Does WPS HTML Blocks have any unpatched vulnerabilities?

No. All known vulnerabilities in WPS HTML Blocks have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WPS HTML Blocks compatible with WordPress 5.8.13?

According to WordPress.org data, WPS HTML Blocks 0.1.2 has been tested up to WordPress 5.8.13. Check the plugin's changelog for the latest compatibility information.

Is WPS HTML Blocks compatible with PHP 5.2.4+?

WPS HTML Blocks requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WPS HTML Blocks updated?

WPS HTML Blocks was last updated on Oct 12, 2022. Frequent updates are generally a positive security signal.

What is WPS HTML Blocks's security score?

WPS HTML Blocks has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPS HTML Blocks Security & Risk Analysis

wordpress.org/plugins/wps-html-blocks

This plugin adds a custom HTML post type, with shortcode to place anywhere on your site.

1K active installs v0.1.2 PHP 5.2.4+ WP 5.0+ Updated Oct 12, 2022

commentscustom-blockscustom-shortcodehtml-blocks

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WPS HTML Blocks Safe to Use in 2026?

Generally Safe

Score 85/100

WPS HTML Blocks has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The wps-html-blocks plugin v0.1.2 exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, SQL injection vulnerabilities (all queries use prepared statements), file operations, and external HTTP requests are positive indicators. Furthermore, the lack of any recorded CVEs or known vulnerabilities suggests a history of secure development or minimal exposure to common attack vectors.

However, a significant concern arises from the complete lack of output escaping for the single output identified. This means that any data rendered to the user interface could potentially be exploited for cross-site scripting (XSS) attacks if that data is not inherently safe. The absence of nonce checks and capability checks on the identified shortcode is also a weakness, as it suggests that the shortcode might be vulnerable to unauthorized execution or manipulation if it handles user-supplied data in a sensitive manner.

In conclusion, while the plugin avoids several common and critical vulnerability classes, the unescaped output and potential lack of authorization on the shortcode present a clear risk of XSS and possibly other vulnerabilities. Addressing these specific code-level concerns is crucial for improving the plugin's overall security.

Key Concerns

Unescaped output detected
Missing capability checks on shortcode
Missing nonce checks on shortcode

Vulnerabilities

None known

WPS HTML Blocks Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WPS HTML Blocks Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped1 total outputs

Attack Surface

WPS HTML Blocks Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[wpsbx_html_block] functions.php:71

WordPress Hooks 5

actioninitfunctions.php:4

actioninitfunctions.php:74

filtermanage_edit-wpsbx_block_columnsfunctions.php:104

actionmanage_wpsbx_block_posts_custom_columnfunctions.php:105

filterwidget_textfunctions.php:108

Maintenance & Trust

WPS HTML Blocks Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13

Last updatedOct 12, 2022

PHP min version5.2.4

Downloads7K

Community Trust

Rating100/100

Number of ratings3

Active installs1K

Alternatives

WPS HTML Blocks Alternatives

Akismet Anti-spam: Spam Protection

akismet

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

disable-comments

Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.

1.0M 1 CVE

Antispam Bee

antispam-bee

100

Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.

700K 1 CVE

Spam protection, Honeypot, Anti-Spam by CleanTalk

cleantalk-spam-protect

Blocks spam comments, fake users, contact form spam and more. No impact on SEO. Privacy focused. CAPTCHA free, premium Antispam plugin.

200K 13 CVEs

Captcha Code

captcha-code-authentication

GDPR compatible captcha anti-spam protection for login form, comments form, registration form & lost password form. Eliminate spam with captcha.

100K 2 CVEs

Developer Profile

WPS HTML Blocks Developer Profile

VicToMeyeZR

1 plugin · 1K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WPS HTML Blocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output

[wpsbx_html_block id=*

FAQ