Does Ultimate Addons for SiteOrigin have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Ultimate Addons for SiteOrigin compatible with WordPress 5.2.24?

According to WordPress.org data, Ultimate Addons for SiteOrigin 2.4.2 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

How often is Ultimate Addons for SiteOrigin updated?

Ultimate Addons for SiteOrigin was last updated on Oct 21, 2019. Frequent updates are generally a positive security signal.

What is Ultimate Addons for SiteOrigin's security score?

Ultimate Addons for SiteOrigin has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ultimate Addons for SiteOrigin Security & Risk Analysis

wordpress.org/plugins/addon-so-widgets-bundle

An ultimate collection of addons for SiteOrigin. SiteOrigin Widgets Bundle is required.

7K active installs v2.4.2 PHP + WP 3.9+ Updated Oct 21, 2019

post-gridresponsivesiteorigin-page-builderwidgetwidgets

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Ultimate Addons for SiteOrigin Safe to Use in 2026?

Generally Safe

Score 85/100

Ultimate Addons for SiteOrigin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The addon-so-widgets-bundle plugin version 2.4.2 exhibits a generally good security posture, particularly in its handling of database queries and external interactions. The complete absence of raw SQL queries, reliance on prepared statements, and zero external HTTP requests are strong indicators of secure coding practices. The plugin also demonstrates a commendable awareness of security by implementing nonce and capability checks on its entry points, and the lack of shortcodes or cron events further reduces the potential attack surface.

However, a significant concern arises from the output escaping analysis. With 61% of outputs properly escaped, this leaves a substantial 39% potentially unescaped. This could be a vector for cross-site scripting (XSS) vulnerabilities if user-supplied data is not adequately sanitized before being displayed. The limited attack surface is a positive, but the concerning percentage of unescaped output warrants attention.

The plugin's vulnerability history is entirely clear, with no recorded CVEs. This, combined with the strong adherence to secure coding practices like prepared statements and checks, suggests a mature and well-maintained codebase. While the lack of past vulnerabilities is a positive sign, the unescaped output remains a potential weakness that could lead to future security issues if not addressed.

Key Concerns

Unescaped output percentage is high

Vulnerabilities

None known

Ultimate Addons for SiteOrigin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Ultimate Addons for SiteOrigin Release Timeline

v2.4.2Current

v2.4.1

v2.4.0

v2.3.0

v1.2.2

v1.2.1

v1.2

v1.1

v1.0

Code Analysis

Analyzed Mar 16, 2026

Ultimate Addons for SiteOrigin Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

128

199 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

61% escaped327 total outputs

Attack Surface

Ultimate Addons for SiteOrigin Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_cmb2_oembed_handlercmb\includes\CMB2_Ajax.php:51

noprivwp_ajax_cmb2_oembed_handlercmb\includes\CMB2_Ajax.php:52

WordPress Hooks 55

filtersiteorigin_widgets_widget_foldersaddon-so-widgets-bundle.php:20

actionwp_footeraddon-so-widgets-bundle.php:24

actionwp_footeraddon-so-widgets-bundle.php:35

filtersiteorigin_panels_widget_dialog_tabsaddon-so-widgets-bundle.php:163

actioncmb2_admin_initcmb\example-functions.php:105

actioncmb2_admin_initcmb\example-functions.php:470

actioncmb2_admin_initcmb\example-functions.php:500

actioncmb2_admin_initcmb\example-functions.php:564

actioncmb2_admin_initcmb\example-functions.php:633

actioncmb2_admin_initcmb\example-functions.php:674

actioncmb2_initcmb\example-functions.php:776

filterwp_prepare_attachment_for_jscmb\includes\CMB2.php:1525

actionadmin_enqueue_scriptscmb\includes\CMB2.php:1543

actioncmb2_save_options-page_fieldscmb\includes\CMB2_Ajax.php:54

filterget_post_metadatacmb\includes\CMB2_Ajax.php:147

filterupdate_post_metadatacmb\includes\CMB2_Ajax.php:150

filtercmb2_show_oncmb\includes\CMB2_hookup.php:79

actionedit_form_topcmb\includes\CMB2_hookup.php:115

actionedit_form_before_permalinkcmb\includes\CMB2_hookup.php:119

actionedit_form_after_titlecmb\includes\CMB2_hookup.php:123

actionedit_form_after_editorcmb\includes\CMB2_hookup.php:127

actionadd_meta_boxescmb\includes\CMB2_hookup.php:131

actionadd_meta_boxescmb\includes\CMB2_hookup.php:134

actionadd_attachmentcmb\includes\CMB2_hookup.php:135

actionedit_attachmentcmb\includes\CMB2_hookup.php:136

actionsave_postcmb\includes\CMB2_hookup.php:137

actionpre_get_postscmb\includes\CMB2_hookup.php:144

actionadd_meta_boxes_commentcmb\includes\CMB2_hookup.php:152

actionedit_commentcmb\includes\CMB2_hookup.php:153

filtermanage_edit-comments_columnscmb\includes\CMB2_hookup.php:156

actionmanage_comments_custom_columncmb\includes\CMB2_hookup.php:157

filtermanage_edit-comments_sortable_columnscmb\includes\CMB2_hookup.php:158

actionpre_get_postscmb\includes\CMB2_hookup.php:159

actionshow_user_profilecmb\includes\CMB2_hookup.php:168

actionedit_user_profilecmb\includes\CMB2_hookup.php:169

actionuser_new_formcmb\includes\CMB2_hookup.php:170

actionpersonal_options_updatecmb\includes\CMB2_hookup.php:172

actionedit_user_profile_updatecmb\includes\CMB2_hookup.php:173

actionuser_registercmb\includes\CMB2_hookup.php:174

filtermanage_users_columnscmb\includes\CMB2_hookup.php:177

filtermanage_users_custom_columncmb\includes\CMB2_hookup.php:178

filtermanage_users_sortable_columnscmb\includes\CMB2_hookup.php:179

actionpre_get_postscmb\includes\CMB2_hookup.php:180

actionpre_get_postscmb\includes\CMB2_hookup.php:226

actioncreated_termcmb\includes\CMB2_hookup.php:230

actionedited_termscmb\includes\CMB2_hookup.php:231

actiondelete_termcmb\includes\CMB2_hookup.php:232

actioncmb2_do_oembedcmb\includes\helper-functions.php:131

filteris_protected_metacmb\includes\rest-api\CMB2_REST.php:144

actioninitcmb\init.php:131

filtercmb_meta_boxescmb-functions.php:11

actioninitcmb-functions.php:59

actioninitextra-widgets\faqs\faqs.php:204

actioninitextra-widgets\testimonials\testimonials.php:138

actionwp_footerextra-widgets\testimonials\testimonials.php:145

Maintenance & Trust

Ultimate Addons for SiteOrigin Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedOct 21, 2019

PHP min version

Downloads184K

Community Trust

Rating70/100

Number of ratings15

Active installs7K

Alternatives

Ultimate Addons for SiteOrigin Alternatives

Livemesh SiteOrigin Widgets

livemesh-siteorigin-widgets

A collection of premium quality widgets for use in any widgetized area or in SiteOrigin page builder. SiteOrigin Widgets Bundle is required.

20K 2 CVEs

EleSpare – News, Magazine and Blog Addons for Elementor

elespare

EleSpare provides pre-designed templates, header/footer builders, and various post layouts for creating stunning news, magazine, and blog sites with E …

10K 2 CVEs

Featured Post Creative

featured-post-creative

Display Featured post on your website with 2 shortcode and 1 widget. Also work with Gutenberg shortcode block.

1K 2 CVEs

Blog News Addons For Elementor (News, Magazine and Blog Addons)

blognews-for-elementor

100

Build news, magazine & blog sites with BlogNews for Elementor. 50+ widgets, 20+ templates, header/footer builder. No coding required!

300 No CVEs

RA Widgets Bundle

ra-widgets-bundle

A collection of widgets using the SiteOrigin Widgets API.

100 No CVEs

Developer Profile

Ultimate Addons for SiteOrigin Developer Profile

Munir Kamal

8 plugins · 48K total installs

trust score

Avg Security Score

83/100

Avg Patch Time

313 days

View full developer profile

Detection Fingerprints

How We Detect Ultimate Addons for SiteOrigin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/addon-so-widgets-bundle/css/owl.carousel.css/wp-content/plugins/addon-so-widgets-bundle/css/widgets.css/wp-content/plugins/addon-so-widgets-bundle/js/owl.carousel.min.js

Script Paths

/wp-content/plugins/addon-so-widgets-bundle/js/owl.carousel.min.js

Version Parameters

addon-so-widgets-bundle/css/owl.carousel.css?ver=addon-so-widgets-bundle/css/widgets.css?ver=addon-so-widgets-bundle/js/owl.carousel.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

soua-tabsoua-tabssoua-mainsoua-accordionsoua-accordion-titlesoua-accordion-contentauto_height

Data Attributes

data-tabs

JS Globals

equalheight

FAQ