WP-Safety

SVG Block Security & Risk Analysis

wordpress.org/plugins/svg-block

Display an SVG image as a block, which can be used for displaying images, icons, dividers, buttons

4K active installs v1.2.3 PHP 7.1+ WP 6.5+ Updated Nov 19, 2025
blockbuttoniconimagesvg
99
A · Safe
CVEs total2
Unpatched0
Last CVENov 18, 2024
Plugin page Download
Safety Verdict

Is SVG Block Safe to Use in 2026?

Generally Safe

Score 99/100

SVG Block has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Nov 18, 2024Updated 4mo ago
Risk Assessment

The "svg-block" plugin, version 1.2.3, demonstrates a generally good security posture based on the static analysis. The absence of dangerous functions, proper escaping of all output, and the exclusive use of prepared statements for SQL queries are positive indicators. Furthermore, the plugin has no external HTTP requests and its single REST API route is protected by permission callbacks. The attack surface is minimal and appears to be secured.

However, the plugin's vulnerability history is a significant concern. With two previously disclosed medium-severity vulnerabilities, both related to Cross-Site Scripting (XSS), it suggests a recurring pattern of input sanitization issues. While the current version has no unpatched vulnerabilities, the history indicates that developers may struggle with effectively neutralizing user-supplied input, leading to potential security flaws.

In conclusion, while the current static analysis reveals no immediate critical or high-severity flaws, the past vulnerability history warrants caution. The plugin's developers have shown a capacity to fix vulnerabilities, but the recurrence of XSS issues highlights an area that requires continued vigilance and robust security testing.

Key Concerns

  • Previous medium XSS vulnerabilities (2)
  • No nonce checks on entry points
Vulnerabilities
2

SVG Block Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-11098medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SVG Block <= 1.1.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload

Nov 18, 2024 Patched in 1.1.25 (1d)
CVE-2024-4269medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SVG Block <= 1.1.19 - Authenticated (Author+) Stored Cross-Site Scripting via SVG

Jun 22, 2024 Patched in 1.1.20 (6d)
Code Analysis
Analyzed Mar 17, 2026

SVG Block Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
4 escaped
Nonce Checks
0
Capability Checks
1
File Operations
3
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped4 total outputs
Attack Surface

SVG Block Attack Surface

Entry Points1
Unprotected0

REST API Routes 1

GET/wp-json/svgblock/v1/getIconLibrary/includes\icon-library.php:133
WordPress Hooks 10
actionrest_api_initincludes\icon-library.php:105
filterupload_mimesincludes\icon-library.php:110
filterwp_handle_sideload_prefilterincludes\icon-library.php:113
filterwp_handle_upload_prefilterincludes\icon-library.php:116
actionadmin_headincludes\icon-library.php:119
filterwp_update_attachment_metadataincludes\icon-library.php:122
actionrender_block_boldblocks/svg-blockincludes\style.php:66
actionenqueue_block_assetsincludes\style.php:69
filterrender_block_boldblocks/svg-blockincludes\style.php:72
actioninitsvg-block.php:36
Maintenance & Trust

SVG Block Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedNov 19, 2025
PHP min version7.1
Downloads46K

Community Trust

Rating100/100
Number of ratings14
Active installs4K
Alternatives

SVG Block Alternatives

The Icon Block

The Icon Block

icon-block

A
100

Easily add SVG icons and graphics to the WordPress block editor.

30K No CVEs
JVM Rich Text Icons

JVM Rich Text Icons

jvm-rich-text-icons

A
98

Insert icons anywhere in your content — inline in text, headings, buttons, or as a standalone block.

3K 2 CVEs
Icon Separator

Icon Separator

icon-separator

A
100

A simple, lightweight, accessibility-ready icon separator block.

1K No CVEs
Block Enhancements – Extended styling for the Block Editor

Block Enhancements – Extended styling for the Block Editor

block-enhancements

A
100

Add icon, responsive spacing, typography, alignment, shadow, transform, transition, color, hover style to blocks. Lightweight, fast, and clean.

600 No CVEs
OH MY Svg

OH MY Svg

oh-my-svg

A
85

Add any svg to your website with the superpowers of the block editor. Out-of-the-box security and speed optimization!

200 No CVEs
Developer Profile

SVG Block Developer Profile

Phi Phan

8 plugins · 27K total installs

100
trust score
Avg Security Score
100/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect SVG Block

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/svg-block/build/index.js/wp-content/plugins/svg-block/build/index.css
Script Paths
/wp-content/plugins/svg-block/build/index.js
Version Parameters
svg-block/build/index.css?ver=svg-block/build/index.js?ver=

HTML / DOM Fingerprints

CSS Classes
sm-svg-margin-topsm-svg-margin-rightsm-svg-margin-bottomsm-svg-margin-leftmd-svg-margin-topmd-svg-margin-rightmd-svg-margin-bottommd-svg-margin-left+31 more
Data Attributes
aria-labelledbyaria-describedbyrole="img"
JS Globals
window.wp
FAQ

Frequently Asked Questions about SVG Block