Does ZenBlocks have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is ZenBlocks compatible with WordPress 6.9.4?

According to WordPress.org data, ZenBlocks 1.1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is ZenBlocks compatible with PHP 7.4+?

ZenBlocks requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ZenBlocks updated?

ZenBlocks was last updated on Mar 13, 2026. Frequent updates are generally a positive security signal.

What is ZenBlocks's security score?

ZenBlocks has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ZenBlocks Security & Risk Analysis

wordpress.org/plugins/zenblocks

Custom blocks for the WordPress block editor with responsive controls and advanced button styling.

0 active installs v1.1.0 PHP 7.4+ WP 6.0+ Updated Mar 13, 2026

blocksbuttondesigngutenbergresponsive

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ZenBlocks Safe to Use in 2026?

Generally Safe

Score 100/100

ZenBlocks has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

Zenblocks v1.1.0 presents a generally positive security posture based on the provided static analysis. The plugin demonstrates strong adherence to secure coding practices, with 100% of SQL queries using prepared statements and all output being properly escaped. The absence of dangerous functions and critical or high-severity taint flows further reinforces this good standing. Its vulnerability history, showing zero known CVEs, suggests a mature and well-maintained codebase, or at least one that has not yet attracted public security scrutiny.

However, a notable concern arises from the attack surface analysis, specifically the presence of one REST API route without explicit permission callbacks. This could potentially expose sensitive functionality to unauthorized users if not properly secured by other means within the WordPress core or other plugins. While the plugin incorporates nonce checks and a reasonable number of capability checks, this single unprotected entry point represents a potential weakness that warrants attention. Despite this, the overall security is robust, with a strong foundation in preventing common web vulnerabilities.

Key Concerns

REST API route without permission callback

Vulnerabilities

None known

ZenBlocks Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

ZenBlocks Release Timeline

v1.1.0Current

Code Analysis

Analyzed Apr 16, 2026

ZenBlocks Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

119 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

100% escaped119 total outputs

Attack Surface

1 unprotected

ZenBlocks Attack Surface

Entry Points10

Unprotected1

AJAX Handlers 1

authwp_ajax_zenblocks_clear_css_cachezenblocks.php:86

REST API Routes 9

GET/wp-json/zenblocks/v1/breakpointszenblocks.php:920

GET/wp-json/zenblocks/v1/media/openverse/searchzenblocks.php:937

GET/wp-json/zenblocks/v1/media/unsplash/searchzenblocks.php:945

POST/wp-json/zenblocks/v1/media/unsplash/track-downloadzenblocks.php:953

GET/wp-json/zenblocks/v1/media/pexels/searchzenblocks.php:961

GET/wp-json/zenblocks/v1/media/pexels/videos/searchzenblocks.php:969

GET/wp-json/zenblocks/v1/media/pixabay/searchzenblocks.php:977

GET/wp-json/zenblocks/v1/media/pixabay/videos/searchzenblocks.php:985

POST/wp-json/zenblocks/v1/media/importzenblocks.php:993

WordPress Hooks 19

actioninitzenblocks.php:53

actionenqueue_block_editor_assetszenblocks.php:54

actionenqueue_block_assetszenblocks.php:55

filterstyle_loader_srczenblocks.php:56

filterscript_loader_srczenblocks.php:57

filterblock_categories_allzenblocks.php:58

actionadmin_menuzenblocks.php:59

actionadmin_initzenblocks.php:60

actionadmin_initzenblocks.php:61

actionadmin_enqueue_scriptszenblocks.php:62

filterplugin_row_metazenblocks.php:63

actionrest_api_initzenblocks.php:65

actionenqueue_block_assetszenblocks.php:68

actionwp_enqueue_scriptszenblocks.php:73

actionenqueue_block_assetszenblocks.php:75

filterrender_blockzenblocks.php:79

actionsave_postzenblocks.php:82

actionwp_enqueue_scriptszenblocks.php:83

actionupgrader_process_completezenblocks.php:87

Maintenance & Trust

ZenBlocks Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 13, 2026

PHP min version7.4

Downloads163

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

ZenBlocks Alternatives

Visibility Controls for Editor Blocks

visibility-controls-for-editor-blocks

100

Easily hide or show Gutenberg blocks on mobile, tablet, and desktop devices using customizable breakpoints for responsive design.

800 No CVEs

Gutenwave Blocks – Gutenberg Page Builder Blocks for Block Editor & FSE

gutenwave-blocks

100

Build stunning websites with Gutenberg. Free responsive blocks, starter templates & full site editing support in one lightweight plugin.

40 No CVEs

Magic Content & CTA Box Builder – Advanced Gutenberg Blocks for Flexible Page Sections, Headers, Buttons, Shape Dividers, and Layout Options

magic-content-box-lite

100

Advanced Gutenberg Blocks for Flexible Page Sections, Call to Action, Headers, Buttons, Shape Dividers, and Layout Options

6K No CVEs

CP Blocks

cp-blocks

CP Blocks allows to insert complementary blocks of code, like buttons, design elements, new functionalities, etc. It supports inserting blocks into th …

1K 2 CVEs

DesignSetGo

designsetgo

100

Professional WordPress blocks without page builder bloat. 53 blocks + 16 universal extensions that enhance ANY block.

1K No CVEs

Developer Profile

ZenBlocks Developer Profile

tsumiki

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ZenBlocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/zenblocks/build/css/editor.css/wp-content/plugins/zenblocks/build/css/frontend.css/wp-content/plugins/zenblocks/build/css/responsive-base.css/wp-content/plugins/zenblocks/build/css/breakpoint-css-vars.css/wp-content/plugins/zenblocks/build/js/editor.js/wp-content/plugins/zenblocks/build/js/frontend.js/wp-content/plugins/zenblocks/build/js/scripts.js

Script Paths

/wp-content/plugins/zenblocks/build/js/editor.js/wp-content/plugins/zenblocks/build/js/frontend.js/wp-content/plugins/zenblocks/build/js/scripts.js

Version Parameters

zenblocks/build/css/editor.css?ver=zenblocks/build/css/frontend.css?ver=zenblocks/build/css/responsive-base.css?ver=zenblocks/build/css/breakpoint-css-vars.css?ver=zenblocks/build/js/editor.js?ver=zenblocks/build/js/frontend.js?ver=zenblocks/build/js/scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes

zenblocks-frontend-css-vars

JS Globals

zenblockszenblocks_settings

REST Endpoints

/wp-json/zenblocks/v1/settings/wp-json/zenblocks/v1/breakpoints/wp-json/zenblocks/v1/css-cache

FAQ