WP Post HTML to Blocks Security & Risk Analysis

wordpress.org/plugins/wp-post-html-to-blocks

This plugin is for content that is copy pasted into Gutenberg editor edited as html in classic block editor.

0 active installs v1.2 PHP 7.0+ WP 5.0+ Updated Aug 16, 2023
gutenberghtml-blockhtml-tagssurround
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is WP Post HTML to Blocks Safe to Use in 2026?

Generally Safe

Score 85/100

WP Post HTML to Blocks has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The plugin "wp-post-html-to-blocks" v1.2 exhibits a strong security posture in several key areas. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points suggests a limited attack surface and good practice in securing potential interaction points. Furthermore, all identified SQL queries utilize prepared statements, which is excellent for preventing SQL injection vulnerabilities. The lack of file operations and external HTTP requests also reduces risk. However, the static analysis reveals a significant concern with output escaping, as only 30% of outputs are properly escaped. This could leave the plugin susceptible to Cross-Site Scripting (XSS) vulnerabilities if user-supplied or dynamically generated content is not handled carefully. The taint analysis, while not revealing critical or high severity issues, did identify two flows with unsanitized paths, which warrants further investigation to confirm the exact nature of the risk. The plugin's vulnerability history is clean, with no known CVEs, which is a positive indicator. Despite the lack of historical vulnerabilities, the identified issues in output escaping and potential unsanitized paths in taint flows mean that vigilance is still required.

Key Concerns

  • Low percentage of properly escaped output
  • Taint flows with unsanitized paths identified
  • No nonce checks implemented
  • No capability checks implemented
Vulnerabilities
None known

WP Post HTML to Blocks Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WP Post HTML to Blocks Release Timeline

v1.1
v1.0.1
v1.0
Code Analysis
Analyzed Apr 16, 2026

WP Post HTML to Blocks Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
14 prepared
Unescaped Output
14
6 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared14 total queries

Output Escaping

30% escaped20 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
wp_post_html_to_block_config_page (wp-post-html-to-blocks.php:246)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Post HTML to Blocks Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
actionadmin_menuwp-post-html-to-blocks.php:19
Maintenance & Trust

WP Post HTML to Blocks Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedAug 16, 2023
PHP min version7.0
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

WP Post HTML to Blocks Developer Profile

zeshanb

5 plugins · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
9 days
View full developer profile
Detection Fingerprints

How We Detect WP Post HTML to Blocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

HTML Comments
<!-- wp:html --><!-- /wp:html -->
FAQ

Frequently Asked Questions about WP Post HTML to Blocks