Capability Checks
6
File Operations
8
External Requests
23
Bundled Libraries
0

Dangerous Functions Found

unserialize$location_data = unserialize( rplg_urlopen( 'http://www.geoplugin.net/php.gp?ip=' . $ip_address )['dclasses\class-pbg-display-conditions.php:475

SQL Query Safety

100% prepared8 total queries

Output Escaping

81% escaped222 total outputs
Data Flows · Security
8 unsanitized

Data Flow Analysis

14 flows8 with unsanitized paths
<post> (blocks-config\post.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Premium Blocks – Gutenberg Blocks, Patterns & Templates Attack Surface

Entry Points23
Unprotected3

AJAX Handlers 23

authwp_ajax_pb_handle_feedback_actionadmin\includes\feedback.php:32
noprivwp_ajax_pb-panel-update-optionadmin\includes\pb-panel\class-pb-panel.php:54
authwp_ajax_pb-panel-update-optionadmin\includes\pb-panel\class-pb-panel.php:56
noprivwp_ajax_pb-panel-update-settingsadmin\includes\pb-panel\class-pb-panel.php:58
authwp_ajax_pb-panel-update-settingsadmin\includes\pb-panel\class-pb-panel.php:60
noprivwp_ajax_pb-panel-update-global-featuresadmin\includes\pb-panel\class-pb-panel.php:62
authwp_ajax_pb-panel-update-global-featuresadmin\includes\pb-panel\class-pb-panel.php:64
authwp_ajax_pb-panel-update-performance-optionsadmin\includes\pb-panel\class-pb-panel.php:66
authwp_ajax_pb-panel-integrations-optionsadmin\includes\pb-panel\class-pb-panel.php:68
authwp_ajax_pb-mail-subscribeadmin\includes\pb-panel\class-pb-panel.php:77
authwp_ajax_premium_form_submitclasses\class-pbg-blocks-helper.php:229
noprivwp_ajax_premium_form_submitclasses\class-pbg-blocks-helper.php:230
authwp_ajax_pbg_filter_postsclasses\class-pbg-blocks-helper.php:233
noprivwp_ajax_pbg_filter_postsclasses\class-pbg-blocks-helper.php:234
authwp_ajax_pbg_paginate_postsclasses\class-pbg-blocks-helper.php:237
noprivwp_ajax_pbg_paginate_postsclasses\class-pbg-blocks-helper.php:238
authwp_ajax_premium_blocks_get_mailchimp_listsclasses\class-pbg-blocks-helper.php:241
authwp_ajax_pbg_editor_get_mailchimp_list_merge_fieldsclasses\class-pbg-blocks-helper.php:244
authwp_ajax_premium_blocks_get_mailerlite_groupsclasses\class-pbg-blocks-helper.php:247
authwp_ajax_pbg-get-instagram-tokenclasses\class-pbg-blocks-integrations.php:43
authwp_ajax_pbg-get-instagram-feedclasses\class-pbg-blocks-integrations.php:44
authwp_ajax_pbg-get-mailchimp-listsclasses\class-pbg-blocks-integrations.php:46
authwp_ajax_pbg-get_mailchimp_list_merge_fieldsclasses\class-pbg-blocks-integrations.php:48
WordPress Hooks 74
actionadmin_footer-plugins.phpadmin\includes\feedback.php:31
actionadmin_menuadmin\includes\pb-panel\class-pb-panel.php:70
filterpb_optionsadmin\includes\pb-panel\class-pb-panel.php:71
filterpb_settingsadmin\includes\pb-panel\class-pb-panel.php:72
filterpb_global_featuresadmin\includes\pb-panel\class-pb-panel.php:73
filterpb_performance_optionsadmin\includes\pb-panel\class-pb-panel.php:74
filterpb_integrations_optionsadmin\includes\pb-panel\class-pb-panel.php:75
actionadmin_post_premium_gutenberg_rollbackadmin\includes\pb-panel\class-pb-panel.php:76
actionadmin_enqueue_scriptsadmin\includes\pb-panel\class-pb-panel.php:78
filterpremium_accordion_localize_datablocks-config\accordion\index.php:172
filterpremium_equal_height_localize_scriptblocks-config\container\index.php:276
filterpremium_form_localize_scriptblocks-config\form\index.php:654
filterpremium_gallery_localize_scriptblocks-config\gallery\index.php:62
filterpbg_instagram_feed_has_errorblocks-config\instagram-feed-posts\index.php:301
filterpbg_instagram_feed_has_errorblocks-config\instagram-feed-posts\index.php:310
filterpbg_instagram_feed_has_errorblocks-config\instagram-feed-posts\index.php:332
filterpbg_instagram_feed_has_errorblocks-config\instagram-feed-posts\index.php:339
filterpbg_instagram_feed_has_errorblocks-config\instagram-feed-posts\index.php:348
filterpbg_instagram_feed_has_errorblocks-config\instagram-feed-posts\index.php:354
filterpremium_instagram_feed_localize_scriptblocks-config\instagram-feed-posts\index.php:580
filterpbg_instagram_feed_has_errorblocks-config\instagram-feed-posts\index.php:628
filterpremium_google_maps_localize_scriptblocks-config\maps\index.php:307
filterpremium_one_page_scroll_localize_scriptblocks-config\one-page-scroll\index.php:325
filterpbg_post_grid_localize_scriptblocks-config\post.php:146
filterpremium-svg-draw-localize-datablocks-config\svg-draw\index.php:216
filterupload_mimesclasses\class-pbg-blocks-helper.php:200
filterwp_check_filetype_and_extclasses\class-pbg-blocks-helper.php:201
actioninitclasses\class-pbg-blocks-helper.php:203
actionenqueue_block_editor_assetsclasses\class-pbg-blocks-helper.php:205
actionenqueue_block_assetsclasses\class-pbg-blocks-helper.php:209
actionwp_enqueue_scriptsclasses\class-pbg-blocks-helper.php:211
filterblock_categories_allclasses\class-pbg-blocks-helper.php:213
actionenqueue_block_editor_assetsclasses\class-pbg-blocks-helper.php:215
actionwp_headclasses\class-pbg-blocks-helper.php:217
filterrender_blockclasses\class-pbg-blocks-helper.php:219
filterPremium_BLocks_mobile_media_queryclasses\class-pbg-blocks-helper.php:221
filterPremium_BLocks_tablet_media_queryclasses\class-pbg-blocks-helper.php:222
filterPremium_BLocks_desktop_media_queryclasses\class-pbg-blocks-helper.php:223
filterrender_blockclasses\class-pbg-blocks-helper.php:226
actionsave_postclasses\class-pbg-blocks-helper.php:250
actioninitclasses\class-pbg-blocks-helper.php:252
actionwp_enqueue_scriptsclasses\class-pbg-blocks-helper.php:256
actionenqueue_block_assetsclasses\class-pbg-blocks-helper.php:259
actionwp_enqueue_scriptsclasses\class-pbg-blocks-helper.php:262
actionenqueue_block_assetsclasses\class-pbg-blocks-helper.php:265
filteroptml_dont_replace_urlclasses\class-pbg-blocks-helper.php:267
actionwp_headclasses\class-pbg-blocks-helper.php:414
actionenqueue_block_editor_assetsclasses\class-pbg-display-conditions.php:44
filterrender_blockclasses\class-pbg-display-conditions.php:48
actioninitclasses\class-pbg-display-conditions.php:52
filterregister_block_type_argsclasses\class-pbg-display-conditions.php:55
actioninitclasses\class-pbg-entrance-animation.php:44
filterregister_block_type_argsclasses\class-pbg-entrance-animation.php:47
filterblock_type_metadataclasses\class-pbg-entrance-animation.php:50
actionrest_api_initclasses\class-rest-api.php:41
actioninitclasses\class-rest-api.php:42
actioninitclasses\class-rest-api.php:43
filterregister_post_type_argsclasses\class-rest-api.php:44
actionenqueue_block_editor_assetsglobal-settings\class-pbg-global-settings.php:52
actioninitglobal-settings\class-pbg-global-settings.php:53
actionenqueue_block_assetsglobal-settings\class-pbg-global-settings.php:54
filterrender_blockglobal-settings\class-pbg-global-settings.php:55
filterbody_classglobal-settings\class-pbg-global-settings.php:56
filterrest_endpointsglobal-settings\class-pbg-global-settings.php:57
actionpbg_delete_fonts_folderincludes\google-fonts\class-pbg-webfont-loader.php:127
actionplugins_loadedincludes\plugin.php:37
filterwp_img_tag_add_loading_attrincludes\plugin.php:38
actionwp_headincludes\premium-blocks-css.php:89
actionwp_footerincludes\premium-blocks-css.php:90
actionadmin_initincludes\premium-gutenberg-templates.php:89
actionrest_api_initincludes\premium-gutenberg-templates.php:91
actionenqueue_block_assetsincludes\premium-gutenberg-templates.php:93
actionin_admin_headerincludes\wp-db-pointer.php:14
actionadmin_initincludes\wp-db-pointer.php:74

Scheduled Events 1

pbg_delete_fonts_folder
Maintenance & Trust

Premium Blocks – Gutenberg Blocks, Patterns & Templates Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 8, 2026
PHP min version7.0
Downloads369K

Community Trust

Rating96/100
Number of ratings41
Active installs2K
Alternatives

Premium Blocks – Gutenberg Blocks, Patterns & Templates Alternatives

Styble – Gutenberg Blocks Plugin and Page Builder Gutenberg Editor

Styble – Gutenberg Blocks Plugin and Page Builder Gutenberg Editor

styble

A
100

Styble enhances your Gutenberg editor with powerful and easy-to-use blocks that let you build innovative and engaging websites faster and easier.

50 No CVEs
GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor

GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor

gutenkit-blocks-addon

A
93

GutenKit – Ultimate no-code Gutenberg blocks to design stunning web pages and visually stunning posts in WordPress block editor.

70K 3 CVEs
Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor

Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor

ultimate-blocks

A
96

Create Better Content With The Block Editor. Custom Blocks for Bloggers and Content Marketers.

50K 14 CVEs
PublishPress Blocks – Block Controls, Block Visibility, Block Permissions

PublishPress Blocks – Block Controls, Block Visibility, Block Permissions

advanced-gutenberg

A
93

PublishPress Blocks is your complete solution for the WordPress block editor. You can control block permissions, styles, visibility, usage and more.

20K 3 CVEs
BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library

BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library

blockart-blocks

A
95

Enhance the power of your WordPress editor with the dynamic Gutenberg blocks by BlockArt Blocks. Build any layout imaginable.

10K 4 CVEs
Developer Profile

Premium Blocks – Gutenberg Blocks, Patterns & Templates Developer Profile

Leap13

5 plugins · 702K total installs

85
trust score
Avg Security Score
95/100
Avg Patch Time
83 days
View full developer profile
Detection Fingerprints

How We Detect Premium Blocks – Gutenberg Blocks, Patterns & Templates

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/premium-blocks-for-gutenberg/admin/assets/dashboard.css/wp-content/plugins/premium-blocks-for-gutenberg/admin/assets/js/pb-dashboard.js
Script Paths
/wp-content/plugins/premium-blocks-for-gutenberg/admin/assets/js/pb-dashboard.js
Version Parameters
/wp-content/plugins/premium-blocks-for-gutenberg/admin/assets/js/pb-dashboard.js?ver=1.0.0

HTML / DOM Fingerprints

CSS Classes
pb-panelpb-panel-menu-link
HTML Comments
<!-- Admin menu --><!-- Admin menu Item -->
Data Attributes
data-panel-slug="pb_panel"
JS Globals
pbgData
REST Endpoints
/wp-json/kemet/v1/add
FAQ

Frequently Asked Questions about Premium Blocks – Gutenberg Blocks, Patterns & Templates