Does VK Blocks have any unpatched vulnerabilities?

No. All known vulnerabilities in VK Blocks have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is VK Blocks compatible with WordPress 6.9.4?

According to WordPress.org data, VK Blocks 1.116.2.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is VK Blocks compatible with PHP 7.4+?

VK Blocks requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is VK Blocks updated?

VK Blocks was last updated on Feb 16, 2026. Frequent updates are generally a positive security signal.

What is VK Blocks's security score?

VK Blocks has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

VK Blocks Security & Risk Analysis

wordpress.org/plugins/vk-blocks

This is a plugin that extends Gutenberg's blocks.

100K active installs v1.116.2.0 PHP 7.4+ WP 6.5+ Updated Feb 16, 2026

alertfaqgutenberg

A · Safe

CVEs total6

Unpatched0

Last CVEMar 6, 2025

Plugin page Download

Safety Verdict

Is VK Blocks Safe to Use in 2026?

Generally Safe

Score 97/100

VK Blocks has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Mar 6, 2025Updated 1mo ago

Risk Assessment

The vk-blocks plugin version 1.117.0.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries, a high percentage of properly escaped output, and a single non-critical file operation. The absence of dangerous functions and external HTTP requests is also reassuring.

However, significant concerns arise from the attack surface analysis. All four identified REST API routes lack permission callbacks, making them potentially accessible without proper authorization. This, combined with the absence of any AJAX handlers, suggests a reliance on REST API for functionalities that might require more granular access control. The plugin's vulnerability history is also a notable weakness, with a history of six medium-severity CVEs, primarily related to Improper Access Control, Improper Authorization, and Cross-site Scripting. While there are no currently unpatched vulnerabilities, this pattern indicates past susceptibility to these common web security issues.

In conclusion, while vk-blocks has strengths in its handling of SQL and output sanitization, the unprotected REST API endpoints present a clear and immediate risk. The historical pattern of vulnerabilities, particularly in authorization and access control, reinforces the need for vigilance and suggests that these areas may be recurring weaknesses. A balanced approach would involve addressing the unprotected REST API routes while remaining aware of past vulnerability types.

Key Concerns

REST API routes without permission callbacks
History of 6 medium severity CVEs

Vulnerabilities

VK Blocks Security Vulnerabilities

CVEs by Year

5 CVEs in 2023

2023

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

6 total CVEs

CVE-2024-13635medium · 4.3Improper Access Control

VK Blocks <= 1.94.2.2 - Missing Authorization to Sensitive Information Exposure

Mar 6, 2025 Patched in 1.95.0.3 (1d)

CVE-2023-5706medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

VK Blocks <= 1.63.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block

Oct 24, 2023 Patched in 1.64.0.0 (91d)

CVE-2023-0583medium · 4.3Improper Authorization

VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update

Jun 2, 2023 Patched in 1.57.0.10 (235d)

CVE-2023-0584medium · 4.3Improper Authorization

VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update

Jun 2, 2023 Patched in 1.58.0.0 (235d)

CVE-2023-27925medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

VK Blocks <= 1.53.0.1 - Stored (Contributor+) Cross-Site Scripting in Post

May 9, 2023 Patched in 1.54.0 (259d)

CVE-2023-27923medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

VK Blocks <= 1.53.0.1 - Stored (Contributor+) Cross-Site Scripting in Tag Edit

May 9, 2023 Patched in 1.54.0 (259d)

Code Analysis

Analyzed Mar 16, 2026

VK Blocks Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

103 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

97% escaped106 total outputs

Attack Surface

4 unprotected

VK Blocks Attack Surface

Entry Points4

Unprotected4

REST API Routes 4

GET/wp-json/vk-blocks/v1/update_vk_blocks_optionsinc\vk-blocks\App\RestAPI\BlockMeta\class-vk-blocks-entrypoint.php:27

GET/wp-json/vk-blocks/v1/get_post_single_term_infoinc\vk-blocks\App\RestAPI\BlockMeta\class-vk-blocks-entrypoint.php:47

GET/wp-json/vk-blocks/v1/get_post_multiple_terms_infoinc\vk-blocks\App\RestAPI\BlockMeta\class-vk-blocks-entrypoint.php:60

GET/wp-json/vk-blocks/v1/options/vk_font_awesome_version/inc\vk-blocks\font-awesome\class-vk-blocks-font-awesome-api.php:27

WordPress Hooks 64

actionadmin_noticesinc\admin-notices.php:52

actionadmin_headinc\admin-notices.php:63

filterterm_color_taxonomies_custominc\term-color\term-color-config.php:27

actioninitinc\term-color\term-color-config.php:41

actiontgmpa_registerinc\tgm-plugin-activation\tgm-config.php:20

actionadmin_menuinc\vk-blocks\admin\admin.php:93

filterplugin_action_linksinc\vk-blocks\admin\admin.php:140

actionadmin_enqueue_scriptsinc\vk-blocks\admin\admin.php:221

actionrest_api_initinc\vk-blocks\App\RestAPI\BlockMeta\class-vk-blocks-entrypoint.php:18

actionwp_footerinc\vk-blocks\blocks\class-vk-blocks-faq-schema-manager.php:69

filterblock_categories_allinc\vk-blocks\blocks.php:98

filterblock_type_metadatainc\vk-blocks\blocks.php:116

actioninitinc\vk-blocks\blocks.php:166

actionafter_setup_themeinc\vk-blocks\class-vk-blocks-block-loader.php:69

actioninitinc\vk-blocks\class-vk-blocks-block-loader.php:72

filterregister_block_type_argsinc\vk-blocks\class-vk-blocks-block-loader.php:75

filtershould_load_separate_core_block_assetsinc\vk-blocks\class-vk-blocks-block-loader.php:79

actionenqueue_block_assetsinc\vk-blocks\class-vk-blocks-block-loader.php:94

actioninitinc\vk-blocks\class-vk-blocks-options.php:28

actionadmin_initinc\vk-blocks\class-vk-blocks-options.php:29

actioninitinc\vk-blocks\class-vk-blocks-print-css-variables.php:23

filterrender_block_core/headinginc\vk-blocks\extensions\core\heading.php:26

actionwp_enqueue_scriptsinc\vk-blocks\extensions\core\image.php:37

actionenqueue_block_editor_assetsinc\vk-blocks\extensions\core\image.php:38

filterrender_block_core/listinc\vk-blocks\extensions\core\list.php:124

actionrest_api_initinc\vk-blocks\font-awesome\class-vk-blocks-font-awesome-api.php:20

actioninitinc\vk-blocks\font-awesome\font-awesome-config.php:69

filterwp_kses_allowed_htmlinc\vk-blocks\helpers.php:83

filterwp_insert_post_datainc\vk-blocks\helpers.php:133

actionadmin_enqueue_scriptsinc\vk-blocks\load-bootstrap.php:29

actionwp_enqueue_scriptsinc\vk-blocks\load-bootstrap.php:30

actioninitinc\vk-blocks\load-bootstrap.php:49

actionadmin_enqueue_scriptsinc\vk-blocks\load-bootstrap.php:72

actioninitinc\vk-blocks\load-vk-components.php:34

actionadmin_enqueue_scriptsinc\vk-blocks\load-vk-components.php:50

actionwp_enqueue_scriptsinc\vk-blocks\load-vk-components.php:51

actionenqueue_block_assetsinc\vk-blocks\load-vk-components.php:65

actionwp_enqueue_scriptsinc\vk-blocks\style\balloon.php:42

actionenqueue_block_editor_assetsinc\vk-blocks\style\balloon.php:43

actioninitinc\vk-blocks\style\common-margin.php:215

actionwp_enqueue_scriptsinc\vk-blocks\style\flow.php:34

actionenqueue_block_editor_assetsinc\vk-blocks\style\flow.php:35

filterrender_blockinc\vk-blocks\style\hidden-extension.php:48

filterrender_blockinc\vk-blocks\view\class-vk-blocks-link-to-post.php:36

filterrender_blockinc\vk-blocks\view\class-vk-blocks-scrollhintrenderer.php:17

filterrender_blockinc\vk-blocks\view\responsive-br.php:34

actionplugins_loadedinc\vk-blocks\vk-blocks-functions.php:62

actionwp_enqueue_scriptsinc\vk-blocks\vk-blocks-functions.php:76

filterbody_classinc\vk-blocks\vk-blocks-functions.php:91

actioninitinc\vk-blocks\vk-blocks-functions.php:203

actionadmin_headinc\vk-blocks\vk-blocks-functions.php:223

actionwp_enqueue_scriptsinc\vk-blocks\vk-blocks-functions.php:235

actionafter_setup_themeinc\vk-css-optimize\config.php:11

filtervk_css_tree_shaking_handlesinc\vk-css-optimize\config.php:25

filtercss_tree_shaking_excludeinc\vk-css-optimize\config.php:82

filtervk_css_optimize_options_defaultinc\vk-css-optimize\config.php:97

actioncustomize_registerinc\vk-customize-helpers\package\vk-customize-helpers.php:2

actionadmin_noticesvk-blocks.php:94

actionplugins_loadedvk-blocks.php:150

actionplugins_loadedvk-blocks.php:161

actionwp_enqueue_scriptsvk-blocks.php:175

filterhttps_ssl_verifyvk-blocks.php:198

actionadmin_noticesvk-blocks.php:225

actionafter_setup_themevk-blocks.php:236

Maintenance & Trust

VK Blocks Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 16, 2026

PHP min version7.4

Downloads4.5M

Community Trust

Rating96/100

Number of ratings6

Active installs100K

Alternatives

VK Blocks Alternatives

Advanced Accordion Gutenberg Block – Create Beautiful FAQs, Content Accordions & Interactive Tabs

advanced-accordion-block

Create stunning FAQ & accordion blocks. SEO-optimized, fully accessible, zero performance impact. No coding needed.

10K 1 CVE

Quick and Easy FAQs

quick-and-easy-faqs

100

Truly a quick and easy way to add FAQs to your site.

10K No CVEs

Easy Accordion Block

easy-accordion-block

Easy Accordion Block allows you to create an accordion or a FAQs section in Gutenberg editor easily.

7K 1 CVE

FAQ Block For Gutenberg

faq-block-for-gutenberg

This plugin provides a quick and easy way to add FAQ's block using Gutenberg visual editor.

4K No CVEs

FAQ Schema – Accordion, Tab, Slider & Gutenberg Block

faq-schema-ultimate

100

Create responsive FAQs with accordion, tabs, and slider layouts. Includes FAQ Schema markup, Gutenberg blocks, and Elementor widgets.

1K No CVEs

Developer Profile

VK Blocks Developer Profile

Vektor,Inc.

8 plugins · 241K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

126 days

View full developer profile

Detection Fingerprints

How We Detect VK Blocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/vk-blocks/build/vk-blocks-build.js/wp-content/plugins/vk-blocks/build/vk-blocks-build.css/wp-content/plugins/vk-blocks/build/vk-blocks-admin.js/wp-content/plugins/vk-blocks/build/vk-blocks-editor.css/wp-content/plugins/vk-blocks/style.css/wp-content/plugins/vk-blocks/editor.css

Script Paths

/wp-content/plugins/vk-blocks/build/vk-blocks-build.js/wp-content/plugins/vk-blocks/build/vk-blocks-admin.js/wp-content/plugins/vk-blocks/build/vk-blocks-editor.js

Version Parameters

vk-blocks/build/vk-blocks-build.css?ver=vk-blocks/build/vk-blocks-build.js?ver=vk-blocks/build/vk-blocks-admin.js?ver=vk-blocks/build/vk-blocks-editor.css?ver=vk-blocks/style.css?ver=vk-blocks/editor.css?ver=

HTML / DOM Fingerprints

CSS Classes

vk_blockvk_blocksvk_outer_blockvk_inner_block

HTML Comments

Data Attributes

data-vk-blockdata-vk-block-id

JS Globals

vk_blocks_paramsvkBlocksvkBlocksAdmin

FAQ