Does Options for Block Themes have any unpatched vulnerabilities?

No. All known vulnerabilities in Options for Block Themes have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Options for Block Themes compatible with WordPress 6.9.4?

According to WordPress.org data, Options for Block Themes 1.4.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Options for Block Themes compatible with PHP 5.6+?

Options for Block Themes requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Options for Block Themes updated?

Options for Block Themes was last updated on Feb 24, 2026. Frequent updates are generally a positive security signal.

What is Options for Block Themes's security score?

Options for Block Themes has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Options for Block Themes Security & Risk Analysis

wordpress.org/plugins/template-editor

Adds options to core blocks and allows import / export of global styles, templates and template parts!

200 active installs v1.4.6 PHP 5.6+ WP 5.8+ Updated Feb 24, 2026

block-optionsblock-themeglobal-stylestemplate-partstemplates

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Options for Block Themes Safe to Use in 2026?

Generally Safe

Score 100/100

Options for Block Themes has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The template-editor plugin v1.4.6 exhibits a concerning security posture due to a large number of unprotected AJAX handlers, representing its primary attack surface. While the static analysis shows no critical or high severity taint flows and a strong adherence to output escaping, the complete absence of authorization checks on all identified AJAX endpoints is a significant weakness. This means any authenticated user could potentially interact with these functions, opening the door to unauthorized actions if the plugin's logic is not inherently robust against such scenarios. The plugin's clean vulnerability history with zero recorded CVEs is a positive indicator, suggesting past development has been relatively secure or vulnerabilities have been promptly addressed. However, this historical lack of issues should not overshadow the present risks identified in the code analysis. The presence of raw SQL queries without prepared statements, although only one, is also a minor concern that could lead to SQL injection if user input is ever incorporated into this query without proper sanitization.

Key Concerns

9 AJAX handlers without auth checks
1 SQL query, 0% using prepared statements

Vulnerabilities

None known

Options for Block Themes Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Options for Block Themes Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

386 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

98% escaped392 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

settings_page (template-editor.php:571)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

9 unprotected

Options for Block Themes Attack Surface

Entry Points9

Unprotected9

AJAX Handlers 9

authwp_ajax_te_savetemplate-editor.php:46

authwp_ajax_te_deletetemplate-editor.php:47

authwp_ajax_te_download_wp_templatetemplate-editor.php:48

authwp_ajax_te_upload_wp_templatetemplate-editor.php:49

authwp_ajax_te_upload_wp_template_parttemplate-editor.php:50

authwp_ajax_te_download_wp_global_stylestemplate-editor.php:51

authwp_ajax_te_global_styles_deletetemplate-editor.php:52

authwp_ajax_te_upload_wp_global_stylestemplate-editor.php:53

authwp_ajax_dismiss_te_notice_handlertemplate-editor.php:56

WordPress Hooks 15

filterplugin_row_metaincludes\class-te-common.php:293

actionafter_setup_themetemplate-editor.php:32

actioncustomize_registertemplate-editor.php:38

actionadmin_inittemplate-editor.php:44

actionadmin_menutemplate-editor.php:45

actionadmin_noticestemplate-editor.php:55

actionwp_headtemplate-editor.php:60

actionwp_footertemplate-editor.php:61

actionwp_enqueue_scriptstemplate-editor.php:65

filterwp_theme_json_data_themetemplate-editor.php:66

filterregister_block_type_argstemplate-editor.php:67

actionenqueue_block_editor_assetstemplate-editor.php:68

filterrender_blocktemplate-editor.php:69

filterwp_theme_json_data_themetemplate-editor.php:2209

actionadmin_noticestemplate-editor.php:3085

Maintenance & Trust

Options for Block Themes Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 24, 2026

PHP min version5.6

Downloads14K

Community Trust

Rating100/100

Number of ratings4

Active installs200

Alternatives

Options for Block Themes Alternatives

Design Import/Export – Styles, Templates, Template Parts and Patterns

design-import-export

Quickly and easily import and export your block based full site editing theme design: global/custom styles, templates, template parts and patterns.

200 1 CVE

Template Part Shortcode

template-part-shortcode

A (very) simple WordPress plugin for embedding template parts in your content.

100 No CVEs

Theme Structure Visualiser

theme-structure-visualiser

Helps visualise the template structure of a theme

0 No CVEs

Starter Templates – AI-Powered Templates for Elementor & Gutenberg

astra-sites

The growing library of 300+ ready-to-use templates that work with all WordPress themes including Astra, Hello, OceanWP, GeneratePress and more

2.0M 7 CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Developer Profile

Options for Block Themes Developer Profile

Oliver Campion

12 plugins · 43K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

869 days

View full developer profile

Detection Fingerprints

How We Detect Options for Block Themes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/template-editor/js/block-options.js/wp-content/plugins/template-editor/js/block-logic.js

Script Paths

/wp-content/plugins/template-editor/js/block-options.js/wp-content/plugins/template-editor/js/block-logic.js

Version Parameters

template-editor/js/block-options.js?ver=template-editor/js/block-logic.js?ver=

HTML / DOM Fingerprints

CSS Classes

has-expandable-modal-submenushas-overlay-menu-on-scrollhas-full-block-linkhas-close-other-details-when-opened

Data Attributes

data-ofbt-options

JS Globals

block_options_object

REST Endpoints

/wp-json/template-editor/v1/templates/wp-json/template-editor/v1/template-parts/wp-json/template-editor/v1/global-styles

FAQ