Does Static Block have any unpatched vulnerabilities?

No. All known vulnerabilities in Static Block have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Static Block compatible with WordPress 5.7.15?

According to WordPress.org data, Static Block 2.2 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

How often is Static Block updated?

Static Block was last updated on Mar 10, 2021. Frequent updates are generally a positive security signal.

What is Static Block's security score?

Static Block has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Static Block Security & Risk Analysis

wordpress.org/plugins/static-block

Create Static Block/Content which is use in posts, page, themes, custom posts, widgets.

2K active installs v2.2 PHP + WP 3.8+ Updated Mar 10, 2021

block-contentstatic-blockstatic-block-contentwordpress-block-content

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Static Block Safe to Use in 2026?

Generally Safe

Score 85/100

Static Block has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The "static-block" plugin v2.2 exhibits a generally strong security posture based on the provided static analysis. It correctly utilizes prepared statements for all SQL queries and includes nonce and capability checks, indicating an awareness of common WordPress security best practices. The absence of dangerous functions, file operations, and external HTTP requests further bolsters its security. The vulnerability history is clean, with no recorded CVEs, which suggests a history of secure development or effective patching if vulnerabilities did arise.

However, a notable concern is the low percentage of properly escaped output. With 19% of 53 outputs being properly escaped, there's a significant risk of Cross-Site Scripting (XSS) vulnerabilities. While the taint analysis shows no flows with unsanitized paths, the lack of robust output sanitization could still allow for XSS to be injected through user-controllable data that is later displayed without proper encoding. The limited attack surface (two shortcodes) is a positive, but the lack of specific details on what these shortcodes do makes a definitive assessment challenging.

In conclusion, while the "static-block" plugin has a solid foundation in terms of SQL, auth checks, and a clean vulnerability history, the high proportion of unescaped output is a significant weakness that requires immediate attention. Addressing this would elevate the plugin's security significantly. The current findings indicate a plugin that is largely secure in its core functionality but has a critical area for improvement regarding output sanitization.

Key Concerns

Low percentage of properly escaped output

Vulnerabilities

None known

Static Block Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Static Block Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

10 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

19% escaped53 total outputs

Attack Surface

Static Block Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[static_block_content] static-block.php:277

[static_block_thumbnail] static-block.php:316

WordPress Hooks 10

actioninitstatic-block.php:63

actionadmin_headstatic-block.php:65

actionadmin_menustatic-block.php:77

actionsave_poststatic-block.php:209

actionadmin_initstatic-block.php:211

filtermanage_edit-static-block_columnsstatic-block.php:216

actionmanage_static-block_posts_custom_columnstatic-block.php:217

filtermedia_buttonsstatic-block.php:318

actionadmin_footerstatic-block.php:319

actionwidgets_initwidget.php:137

Maintenance & Trust

Static Block Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15

Last updatedMar 10, 2021

PHP min version

Downloads18K

Community Trust

Rating92/100

Number of ratings5

Active installs2K

Alternatives

Static Block Alternatives

ContentLock

contentlock

Secure access to your content (Pages, Posts, or Custom Post Types) with ContentLock's email-based two-step verification!

0 3 CVEs

Developer Profile

Static Block Developer Profile

MohammadTanzilurRahman

2 plugins · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Static Block

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/static-block/

Script Paths

/wp-content/plugins/static-block/widget.php

HTML / DOM Fingerprints

CSS Classes

portfolio_meta_controlfull-text

Data Attributes

name="tr_start_date"name="tr_start_date_hour"name="tr_start_date_minute"name="tr_end_date"name="tr_end_date_hour"name="tr_end_date_minute"

REST Endpoints

/wp-json/wp/v2/static-block

Shortcode Output

[static_block_content id="[static_block_thumbnail id="

FAQ