Does Superb Addons: Blocks, Patterns & Theme Designer for the Block Editor & FSE have any unpatched vulnerabilities?

No. All known vulnerabilities in Superb Addons: Blocks, Patterns & Theme Designer for the Block Editor & FSE have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Superb Addons: Blocks, Patterns & Theme Designer for the Block Editor & FSE Security & Risk Analysis

wordpress.org/plugins/superb-blocks

Create beautiful WordPress websites easily with 10+ blocks, 200+ patterns, 100+ pre-built pages, animations and Theme Designer. No coding needed!

80K active installs v3.7.1 PHP 6.0+ WP 4.9+ Updated Jan 27, 2026

blockblockseditorgutenberggutenberg-blocks

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Superb Addons: Blocks, Patterns & Theme Designer for the Block Editor & FSE Safe to Use in 2026?

Generally Safe

Score 100/100

Superb Addons: Blocks, Patterns & Theme Designer for the Block Editor & FSE has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The superb-blocks plugin v3.7.1 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The plugin demonstrates good security practices by implementing nonce checks for all identified entry points and performing capability checks for its AJAX handlers, indicating an effort to prevent unauthorized access and actions. The absence of direct SQL queries, reliance on prepared statements, and no recorded vulnerabilities in its history are significant strengths. However, a notable area for improvement lies in output escaping, with 26% of outputs not being properly escaped. This presents a potential risk for cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled carefully before being displayed. The presence of file operations and external HTTP requests, while not inherently risky, warrants careful review to ensure these actions are performed securely and do not introduce other attack vectors. Overall, the plugin is well-protected against common vulnerabilities, but the unescaped output percentage is a specific concern that should be addressed.

Key Concerns

Percentage of unescaped outputs is concerning

Vulnerabilities

None known

Superb Addons: Blocks, Patterns & Theme Designer for the Block Editor & FSE Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Superb Addons: Blocks, Patterns & Theme Designer for the Block Editor & FSE Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

214

598 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

Output Escaping

74% escaped812 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<class-wizard-template-preview-controller> (src\admin\controllers\wizard\class-wizard-template-preview-controller.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Superb Addons: Blocks, Patterns & Theme Designer for the Block Editor & FSE Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_superbaddons_newsletter_formsrc\admin\controllers\class-newsletter-signup-controller.php:23

authwp_ajax_spbtic_dismiss_noticesrc\admin\controllers\class-notice-controller.php:77

WordPress Hooks 57

actionadmin_menusrc\admin\controllers\class-dashboard-controller.php:51

actionadmin_menusrc\admin\controllers\class-dashboard-controller.php:52

actionadmin_initsrc\admin\controllers\class-dashboard-controller.php:53

actionadmin_enqueue_scriptssrc\admin\controllers\class-dashboard-controller.php:55

actionadmin_headsrc\admin\controllers\class-dashboard-controller.php:57

actionwp_loadedsrc\admin\controllers\class-dashboard-controller.php:260

actionadmin_footersrc\admin\controllers\class-dashboard-controller.php:370

actionadmin_footersrc\admin\controllers\class-dashboard-controller.php:482

actionadmin_noticessrc\admin\controllers\class-notice-controller.php:76

filterget_block_templatessrc\admin\controllers\wizard\class-wizard-controller.php:62

filterget_block_file_templatesrc\admin\controllers\wizard\class-wizard-controller.php:93

filterget_block_templatessrc\admin\controllers\wizard\class-wizard-controller.php:113

filterget_block_file_templatesrc\admin\controllers\wizard\class-wizard-controller.php:133

actionswitch_themesrc\admin\controllers\wizard\class-wizard-controller.php:152

actionactivated_pluginsrc\admin\controllers\wizard\class-wizard-controller.php:157

actiondeactivated_pluginsrc\admin\controllers\wizard\class-wizard-controller.php:164

actionwp_loadedsrc\admin\controllers\wizard\class-wizard-template-preview-controller.php:33

filterrender_block_contextsrc\admin\controllers\wizard\class-wizard-template-preview-controller.php:77

filterthe_titlesrc\admin\controllers\wizard\class-wizard-template-preview-controller.php:85

filterthe_contentsrc\admin\controllers\wizard\class-wizard-template-preview-controller.php:100

filterthe_postssrc\admin\controllers\wizard\class-wizard-template-preview-controller.php:105

filterpost_thumbnail_htmlsrc\admin\controllers\wizard\class-wizard-template-preview-controller.php:133

filterrender_blocksrc\admin\controllers\wizard\class-wizard-template-preview-controller.php:138

filterthe_contentsrc\admin\controllers\wizard\class-wizard-template-preview-controller.php:239

filterrender_blocksrc\admin\controllers\wizard\class-wizard-template-preview-controller.php:262

actionadmin_footersrc\admin\pages\class-page-additional-css.php:49

filtersafe_style_csssrc\components\slots\class-slot-render-utility.php:51

actionwp_enqueue_scriptssrc\data\controllers\class-css-controller.php:383

actionrest_api_initsrc\data\controllers\class-rest-controller.php:24

filtersafe_style_csssrc\data\utils\class-allowed-template-html-util.php:11

actionelementor/editor/before_enqueue_scriptssrc\elementor\controllers\class-elementor-controller.php:28

actionelementor/editor/footersrc\elementor\controllers\class-elementor-controller.php:29

actionelementor/editor/after_enqueue_stylessrc\elementor\controllers\class-elementor-controller.php:30

actionelementor/preview/enqueue_stylessrc\elementor\controllers\class-elementor-controller.php:31

actioninitsrc\gutenberg\class-gutenberg-block-styles.php:11

actionblock_categories_allsrc\gutenberg\class-gutenberg-controller.php:51

actioninitsrc\gutenberg\class-gutenberg-controller.php:52

actionenqueue_block_editor_assetssrc\gutenberg\class-gutenberg-controller.php:53

actionenqueue_block_assetssrc\gutenberg\class-gutenberg-controller.php:55

actionwp_enqueue_scriptssrc\gutenberg\class-gutenberg-controller.php:56

actionenqueue_block_editor_assetssrc\gutenberg\class-gutenberg-controller.php:58

actionwp_enqueue_scriptssrc\gutenberg\class-gutenberg-controller.php:59

actionwp_print_stylessrc\gutenberg\class-gutenberg-controller.php:60

actionadmin_footersrc\gutenberg\class-gutenberg-controller.php:315

actionadmin_footersrc\gutenberg\class-gutenberg-controller.php:327

filterrender_blocksrc\gutenberg\class-gutenberg-enhancements-controller.php:51

filterrender_blocksrc\gutenberg\class-gutenberg-enhancements-controller.php:52

filterwp_enqueue_scriptssrc\gutenberg\class-gutenberg-enhancements-controller.php:53

filterrest_pre_dispatchsrc\gutenberg\class-gutenberg-enhancements-controller.php:55

actioninitsrc\gutenberg\class-gutenberg-social-icons-controller.php:29

filterblock_core_social_link_get_servicessrc\gutenberg\class-gutenberg-social-icons-controller.php:32

actionwp_enqueue_scriptssrc\gutenberg\class-gutenberg-social-icons-controller.php:34

actionenqueue_block_editor_assetssrc\gutenberg\class-gutenberg-social-icons-controller.php:36

actionenqueue_block_editor_assetssrc\tours\class-tour-controller.php:26

actionelementor/editor/before_enqueue_scriptssrc\tours\class-tour-controller.php:27

actionadmin_footersrc\tours\class-tour-controller.php:66

actionelementor/editor/footersrc\tours\class-tour-controller.php:95

Maintenance & Trust

Superb Addons: Blocks, Patterns & Theme Designer for the Block Editor & FSE Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 27, 2026

PHP min version6.0

Downloads1.2M

Community Trust

Rating96/100

Number of ratings19

Active installs80K

Alternatives

Superb Addons: Blocks, Patterns & Theme Designer for the Block Editor & FSE Alternatives

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

Power-up Gutenberg with advanced blocks for faster website creation. Build your WordPress website effortlessly using powerful building blocks!

1.0M 26 CVEs

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

20+ AI-powered Gutenberg Blocks with endless options, enabling top-notch efficiency for high-performance dynamic website creation.

600K 31 CVEs

Page Builder: Pagelayer – Drag and Drop website builder

pagelayer

The most advanced frontend drag & drop page builder. Pagelayer is a light weight but extremely powerful Website Builder.

400K 25 CVEs

GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor

gutenkit-blocks-addon

GutenKit – Ultimate no-code Gutenberg blocks to design stunning web pages and visually stunning posts in WordPress block editor.

70K 3 CVEs

Getwid – Gutenberg Blocks

getwid

40+ Gutenberg Blocks, plus multiple pre-made free block templates for the WordPress block editor.

50K 11 CVEs

Developer Profile

Superb Addons: Blocks, Patterns & Theme Designer for the Block Editor & FSE Developer Profile

Suplugins

6 plugins · 108K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

197 days

View full developer profile

Detection Fingerprints

How We Detect Superb Addons: Blocks, Patterns & Theme Designer for the Block Editor & FSE

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/superb-blocks/build/admin-menu.css/wp-content/plugins/superb-blocks/build/style.css/wp-content/plugins/superb-blocks/build/admin.js/wp-content/plugins/superb-blocks/build/dashboard.js/wp-content/plugins/superb-blocks/build/frontend.js/wp-content/plugins/superb-blocks/build/wizard.js

Script Paths

/wp-content/plugins/superb-blocks/build/admin-menu.js/wp-content/plugins/superb-blocks/build/admin.js/wp-content/plugins/superb-blocks/build/dashboard.js/wp-content/plugins/superb-blocks/build/frontend.js/wp-content/plugins/superb-blocks/build/wizard.js

Version Parameters

superb-blocks/build/admin-menu.css?ver=superb-blocks/build/style.css?ver=superb-blocks/build/admin.js?ver=superb-blocks/build/dashboard.js?ver=superb-blocks/build/frontend.js?ver=superb-blocks/build/wizard.js?ver=

HTML / DOM Fingerprints

CSS Classes

superbaddons-get-premiumsuperbaddons-page-wizardsuperbaddons-admin-page-contentsuperbaddons-header-titlesuperbaddons-admin-navigation

HTML Comments

+1 more

Data Attributes

data-superbaddons-wizarddata-superbaddons-modal-trigger

JS Globals

superb_addons_admin_menu_paramssuperb_addons_dashboard_paramssuperb_addons_frontend_paramssuperb_addons_wizard_params

REST Endpoints

/wp-json/superbaddons/v1/settings/wp-json/superbaddons/v1/wizard

Shortcode Output

[superb_block type="button"[superb_block type="testimonial"[superb_block type="pricing"[superb_block type="accordion"

FAQ