Does UiCore Blocks – Free WordPress Gutenberg Blocks have any unpatched vulnerabilities?

No. All known vulnerabilities in UiCore Blocks – Free WordPress Gutenberg Blocks have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is UiCore Blocks – Free WordPress Gutenberg Blocks compatible with WordPress 6.9.0?

According to WordPress.org data, UiCore Blocks – Free WordPress Gutenberg Blocks 1.0.11 has been tested up to WordPress 6.9.0. Check the plugin's changelog for the latest compatibility information.

Is UiCore Blocks – Free WordPress Gutenberg Blocks compatible with PHP 7.4+?

UiCore Blocks – Free WordPress Gutenberg Blocks requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is UiCore Blocks – Free WordPress Gutenberg Blocks's security score?

UiCore Blocks – Free WordPress Gutenberg Blocks has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

UiCore Blocks – Free WordPress Gutenberg Blocks Security & Risk Analysis

wordpress.org/plugins/uicore-blocks

Gutenberg on Steroids! Extend your editor with powerful, flexible, and modular blocks to unlock limitless design possibilities.

400 active installs v1.0.11 PHP 7.4+ WP 5.8+ Updated Jan 29, 2026

blockseditorgutenberg-blocks

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is UiCore Blocks – Free WordPress Gutenberg Blocks Safe to Use in 2026?

Generally Safe

Score 100/100

UiCore Blocks – Free WordPress Gutenberg Blocks has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The uicore-blocks plugin v1.0.12 demonstrates a generally strong security posture with several good practices in place. The absence of known CVEs and a lack of critical or high-severity issues in its vulnerability history is a positive indicator. Furthermore, the code shows excellent adherence to secure coding standards with 100% of SQL queries using prepared statements and 96% of output being properly escaped, significantly mitigating risks of common web vulnerabilities like SQL injection and cross-site scripting.

However, there are specific areas that warrant attention. The plugin exposes 11 REST API routes, and one of these lacks proper permission callbacks. This creates a potential entry point for unauthorized actions if the functionality it exposes is sensitive. The lack of any nonce checks across its entry points, particularly concerning given the presence of unprotected REST API routes, is a notable weakness. This could allow for cross-site request forgery (CSRF) attacks if the exposed functionality is state-changing.

In conclusion, while the plugin benefits from a clean vulnerability history and robust practices in SQL and output handling, the unprotected REST API route and the absence of nonce checks represent the most significant security concerns. Addressing these specific weaknesses would further strengthen the plugin's overall security. The static analysis did not reveal any critical or high-severity taint flows, which is reassuring, but the potential for CSRF remains.

Key Concerns

REST API route without permission callback
Zero nonce checks for entry points

Vulnerabilities

None known

UiCore Blocks – Free WordPress Gutenberg Blocks Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

UiCore Blocks – Free WordPress Gutenberg Blocks Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

50 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

96% escaped52 total outputs

Attack Surface

1 unprotected

UiCore Blocks – Free WordPress Gutenberg Blocks Attack Surface

Entry Points11

Unprotected1

REST API Routes 11

POST/wp-json/uicore-blocks/v1settingsincludes\class-rest-api.php:22

GET/wp-json/uicore-blocks/v1globalsincludes\class-rest-api.php:30

POST/wp-json/uicore-blocks/v1globalsincludes\class-rest-api.php:36

POST/wp-json/uicore-blocks/v1quick-actionsincludes\class-rest-api.php:44

GET/wp-json/uicore-blocks/v1quick-actionsincludes\class-rest-api.php:50

GET/wp-json/uicore-blocks/v1get-editor-fontsincludes\class-rest-api.php:58

POST/wp-json/uicore-blocks/v1save-stylesincludes\class-rest-api.php:66

POST/wp-json/uicore-blocks/v1form-submissionincludes\class-rest-api.php:74

POST/wp-json/uicore-blocks/v1import-imagesincludes\class-rest-api.php:82

POST/wp-json/uicore-blocks/v1post-no-commentsincludes\class-rest-api.php:90

GET/wp-json/uicore-blocks/v1post-terms-acf-fieldsincludes\class-rest-api.php:98

WordPress Hooks 37

actionenqueue_block_assetsincludes\class-admin.php:19

filteradmin_body_classincludes\class-admin.php:21

actionadmin_enqueue_scriptsincludes\class-assets.php:15

actionwp_enqueue_scriptsincludes\class-assets.php:17

filterstyle_loader_tagincludes\class-assets.php:19

filterscript_loader_tagincludes\class-assets.php:20

filterrender_blockincludes\class-blocks-dynamic-content.php:18

actionpre_get_postsincludes\class-blocks-dynamic-content.php:20

actionsave_postincludes\class-blocks-save.php:15

actionsave_postincludes\class-blocks-save.php:16

actionrest_after_save_widgetincludes\class-blocks-save.php:17

actionrest_delete_widgetincludes\class-blocks-save.php:18

actionsave_postincludes\class-blocks-save.php:60

filterblock_categories_allincludes\class-blocks.php:20

actioninitincludes\class-blocks.php:22

actionrest_api_initincludes\class-blocks.php:23

actionadmin_enqueue_scriptsincludes\class-blocks.php:24

actionadmin_menuincludes\class-dashboard.php:19

actionadmin_initincludes\class-dashboard.php:20

actionwp_enqueue_scriptsincludes\class-frontend.php:22

filteruicore_css_global_critical_filesincludes\class-frontend.php:25

actionwp_enqueue_scriptsincludes\class-frontend.php:29

actionwp_enqueue_scriptsincludes\class-frontend.php:32

filtershould_load_separate_core_block_assetsincludes\class-frontend.php:35

actionwp_print_stylesincludes\class-frontend.php:38

actionenqueue_block_assetsincludes\class-frontend.php:40

actiondynamic_sidebar_beforeincludes\class-frontend.php:50

filterwp_preload_resourcesincludes\class-frontend.php:52

filteruicore_css_critical_global_code_stringincludes\class-global-styles.php:15

actionrest_api_initincludes\class-query-filters.php:15

filterposts_whereincludes\class-query-filters.php:16

actionrest_api_initincludes\class-rest-api.php:17

filterrender_block_dataincludes\class-woo-frontend.php:139

filterrender_blockincludes\class-woo-frontend.php:140

actionplugins_loadedplugin.php:55

actioninitplugin.php:195

actioninitplugin.php:198

Maintenance & Trust

UiCore Blocks – Free WordPress Gutenberg Blocks Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0

Last updatedJan 29, 2026

PHP min version7.4

Downloads4K

Community Trust

Rating74/100

Number of ratings3

Active installs400

Alternatives

UiCore Blocks – Free WordPress Gutenberg Blocks Alternatives

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

Power-up Gutenberg with advanced blocks for faster website creation. Build your WordPress website effortlessly using powerful building blocks!

1.0M 26 CVEs

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

20+ AI-powered Gutenberg Blocks with endless options, enabling top-notch efficiency for high-performance dynamic website creation.

600K 31 CVEs

Page Builder: Pagelayer – Drag and Drop website builder

pagelayer

The most advanced frontend drag & drop page builder. Pagelayer is a light weight but extremely powerful Website Builder.

400K 25 CVEs

Superb Addons: Blocks, Patterns & Theme Designer for the Block Editor & FSE

superb-blocks

100

Create beautiful WordPress websites easily with 10+ blocks, 200+ patterns, 100+ pre-built pages, animations and Theme Designer. No coding needed!

80K No CVEs

GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor

gutenkit-blocks-addon

GutenKit – Ultimate no-code Gutenberg blocks to design stunning web pages and visually stunning posts in WordPress block editor.

70K 3 CVEs

Developer Profile

UiCore Blocks – Free WordPress Gutenberg Blocks Developer Profile

uicore

3 plugins · 80K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

3 days

View full developer profile

Detection Fingerprints

How We Detect UiCore Blocks – Free WordPress Gutenberg Blocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/uicore-blocks/assets/css/frontend.css/wp-content/plugins/uicore-blocks/assets/css/blocks.editor.css/wp-content/plugins/uicore-blocks/assets/js/editor.js/wp-content/plugins/uicore-blocks/assets/js/frontend.js

Script Paths

/wp-content/plugins/uicore-blocks/assets/js/editor.js/wp-content/plugins/uicore-blocks/assets/js/frontend.js

Version Parameters

uicore-blocks/assets/css/frontend.css?ver=uicore-blocks/assets/css/blocks.editor.css?ver=uicore-blocks/assets/js/editor.js?ver=uicore-blocks/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

uicore-blocks-wrapperuicore-blocks-accordion-wrapper

Data Attributes

data-uicore-blocks-toggledata-uicore-blocks-accordion

JS Globals

uicoreBlocksFrontend

REST Endpoints

/wp-json/uicore-blocks/v1/settings

FAQ