WP-Safety

Addon Elements for Elementor (formerly Elementor Addon Elements) Security & Risk Analysis

wordpress.org/plugins/addon-elements-for-elementor-page-builder

Addon Elements for Elementor comes with 40+ widgets and extensions to extend the power of Elementor Page Builder.

90K active installs v1.14.4 PHP 7.0+ WP 5.0+ Updated Dec 9, 2025
addonselementorelementor-addonelementor-widgetelements
92
A · Safe
CVEs total28
Unpatched0
Last CVEDec 13, 2025
Plugin page Download
Safety Verdict

Is Addon Elements for Elementor (formerly Elementor Addon Elements) Safe to Use in 2026?

Generally Safe

Score 92/100

Addon Elements for Elementor (formerly Elementor Addon Elements) has a strong security track record. Known vulnerabilities have been patched promptly.

28 known CVEsLast CVE: Dec 13, 2025Updated 3mo ago
Risk Assessment

The plugin 'addon-elements-for-elementor-page-builder' v1.14.4 exhibits a mixed security posture. While the static analysis shows a positive sign with no identified dangerous functions, 100% SQL query preparedness, and a reasonable number of nonce and capability checks, there are significant concerns regarding output escaping, with only 58% properly escaped. This indicates a potential for cross-site scripting vulnerabilities, especially given the plugin's history. The vulnerability history is alarming, with a substantial number of known CVEs, predominantly in the medium severity category. The types of past vulnerabilities are common and represent recurring weaknesses in web application security, including XSS, missing authorization, and path traversal. The fact that all 28 known CVEs are currently unpatched is a critical red flag. While the absence of critical taint flows and unprotected entry points in the current static analysis are strengths, the historical data and the output escaping deficiency strongly suggest a high-risk plugin. The plugin relies heavily on Elementor's framework, which can sometimes inherit or introduce its own vulnerabilities, but the plugin's own history is the primary concern here.

Key Concerns

  • Significant percentage of improperly escaped output
  • Large number of historical CVEs (28 total)
  • All historical CVEs are currently unpatched
  • Common past vulnerability types (XSS, auth, path traversal)
  • Bundled jQuery library
Vulnerabilities
28

Addon Elements for Elementor (formerly Elementor Addon Elements) Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
2 CVEs in 2021
2021
4 CVEs in 2023
2023
19 CVEs in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
27

28 total CVEs

CVE-2025-12537medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Addon Elements for Elementor <= 1.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 13, 2025 Patched in 1.14.4 (1d)
CVE-2024-13215medium · 4.3Exposure of Private Personal Information to an Unauthorized Actor

Elementor Addon Elements <= 1.13.10 - Authenticated (Contributor+) Sensitive Information Exposure via Modal Popup

Jan 14, 2025 Patched in 1.14 (2d)
CVE-2024-8902medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

Elementor Addon Elements <= 1.13.8 - Authenticated (Contributor+) Sensitive Information Exposure via table_saved_sections

Oct 11, 2024 Patched in 1.13.9 (1d)
CVE-2024-47361medium · 4.3Missing Authorization

Elementor Addon Elements <= 1.13.6 - Missing Authorization

Sep 30, 2024 Patched in 1.13.7 (11d)
CVE-2024-47366medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Elementor Addon Elements <= 1.13.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 30, 2024 Patched in 1.13.7 (11d)
CVE-2024-7122medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Elementor Addon Elements <= 1.13.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

Aug 29, 2024 Patched in 1.13.7 (1d)
CVE-2024-4401medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via id and eae_slider_animation Parameters

Aug 29, 2024 Patched in 1.13.6 (1d)
CVE-2024-4569medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 26, 2024 Patched in 1.13.6 (1d)
CVE-2024-4570medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 26, 2024 Patched in 1.13.6 (1d)
CVE-2024-2092medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Elementor Addon Elements <= 1.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Widget

Jun 11, 2024 Patched in 1.13.4 (1d)
CVE-2024-3743medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Elementor Addon Elements <= 1.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 29, 2024 Patched in 1.13.4 (4d)
CVE-2024-30422medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Elementor Addon Elements <= 1.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 28, 2024 Patched in 1.13.2 (7d)
CVE-2024-2091medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Elementor Addon Elements <= 1.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 27, 2024 Patched in 1.13.3 (7d)
CVE-2024-2792medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Elementor Addon Elements <= 1.13.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Text Separator' and 'Image Compare' Widget

Mar 27, 2024 Patched in 1.13.3 (212d)
CVE-2024-29107medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Elementor Addon Elements <= 1.12.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 15, 2024 Patched in 1.12.11 (6d)
CVE-2024-1358high · 8.8Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Elementor Addon Elements <= 1.12.12 - Directory Traversal to Local File Inclusion

Feb 21, 2024 Patched in 1.13 (22d)
CVE-2024-1392medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Dual Button Widget

Feb 21, 2024 Patched in 1.13 (22d)
CVE-2024-1422medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Elementor Addon Elements <= 1.12.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Modal Popup effet

Feb 21, 2024 Patched in 1.13 (22d)
CVE-2024-1391medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Thumbnail Slider Widget

Feb 21, 2024 Patched in 1.13 (101d)
CVE-2024-1393medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Switcher Widget

Feb 21, 2024 Patched in 1.13 (22d)
CVE-2024-0834medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Elementor Addon Elements <= 1.12.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 5, 2024 Patched in 1.12.12 (1d)
CVE-2023-4689medium · 5.4Cross-Site Request Forgery (CSRF)

Elementor Addon Elements <= 1.12.7 - Cross-Site Request Forgery

Nov 15, 2023 Patched in 1.12.8 (69d)
CVE-2023-4723medium · 5.3Missing Authorization

Elementor Addon Elements <= 1.12.7 - Missing Authorization to Sensitive Information Exposure

Nov 15, 2023 Patched in 1.12.8 (69d)
CVE-2023-5381medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Elementor Addon Elements <= 1.12.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

Nov 15, 2023 Patched in 1.12.8 (69d)
CVE-2023-4690medium · 5.4Cross-Site Request Forgery (CSRF)

Elementor Addon Elements <= 1.12.7 - Cross-Site Request Forgery

Nov 15, 2023 Patched in 1.12.8 (69d)
WF-11e97adc-b402-4d82-ae39-4dccbd70bcf2-addon-elements-for-elementor-page-buildermedium · 6.5Cross-Site Request Forgery (CSRF)

Elementor Addon Elements <= 1.11.7 - Cross-Site Request Forgery

Jul 20, 2021 Patched in 1.11.8 (917d)
CVE-2021-24259medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Elementor Addon Elements <= 1.11.1 - Stored Cross-Site Scripting

Apr 13, 2021 Patched in 1.11.2 (1015d)
WF-a0297cab-8b6f-4e09-b552-4772c6f72c04-addon-elements-for-elementor-page-buildermedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Elementor Addon Elements <= 1.6.3 - Reflected Cross-Site Scripting

Sep 8, 2020 Patched in 1.6.4 (1232d)
Code Analysis
Analyzed Mar 16, 2026

Addon Elements for Elementor (formerly Elementor Addon Elements) Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
229
321 escaped
Nonce Checks
8
Capability Checks
7
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

jQuery

Output Escaping

58% escaped550 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
eae_save_config (inc\admin\admin-ui.php:83)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Addon Elements for Elementor (formerly Elementor Addon Elements) Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 6

authwp_ajax_eae_refresh_insta_cacheclasses\helper.php:22
noprivwp_ajax_eae_refresh_insta_cacheclasses\helper.php:23
authwp_ajax_eae_add_to_cartclasses\helper.php:24
noprivwp_ajax_eae_add_to_cartclasses\helper.php:25
authwp_ajax_eae_elements_saveinc\admin\admin-ui.php:27
authwp_ajax_eae_save_configinc\admin\admin-ui.php:28
WordPress Hooks 85
actionelementor/widgets/registerbase\module-base.php:75
actionwp_enqueue_scriptsbase\module-base.php:77
actionadmin_noticeselementor-addon-elements.php:50
actionadmin_noticeselementor-addon-elements.php:78
actionplugins_loadedelementor-addon-elements.php:118
actionadmin_noticeselementor-addon-elements.php:122
filtereae/admin_noticesinc\admin\admin-notice.php:20
filtereae/admin_noticesinc\admin\admin-notice.php:21
actionadmin_menuinc\admin\admin-ui.php:24
actionin_admin_headerinc\admin\admin-ui.php:25
actionelementor/initinc\bootstrap.php:40
actionelementor/elements/categories_registeredinc\bootstrap.php:41
actionwp_enqueue_scriptsinc\bootstrap.php:42
actionelementor/editor/wp_headinc\bootstrap.php:43
actionelementor/controls/controls_registeredinc\bootstrap.php:44
actionplugins_loadedinc\bootstrap.php:45
filterelementor/editor/localize_settingsinc\bootstrap.php:47
filterplugin_row_metainc\bootstrap.php:50
actionafter_setup_themeinc\bootstrap.php:52
actionadmin_enqueue_scriptsinc\bootstrap.php:53
actionadmin_noticesinc\bootstrap.php:261
actionadmin_noticesinc\bootstrap.php:269
actionadmin_print_scriptsinc\bootstrap.php:324
actionadmin_noticesinc\bootstrap.php:581
actionadmin_noticesinc\bootstrap.php:656
actionelementor/element/after_section_endmodules\animated-gradient\module.php:14
actionelementor/element/print_templatemodules\animated-gradient\module.php:15
actionelementor/section/print_templatemodules\animated-gradient\module.php:16
actionelementor/column/print_templatemodules\animated-gradient\module.php:17
actionelementor/container/print_templatemodules\animated-gradient\module.php:18
actionelementor/frontend/before_rendermodules\animated-gradient\module.php:19
actionelementor/element/after_section_endmodules\bg-slider\module.php:21
actionelementor/frontend/element/before_rendermodules\bg-slider\module.php:23
actionelementor/frontend/column/before_rendermodules\bg-slider\module.php:25
actionelementor/frontend/section/before_rendermodules\bg-slider\module.php:26
actionelementor/frontend/container/before_rendermodules\bg-slider\module.php:27
actionelementor/element/print_templatemodules\bg-slider\module.php:29
actionelementor/section/print_templatemodules\bg-slider\module.php:30
actionelementor/column/print_templatemodules\bg-slider\module.php:31
actionelementor/container/print_templatemodules\bg-slider\module.php:32
actionwp_enqueue_scriptsmodules\bg-slider\module.php:34
actionelementor/element/eae-charts/tl_skins/after_section_endmodules\chart\skins\skin-base.php:13
actionelementor/element/eae-info-circle/skin1_icon_global_style/after_section_endmodules\info-circle\skins\skin-1.php:12
actionelementor/element/eae-info-circle/skin1_content_styling/after_section_startmodules\info-circle\skins\skin-1.php:13
actionelementor/element/eae-info-circle/skin2_icon_global_style/after_section_endmodules\info-circle\skins\skin-2.php:12
actionelementor/element/eae-info-circle/skin2_content_styling/after_section_startmodules\info-circle\skins\skin-2.php:13
actionelementor/element/eae-info-circle/skin3_icon_global_style/after_section_endmodules\info-circle\skins\skin-3.php:12
actionelementor/element/eae-info-circle/skin3_content_styling/after_section_startmodules\info-circle\skins\skin-3.php:13
actionelementor/element/eae-info-circle/skin4_icon_global_style/after_section_endmodules\info-circle\skins\skin-4.php:12
actionelementor/element/eae-info-circle/skin4_content_styling/after_section_startmodules\info-circle\skins\skin-4.php:13
actionelementor/element/eae-info-circle/ic_skins/before_section_endmodules\info-circle\skins\skin-base.php:24
actionelementor/element/eae-info-circle/ic_skins/after_section_endmodules\info-circle\skins\skin-base.php:25
actionelementor/element/eae-info-circle/ic_skins/after_section_endmodules\info-circle\skins\skin-base.php:26
actionelementor/element/after_section_endmodules\particles\module.php:11
actionelementor/section/print_templatemodules\particles\module.php:14
actionelementor/column/print_templatemodules\particles\module.php:15
actionelementor/container/print_templatemodules\particles\module.php:16
actionelementor/frontend/column/before_rendermodules\particles\module.php:18
actionelementor/frontend/section/before_rendermodules\particles\module.php:19
actionelementor/frontend/container/before_rendermodules\particles\module.php:20
actionwp_enqueue_scriptsmodules\particles\module.php:22
actionelementor/editor/wp_headmodules\particles\module.php:23
actionelementor/element/eae-progress-bar/pb_skins/before_section_endmodules\progress-bar\skins\skin-1.php:13
actionelementor/element/eae-progress-bar/skin2_general_style/before_section_endmodules\progress-bar\skins\skin-2.php:14
actionelementor/element/eae-progress-bar/skin3_general_style/before_section_endmodules\progress-bar\skins\skin-3.php:13
actionelementor/element/eae-progress-bar/pb_skins/before_section_endmodules\progress-bar\skins\skin-4.php:13
actionelementor/element/eae-progress-bar/pb_skins/before_section_endmodules\progress-bar\skins\skin-5.php:13
actionelementor/element/eae-progress-bar/pb_skins/before_section_endmodules\progress-bar\skins\skin-base.php:18
actionelementor/element/eae-progress-bar/pb_skins/after_section_endmodules\progress-bar\skins\skin-base.php:19
actionelementor/element/eae-timeline/skin1_icon_global_style/after_section_endmodules\timeline\skins\skin-1.php:12
actionelementor/element/eae-timeline/skin2_icon_global_style/after_section_endmodules\timeline\skins\skin-2.php:12
actionelementor/element/eae-timeline/skin2_section_global_icon/after_section_endmodules\timeline\skins\skin-2.php:13
actionelementor/element/eae-timeline/skin3_icon_global_style/after_section_endmodules\timeline\skins\skin-3.php:12
actionelementor/element/eae-timeline/skin3_section_global_icon/after_section_endmodules\timeline\skins\skin-3.php:13
actionelementor/element/eae-timeline/skin4_icon_global_style/after_section_endmodules\timeline\skins\skin-4.php:12
actionelementor/element/eae-timeline/skin4_section_global_icon/after_section_endmodules\timeline\skins\skin-4.php:13
actionelementor/element/eae-timeline/tl_skins/before_section_endmodules\timeline\skins\skin-base.php:25
actionelementor/element/eae-timeline/tl_skins/after_section_endmodules\timeline\skins\skin-base.php:26
actionelementor/element/eae-timeline/section_post_element/after_section_endmodules\timeline\skins\skin-base.php:27
actionelementor/element/eae-timeline/tl_skins/after_section_endmodules\timeline\skins\skin-base.php:34
actionelementor/element/before_section_startmodules\wrapper-links\module.php:18
actionelementor/frontend/element/before_rendermodules\wrapper-links\module.php:19
actionelementor/frontend/section/before_rendermodules\wrapper-links\module.php:21
actionelementor/frontend/column/before_rendermodules\wrapper-links\module.php:22
filterwpml_elementor_widgets_to_translatewpml\wpml-compatibility.php:17
Maintenance & Trust

Addon Elements for Elementor (formerly Elementor Addon Elements) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 9, 2025
PHP min version7.0
Downloads3.3M

Community Trust

Rating96/100
Number of ratings172
Active installs90K
Alternatives

Addon Elements for Elementor (formerly Elementor Addon Elements) Alternatives

Qi Addons For Elementor

Qi Addons For Elementor

qi-addons-for-elementor

A
91

Qi Addons for Elementor is a comprehensive library of 60+ custom, flexible & easily styled Elementor widgets developed by Qode Interactive.

200K 10 CVEs
Mega Elements – Addons for Elementor

Mega Elements – Addons for Elementor

mega-elements-addons-for-elementor

A
96

A powerful and advanced all in one Elementor addons with unique styling features to create a beautiful website effortlessly.

10K 6 CVEs
ElementsReady Addons for Elementor

ElementsReady Addons for Elementor

element-ready-lite

A
96

ElementsReady Addons for Elementor comes up with ultimate widgets like Post, Accordion, Portfolio, Testimonial, Nav menu, Carousel, Slider etc..

3K 9 CVEs
WPB Addons for Elementor – News Ticker, Timeline, Team, Services, Testimonials, and Much More

WPB Addons for Elementor – News Ticker, Timeline, Team, Services, Testimonials, and Much More

wpb-elementor-addons

B
74

A powerful collection of custom Elementor widgets and extensions to build advanced layouts with ease.

3K 1 unpatched
MT Addons for Elementor

MT Addons for Elementor

mt-addons-for-elementor

A
99

MT Addons for Elementor with 50+ widgets, crafted by ModelTheme for dynamic, stylish website creation.

2K 1 CVE
Developer Profile

Addon Elements for Elementor (formerly Elementor Addon Elements) Developer Profile

WPVibes

10 plugins · 201K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
157 days
View full developer profile
Detection Fingerprints

How We Detect Addon Elements for Elementor (formerly Elementor Addon Elements)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/addon-elements-for-elementor-page-builder/assets/css/widgets.min.css/wp-content/plugins/addon-elements-for-elementor-page-builder/assets/js/widgets.min.js
Script Paths
/wp-content/plugins/addon-elements-for-elementor-page-builder/assets/js/widgets.min.js
Version Parameters
addon-elements-for-elementor-page-builder/assets/css/widgets.min.css?ver=addon-elements-for-elementor-page-builder/assets/js/widgets.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
eae-sectioneae-columneae-headingeae-buttoneae-imageeae-testimonialeae-slidereae-carousel+4 more
HTML Comments
<!-- Elementor eae Widget Start --><!-- Elementor eae Widget End --><!-- EAE Elementor Widget -->
Data Attributes
data-eae-widget-iddata-eae-settings
JS Globals
eae_widgets
REST Endpoints
/wp-json/wts-eae/v1/
FAQ

Frequently Asked Questions about Addon Elements for Elementor (formerly Elementor Addon Elements)