WP-Safety

WP Blockade – Visual Page Builder Security & Risk Analysis

wordpress.org/plugins/wp-blockade

Blockade is the WordPress editor done right. It's a lightweight, flexible visual page builder that lets you build stunning layouts in seconds.

40 active installs v0.9.14 PHP + WP 4.0+ Updated Apr 24, 2018
columnseditorpage-buildervisual-composerwysiwyg
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Blockade – Visual Page Builder Safe to Use in 2026?

Generally Safe

Score 85/100

WP Blockade – Visual Page Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The wp-blockade plugin version 0.9.14 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and has no recorded vulnerabilities or CVEs. This suggests a generally well-maintained codebase.

However, the static analysis reveals several areas of concern. The plugin has a total of two entry points, with one unprotected AJAX handler, posing a significant risk of unauthorized execution. The taint analysis indicates one flow with an unsanitized path, which, while not flagged as critical or high severity, warrants attention as it could potentially lead to unexpected behavior or exposure if exploited. Furthermore, only one of the two identified entry points has a capability check, and there are no nonce checks implemented for the AJAX handler, leaving it vulnerable to Cross-Site Request Forgery (CSRF) attacks.

While the lack of historical vulnerabilities is a strong positive, the presence of an unprotected AJAX endpoint and an unsanitized path flow represent immediate risks that should be addressed. The plugin's strengths lie in its database interaction security, but its front-end interaction points require more robust access control and sanitization.

Key Concerns

  • Unprotected AJAX handler detected
  • Flow with unsanitized path detected
  • Missing nonce checks on AJAX handler
  • Limited capability checks on entry points
  • Output escaping only 67% proper
Vulnerabilities
None known

WP Blockade – Visual Page Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP Blockade – Visual Page Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
6 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

TinyMCE

Output Escaping

67% escaped9 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
render_shortcode_preview (wp-blockade.php:358)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WP Blockade – Visual Page Builder Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_wp-blockade-sidebar-listaddons\sidebar\blockade-sidebar.php:27

Shortcodes 1

[wp_blockade_sidebar] addons\sidebar\blockade-sidebar.php:28
WordPress Hooks 35
actionwp_enqueue_scriptsaddons\breakout\blockade-breakout.php:26
filterwp-blockade-tinymce-pluginsaddons\breakout\blockade-breakout.php:27
filterwp-blockade-tinymce-pluginsaddons\button\blockade-button.php:25
filterwp-blockade-tinymce-pluginsaddons\glyphicon\blockade-glyphicon.php:25
actionwp_enqueue_scriptsaddons\glyphicon\blockade-glyphicon.php:26
filterwp-blockade-tinymce-pluginsaddons\image\blockade-image.php:25
filterwp-blockade-tinymce-pluginsaddons\map\blockade-map.php:25
actionwp_enqueue_scriptsaddons\map\blockade-map.php:26
filterwp-blockade-tinymce-pluginsaddons\raw-html\blockade-raw-html.php:25
filterwp-blockade-tinymce-pluginsaddons\shortcode\blockade-shortcode.php:26
filterwp-blockade-tinymce-pluginsaddons\sidebar\blockade-sidebar.php:26
filterwp-blockade-tinymce-pluginsaddons\simple-columns\blockade-simple-columns.php:25
filterwp-blockade-tinymce-pluginsaddons\sized-preview\blockade-sized-preview.php:26
filterwp-blockade-top-level-buttonsaddons\sized-preview\blockade-sized-preview.php:27
filteradmin_headaddons\sized-preview\blockade-sized-preview.php:28
filterwp-blockade-tinymce-pluginsaddons\video\blockade-video.php:25
actionwp_enqueue_scriptsaddons\video\blockade-video.php:26
filterwp_kses_allowed_htmladdons\video\blockade-video.php:28
filterwp_trim_wordsclasses\BBytes_Better_Auto_Excerpts.php:22
actioninitwp-blockade.php:104
filterextra_wp_blockade_custom_block_headerswp-blockade.php:105
filterwp_kses_allowed_htmlwp-blockade.php:106
actionthe_postwp-blockade.php:107
filterthe_contentwp-blockade.php:108
filterthe_contentwp-blockade.php:109
actionloop_endwp-blockade.php:110
actionwp_enqueue_scriptswp-blockade.php:111
actionadmin_post_wp-blockade-shortcode-renderwp-blockade.php:112
filtertiny_mce_before_initwp-blockade.php:156
filtertiny_mce_before_initwp-blockade.php:163
filterthe_contentwp-blockade.php:284
filterthe_excerptwp-blockade.php:285
filterthe_contentwp-blockade.php:292
filterthe_excerptwp-blockade.php:293
filtershow_admin_barwp-blockade.php:359
Maintenance & Trust

WP Blockade – Visual Page Builder Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedApr 24, 2018
PHP min version
Downloads7K

Community Trust

Rating74/100
Number of ratings3
Active installs40
Alternatives

WP Blockade – Visual Page Builder Alternatives

Pollen – WPBakery Page Builder Addons

Pollen – WPBakery Page Builder Addons

pollen

A
85

Pollen - WPBakery Page Builder Addons allows you to create amazing pages from ready to use templates with a single click only.

200 No CVEs
LoftBuilder

LoftBuilder

loftbuilder

A
85

Create stunning and responsive pages with LoftBuilder. An intuitive front-end looking, drag & drop page builder.

10 No CVEs
Elementor Website Builder – More Than Just a Page Builder

Elementor Website Builder – More Than Just a Page Builder

elementor

A
88

The Elementor Website Builder has it all: drag and drop page builder, pixel perfect design, mobile responsive editing, and more. Get started now!

10.0M 46 CVEs
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

A
86

20+ AI-powered Gutenberg Blocks with endless options, enabling top-notch efficiency for high-performance dynamic website creation.

600K 32 CVEs
Page Builder by SiteOrigin

Page Builder by SiteOrigin

siteorigin-panels

A
88

Build responsive page layouts using the widgets you know and love using this simple drag and drop page builder.

500K 8 CVEs
Developer Profile

WP Blockade – Visual Page Builder Developer Profile

Bytes.co

4 plugins · 5K total installs

81
trust score
Avg Security Score
81/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Blockade – Visual Page Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-blockade/core-plugins/lists/plugin.js/wp-content/plugins/wp-blockade/core-plugins/blockade/plugin.js
Script Paths
/wp-content/plugins/wp-blockade/assets/js/wp-blockade.js
Version Parameters
wp-blockade/style.css?ver=wp-blockade/assets/js/wp-blockade.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-blockadedata-blockade-editor
JS Globals
wp_blockade_editor_options
Shortcode Output
[blockade][/blockade]
FAQ

Frequently Asked Questions about WP Blockade – Visual Page Builder