WP-Safety

Master Blocks – Ultimate Gutenberg Blocks for Marketers Security & Risk Analysis

wordpress.org/plugins/ultimate-blocks-for-gutenberg

Master Blocks is a powerful WordPress Gutenberg blocks plugin that helps you to create beautiful pages in default WordPress Editor.

100 active installs v1.4.1.4 PHP + WP 5.0+ Updated Nov 5, 2025
blockseditorextensiongutenberggutenberg-blocks
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Master Blocks – Ultimate Gutenberg Blocks for Marketers Safe to Use in 2026?

Generally Safe

Score 100/100

Master Blocks – Ultimate Gutenberg Blocks for Marketers has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The "ultimate-blocks-for-gutenberg" plugin v1.4.1.4 presents a mixed security posture. On the positive side, it shows good practices with 100% of its SQL queries using prepared statements and a significant percentage (83%) of output properly escaped. The absence of any known CVEs or recorded vulnerability history suggests a generally stable codebase. However, there are notable concerns related to its attack surface. The plugin exposes 11 entry points, with 5 of these, specifically all 5 REST API routes, lacking permission callbacks. This means these routes are accessible without any authentication or authorization checks, creating a significant risk for potential unauthorized actions. Additionally, the presence of a dangerous function like `create_function` is a red flag, as it can be misused in certain contexts to execute arbitrary code. The taint analysis, while showing only two flows, indicates that these flows involve unsanitized paths, which warrants careful investigation to ensure they don't lead to exploitable vulnerabilities.

Key Concerns

  • REST API routes without permission callbacks
  • Presence of dangerous function: create_function
  • Taint flows with unsanitized paths
  • Output escaping not 100% proper
Vulnerabilities
None known

Master Blocks – Ultimate Gutenberg Blocks for Marketers Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Master Blocks – Ultimate Gutenberg Blocks for Marketers Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
45
225 escaped
Nonce Checks
7
Capability Checks
15
File Operations
4
External Requests
7
Bundled Libraries
0

Dangerous Functions Found

create_function$this->utf8_strlen = create_function(Libs\Markdown.php:1773

Output Escaping

83% escaped270 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
notification_action (Inc\Classes\Notifications\Notifications.php:48)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Master Blocks – Ultimate Gutenberg Blocks for Marketers Attack Surface

Entry Points11
Unprotected5

AJAX Handlers 6

authwp_ajax_jltmb_deactivation_surveyInc\Classes\Feedback.php:29
authwp_ajax_jltmb_notification_actionInc\Classes\Notifications\Notifications.php:40
authwp_ajax_jltmb_subscribeInc\Classes\Notifications\Subscribe.php:26
authwp_ajax_jltmb_allow_collectInc\Classes\Notifications\What_We_Collect.php:27
authwp_ajax_jltmb_recommended_upgrade_pluginLibs\Recommended.php:43
authwp_ajax_jltmb_recommended_activate_pluginLibs\Recommended.php:44

REST API Routes 5

GET/wp-json/master_blocks/v1/get_templates/Inc\Api.php:19
GET/wp-json/master_blocks/v1/get_template/Inc\Api.php:28
GET/wp-json/master_blocks/v1/save_template/Inc\Api.php:37
GET/wp-json/master_blocks/v1/save_global_settings/Inc\Api.php:46
POST/wp-json/gutenberg-blocks/v1/update-metaLibs\Metabox.php:59
WordPress Hooks 59
filterblock_categories_allclass-ultimate-blocks-for-gutenberg.php:42
actionplugins_loadedclass-ultimate-blocks-for-gutenberg.php:43
filteradmin_body_classclass-ultimate-blocks-for-gutenberg.php:45
actioninitclass-ultimate-blocks-for-gutenberg.php:47
actionrest_api_initInc\Api.php:13
actioninitInc\blocks\latest-post.php:263
actionrest_api_initInc\blocks\latest-post.php:303
filterexcerpt_moreInc\blocks\latest-post.php:347
actioninitInc\blocks\row-column.php:19
actionwp_enqueue_scriptsInc\blocks\row-column.php:20
actioninitInc\blocks\social-share.php:75
actionwp_footerInc\blocks\social-share.php:91
actionadmin_menuInc\Classes\AdminSettings.php:29
actionnetwork_admin_menuInc\Classes\AdminSettings.php:30
actionadmin_enqueue_scriptsInc\Classes\AdminSettings.php:31
actionadmin_headInc\Classes\AdminSettings.php:32
actionadmin_body_classInc\Classes\AdminSettings.php:33
actionall_pluginsInc\Classes\AdminSettings.php:34
actionenqueue_block_editor_assetsInc\Classes\EditorStyleFix.php:13
actionadmin_enqueue_scriptsInc\Classes\Feedback.php:27
actionadmin_footerInc\Classes\Feedback.php:28
actionadmin_noticesInc\Classes\Notifications\Notifications.php:35
actionjltmb_display_noticeInc\Classes\Notifications\Notifications.php:37
actionjltmb_display_popupInc\Classes\Notifications\Notifications.php:38
actionjltmb_sheet_promo_data_resetInc\Classes\Notifications\Upgrade_Notice.php:26
actionadmin_footerInc\Classes\Pro_Upgrade.php:47
actionwp_dashboard_setupInc\Classes\Pro_Upgrade.php:49
actionrest_api_initInc\Classes\Rest_Api.php:12
actionwp_enqueue_scriptsInc\Classes\StyleGenerator.php:11
actionsave_postInc\Classes\StyleGenerator.php:12
actionadmin_footerLibs\Assets.php:27
actionenqueue_block_editor_assetsLibs\Assets.php:28
actionenqueue_block_assetsLibs\Assets.php:29
actionadmin_enqueue_scriptsLibs\Assets.php:30
filterinstall_plugins_table_api_args_featuredLibs\Featured.php:23
filterplugins_api_resultLibs\Featured.php:33
filterthe_contentLibs\Markdown.php:60
filterthe_content_rssLibs\Markdown.php:61
filterget_the_excerptLibs\Markdown.php:62
filterget_the_excerptLibs\Markdown.php:63
filterthe_excerptLibs\Markdown.php:64
filterthe_excerpt_rssLibs\Markdown.php:65
filterthe_contentLibs\Markdown.php:69
filterget_the_excerptLibs\Markdown.php:70
filterpre_comment_contentLibs\Markdown.php:81
filterpre_comment_contentLibs\Markdown.php:82
filterpre_comment_contentLibs\Markdown.php:83
filterget_comment_textLibs\Markdown.php:84
filterget_comment_excerptLibs\Markdown.php:85
filterget_comment_excerptLibs\Markdown.php:86
actionadd_meta_boxesLibs\Metabox.php:12
actionsave_postLibs\Metabox.php:35
actioninitLibs\Metabox.php:52
actionrest_api_initLibs\Metabox.php:73
actionadmin_menuLibs\Recommended.php:42
actionadmin_post_master_blocks_rollbackLibs\Rollback.php:23
actionwp_enqueue_scriptsLibs\StyleGenerator.php:9
actionsave_postLibs\StyleGenerator.php:10
actioninitultimate-blocks-for-gutenberg.php:103
Maintenance & Trust

Master Blocks – Ultimate Gutenberg Blocks for Marketers Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedNov 5, 2025
PHP min version
Downloads23K

Community Trust

Rating88/100
Number of ratings14
Active installs100
Alternatives

Master Blocks – Ultimate Gutenberg Blocks for Marketers Alternatives

Spectra Gutenberg Blocks – Website Builder for the Block Editor

Spectra Gutenberg Blocks – Website Builder for the Block Editor

ultimate-addons-for-gutenberg

A
92

Power-up Gutenberg with advanced blocks for faster website creation. Build your WordPress website effortlessly using powerful building blocks!

1.0M 26 CVEs
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

A
86

20+ AI-powered Gutenberg Blocks with endless options, enabling top-notch efficiency for high-performance dynamic website creation.

600K 32 CVEs
Page Builder: Pagelayer – Drag and Drop website builder

Page Builder: Pagelayer – Drag and Drop website builder

pagelayer

A
88

The most advanced frontend drag & drop page builder. Pagelayer is a light weight but extremely powerful Website Builder.

400K 26 CVEs
Superb Addons: Blocks, Patterns & Theme Designer for the Block Editor & FSE

Superb Addons: Blocks, Patterns & Theme Designer for the Block Editor & FSE

superb-blocks

A
100

Create beautiful WordPress websites easily with 10+ blocks, 200+ patterns, 100+ pre-built pages, animations and Theme Designer. No coding needed!

80K No CVEs
GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor

GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor

gutenkit-blocks-addon

A
93

GutenKit – Ultimate no-code Gutenberg blocks to design stunning web pages and visually stunning posts in WordPress block editor.

70K 3 CVEs
Developer Profile

Master Blocks – Ultimate Gutenberg Blocks for Marketers Developer Profile

Liton Arefin

45 plugins · 43K total installs

83
trust score
Avg Security Score
93/100
Avg Patch Time
63 days
View full developer profile
Detection Fingerprints

How We Detect Master Blocks – Ultimate Gutenberg Blocks for Marketers

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ultimate-blocks-for-gutenberg/assets/css/style.css/wp-content/plugins/ultimate-blocks-for-gutenberg/assets/css/editor.css
Script Paths
/wp-content/plugins/ultimate-blocks-for-gutenberg/assets/js/editor.js/wp-content/plugins/ultimate-blocks-for-gutenberg/assets/js/frontend.js
Version Parameters
ultimate-blocks-for-gutenberg/assets/css/style.css?ver=ultimate-blocks-for-gutenberg/assets/css/editor.css?ver=ultimate-blocks-for-gutenberg/assets/js/editor.js?ver=ultimate-blocks-for-gutenberg/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
egb-blocksegb-layout-id
Data Attributes
data-uniqueid
JS Globals
JLTMB_URLJLTMB_ASSETSJLTMB_IMAGESJLTMB_VER
FAQ

Frequently Asked Questions about Master Blocks – Ultimate Gutenberg Blocks for Marketers