Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor

Create Better Content With The Block Editor. Custom Blocks for Bloggers and Content Marketers.

v3.5.7Ultimate BlocksUpdated Added 50k+ installs98% rating40% support resolved
25
Score
691
Errors
1,581
Warnings
+0
Change

Category Scores

Security0
Repo100
Performance97
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

2,272 findings

Maintainability

1,677

18 issue groups

Security

530

4 issue groups

I18n

38

3 issue groups

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$account_addon_ids".1,091
Category
Maintainability
Occurrences
1,091
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$account_addon_ids".

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" <a href='{$skip_url}' class='button button-small button-secondary'>{$use_plugin_anonymously_text}</a>"'.519
Category
Security
Occurrences
519
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" <a href='{$skip_url}' class='button button-small button-secondary'>{$use_plugin_anonymously_text}</a>"'.

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: &quot;_fs_text&quot;.329
Category
Maintainability
Occurrences
329
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: &quot;_fs_text&quot;.

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;73
Category
Maintainability
Occurrences
73
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: &quot;FS_Admin_Menu_Manager&quot;.58
Category
Maintainability
Occurrences
58
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: &quot;FS_Admin_Menu_Manager&quot;.

WARNINGMaintainabilityNon-prefixed constantGlobal constants defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;FS_API__ADDRESS&quot;.48
Category
Maintainability
Occurrences
48
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;FS_API__ADDRESS&quot;.

ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().26
Category
I18n
Occurrences
26
Severity
error

Sample message

Missing $domain parameter in function call to __().

WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: &quot;fs_plugins_api&quot;.19
Category
Maintainability
Occurrences
19
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: &quot;fs_plugins_api&quot;.

ERRORMaintainabilitydate datedate() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.15
Category
Maintainability
Occurrences
15
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

ERRORMaintainabilityPlugin Directory WritePlugin folders are deleted when upgraded. Do not save data to the plugin folder using copy(). Detected usage of constant WP_PLUGIN_DIR. Use wp_upload_dir() to get the uploads directory path or save to the database instead.9
Category
Maintainability
Occurrences
9
Severity
error

Sample message

Plugin folders are deleted when upgraded. Do not save data to the plugin folder using copy(). Detected usage of constant WP_PLUGIN_DIR. Use wp_upload_dir() to get the uploads directory path or save to the database instead.

Show 15 more
ERRORI18nText Domain Mismatch9
Category
I18n
Occurrences
9
Severity
error

Sample message

Mismatched text domain. Expected 'ultimate-blocks' but got "ultimate-block".

ERRORMaintainabilityfile system operations fwrite8
Category
Maintainability
Occurrences
8
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().

ERRORSecurityException output is not escaped7
Category
Security
Occurrences
7
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'.

WARNINGMaintainabilityDirect Query5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo Caching4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WARNINGMaintainabilityMissing Version4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

WARNINGMaintainabilityDynamic hook name3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$this-&gt;editor_data_filter_hook&quot;.

WARNINGMaintainabilityNot In Footer3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

ERRORI18nNon Singular String Literal Text3
Category
I18n
Occurrences
3
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $timeUnits[6 - $i] . ($t > 1 ? 's' : '')

ERRORMaintainabilityNot Allowed2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead

WARNINGMaintainabilitySchema Change2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Attempting a database schema change is discouraged.

WARNINGSecurityInput is not sanitized2
Category
Security
Occurrences
2
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_POST[&#039;blocks&#039;]

WARNINGSecurityRequest data is not unslashed2
Category
Security
Occurrences
2
Severity
warning

Sample message

$_POST[&#039;blocks&#039;] not unslashed before sanitization. Use wp_unslash() or similar

ERRORMaintainabilityfile system operations fopen2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

ERRORMaintainabilityunlink unlink2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

External Connections

Potential connections found in static code analysis.

56 domains

Outbound calls

283

External assets

6

Incoming endpoints

11

Notable Domains

imtiazrayhan.com12 · outbound
ultimateblocks.com12 · outbound
freemius.com10 · outbound
php.net6 · outbound
tiktok.com6 · outbound
fb.me5 · outbound

Platform / Reference Domains

gnu.org111 · platform/reference
w3.org37 · platform/reference
wordpress.org10 · platform/reference
github.com5 · platform/reference
schema.org3 · platform/reference
api.wordpress.org2 · platform/reference
make.wordpress.org2 · platform/reference
core.trac.wordpress.org1 · platform/reference

External Asset Domains

youtube.com4 · asset + outbound
i0.wp.com1 · asset

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints11
admin_post_fs_clone_resolutionauthenticated

admin_post

wp_ajax_fs_dismiss_notice_action_{$ajax_action_suffix}authenticated

wp_ajax

wp_ajax_fs_toggle_debug_modeauthenticated

wp_ajax

wp_ajax_toggle_block_statusauthenticated

wp_ajax

wp_ajax_toggle_extension_statusauthenticated

wp_ajax

wp_ajax_ub_wizard_completeauthenticated

wp_ajax

wp_ajax_ub_wizard_fs_optinauthenticated

wp_ajax

wp_ajax_ub_wizard_fs_skipauthenticated

wp_ajax

wp_ajax_ub_wizard_install_pluginauthenticated

wp_ajax

wp_ajax_ub_wizard_toggle_blocksauthenticated

wp_ajax

wp_ajax_UltimateBlocksReviewNoticeHideauthenticated

wp_ajax

Score History

2 score snapshots

+0
1007550250Jun 20, 2026, 01:57 AM UTC Score 25/100 Plugin v3.5.6 Plugin Check 2.0.0 690 errors, 1,581 warningsJun 30, 2026, 02:57 PM UTC Score 25/100 Plugin v3.5.7 Plugin Check 2.0.0 691 errors, 1,581 warningsJun 20, 2026Jun 30, 2026

v3.5.7

25

Latest

Findings
2,272
Errors
691
Warnings
1,581
Check
2.0.0

v3.5.6

25

Score

Findings
2,271
Errors
690
Warnings
1,581
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins

Breadcrumb Block

3k+ active installs

100
Counting Number Block

2k+ active installs

100
Crowdsignal Forms

200k+ active installs

100
Events Block

600 active installs

100