
WP Post HTML to Blocks Security & Risk Analysis
wordpress.org/plugins/wp-post-html-to-blocksThis plugin is for content that is copy pasted into Gutenberg editor edited as html in classic block editor.
Is WP Post HTML to Blocks Safe to Use in 2026?
Generally Safe
Score 85/100WP Post HTML to Blocks has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The plugin "wp-post-html-to-blocks" v1.2 exhibits a strong security posture in several key areas. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points suggests a limited attack surface and good practice in securing potential interaction points. Furthermore, all identified SQL queries utilize prepared statements, which is excellent for preventing SQL injection vulnerabilities. The lack of file operations and external HTTP requests also reduces risk. However, the static analysis reveals a significant concern with output escaping, as only 30% of outputs are properly escaped. This could leave the plugin susceptible to Cross-Site Scripting (XSS) vulnerabilities if user-supplied or dynamically generated content is not handled carefully. The taint analysis, while not revealing critical or high severity issues, did identify two flows with unsanitized paths, which warrants further investigation to confirm the exact nature of the risk. The plugin's vulnerability history is clean, with no known CVEs, which is a positive indicator. Despite the lack of historical vulnerabilities, the identified issues in output escaping and potential unsanitized paths in taint flows mean that vigilance is still required.
Key Concerns
- Low percentage of properly escaped output
- Taint flows with unsanitized paths identified
- No nonce checks implemented
- No capability checks implemented
WP Post HTML to Blocks Security Vulnerabilities
WP Post HTML to Blocks Release Timeline
WP Post HTML to Blocks Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
WP Post HTML to Blocks Attack Surface
WordPress Hooks 1
Maintenance & Trust
WP Post HTML to Blocks Maintenance & Trust
Maintenance Signals
Community Trust
WP Post HTML to Blocks Alternatives
Classic Editor
classic-editor
Enables the previous "classic" editor and the old-style Edit Post screen with TinyMCE, Meta Boxes, etc. Supports all plugins that extend this screen.
Starter Templates – AI-Powered Templates for Elementor & Gutenberg
astra-sites
The growing library of 300+ ready-to-use templates that work with all WordPress themes including Astra, Hello, OceanWP, GeneratePress and more
Classic Widgets
classic-widgets
Enables the previous "classic" widgets settings screens in Appearance - Widgets and the Customizer. Disables the block editor from managing widgets.
Advanced Editor Tools
tinymce-advanced
Extends and enhances the block editor (Gutenberg) and the classic editor (TinyMCE).
Spectra Gutenberg Blocks – Website Builder for the Block Editor
ultimate-addons-for-gutenberg
Power-up Gutenberg with advanced blocks for faster website creation. Build your WordPress website effortlessly using powerful building blocks!
WP Post HTML to Blocks Developer Profile
5 plugins · 10 total installs
How We Detect WP Post HTML to Blocks
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
<!-- wp:html --><!-- /wp:html -->