Does All in one Avada Addons have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is All in one Avada Addons compatible with WordPress 5.8.13?

According to WordPress.org data, All in one Avada Addons 1.2.3 has been tested up to WordPress 5.8.13. Check the plugin's changelog for the latest compatibility information.

Is All in one Avada Addons compatible with PHP 5.6+?

All in one Avada Addons requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is All in one Avada Addons updated?

All in one Avada Addons was last updated on Jul 29, 2021. Frequent updates are generally a positive security signal.

What is All in one Avada Addons's security score?

All in one Avada Addons has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

All in one Avada Addons Security & Risk Analysis

wordpress.org/plugins/all-in-one-avada-addons

This plugin add new features to the Avada theme. The best selling theme ever.

40 active installs v1.2.3 PHP 5.6+ WP 3.0+ Updated Jul 29, 2021

avadacarouselwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is All in one Avada Addons Safe to Use in 2026?

Generally Safe

Score 85/100

All in one Avada Addons has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The "all-in-one-avada-addons" v1.2.3 plugin exhibits a mixed security posture. On the positive side, it boasts a clean vulnerability history with zero known CVEs, suggesting a history of robust security development or a lack of targeted attacks. The plugin also demonstrates good practices in its use of prepared statements for SQL queries (83%) and proper output escaping (82%). Nonce checks and capability checks are present, further strengthening its defense mechanisms. However, concerns arise from the static analysis, specifically the presence of two AJAX handlers without authentication checks. This represents a direct attack vector that could be exploited if these handlers perform sensitive operations or are susceptible to manipulation. While taint analysis did not reveal critical or high-severity vulnerabilities, the five flows with unsanitized paths warrant attention, even if their severity is not explicitly categorized as high in the provided data. Overall, the plugin has a solid foundation in many security areas, but the unprotected AJAX endpoints and unsanitized paths represent significant weaknesses that could be exploited without further hardening.

Key Concerns

Unprotected AJAX handlers
Flows with unsanitized paths

Vulnerabilities

None known

All in one Avada Addons Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

All in one Avada Addons Release Timeline

v1.2.3Current

v1.2.2

v1.2.1

v1.2.0

v1.1.7

v1.1.6

v1.1.5

v1.1.4

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.3

v1.0.2

v1.0.1

Code Analysis

Analyzed Mar 16, 2026

All in one Avada Addons Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

313

1396 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

83% prepared6 total queries

Output Escaping

82% escaped1709 total outputs

Data Flows · Security

5 unsanitized

Data Flow Analysis

8 flows5 with unsanitized paths

formActionUrl (inc\aio-redux-core\appsero\License.php:677)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

All in one Avada Addons Attack Surface

Entry Points10

Unprotected2

AJAX Handlers 4

authwp_ajax_redux_support_hashinc\aio-redux-core\class-redux-core.php:354

authwp_ajax_redux_hide_admin_noticeinc\aio-redux-core\inc\classes\class-redux-admin-notices.php:41

authwp_ajax_redux_update_google_fontsinc\aio-redux-core\inc\classes\class-redux-ajax-typography.php:26

authwp_ajax_redux_activationinc\aio-redux-core\inc\classes\class-redux-connection-banner.php:96

Shortcodes 6

[product-carousel-template1] template\global-layout-product.php:111

[aio_credit] template\shortcode-credit.php:24

[aio_post_card] template\shortcode-post-card.php:25

[carousel_post_type] template\shortcode-post-carousel.php:26

[adv_products_template] template\template-woo-product.php:392

[adv_products_template_archive] template\template-woo-product.php:393

WordPress Hooks 100

actionwp_enqueue_scriptsall-in-one-avada-addons.php:37

actionadmin_enqueue_scriptsall-in-one-avada-addons.php:44

actionwp_enqueue_scriptall-in-one-avada-addons.php:46

actioninitall-in-one-avada-addons.php:78

actionadmin_noticesall-in-one-avada-addons.php:87

actionadmin_menuall-in-one-avada-addons.php:99

actionfusion_builder_before_initbuilder-elements\credits.php:43

actionfusion_builder_before_initbuilder-elements\post-card.php:720

actioninitbuilder-elements\post-card.php:721

actionfusion_builder_before_initbuilder-elements\post-carousel.php:562

actioninitbuilder-elements\post-carousel.php:563

actionswitch_themeinc\aio-redux-core\appsero\Insights.php:115

actionswitch_themeinc\aio-redux-core\appsero\Insights.php:116

actionadmin_footerinc\aio-redux-core\appsero\Insights.php:128

actionadmin_noticesinc\aio-redux-core\appsero\Insights.php:146

actionadmin_initinc\aio-redux-core\appsero\Insights.php:149

filtercron_schedulesinc\aio-redux-core\appsero\Insights.php:155

actionadmin_menuinc\aio-redux-core\appsero\License.php:176

actionafter_switch_themeinc\aio-redux-core\appsero\License.php:668

actionswitch_themeinc\aio-redux-core\appsero\License.php:669

filterpre_set_site_transient_update_pluginsinc\aio-redux-core\appsero\Updater.php:42

filterplugins_apiinc\aio-redux-core\appsero\Updater.php:43

filterpre_set_site_transient_update_themesinc\aio-redux-core\appsero\Updater.php:52

actionadmin_initinc\aio-redux-core\class-redux-core.php:346

filterredux/tracking/optionsinc\aio-redux-core\class-redux-core.php:356

actionadmin_noticesinc\aio-redux-core\inc\classes\class-redux-admin-notices.php:42

actionadmin_initinc\aio-redux-core\inc\classes\class-redux-admin-notices.php:43

actionafter_setup_themeinc\aio-redux-core\inc\classes\class-redux-api.php:121

actioninitinc\aio-redux-core\inc\classes\class-redux-api.php:122

actionswitch_themeinc\aio-redux-core\inc\classes\class-redux-api.php:123

actionplugins_loadedinc\aio-redux-core\inc\classes\class-redux-api.php:174

actionReduxFrameworkPlugin_admin_noticeinc\aio-redux-core\inc\classes\class-redux-api.php:1700

actionredux_framework_plugin_admin_noticeinc\aio-redux-core\inc\classes\class-redux-api.php:1701

actioncurrent_screeninc\aio-redux-core\inc\classes\class-redux-connection-banner.php:97

actionredux_admin_notices_runinc\aio-redux-core\inc\classes\class-redux-connection-banner.php:184

actionadmin_headinc\aio-redux-core\inc\classes\class-redux-connection-banner.php:185

actionadmin_noticesinc\aio-redux-core\inc\classes\class-redux-connection-banner.php:191

actionnetwork_admin_noticesinc\aio-redux-core\inc\classes\class-redux-connection-banner.php:192

actionadmin_headinc\aio-redux-core\inc\classes\class-redux-connection-banner.php:193

filteradmin_body_classinc\aio-redux-core\inc\classes\class-redux-connection-banner.php:194

actionadmin_noticesinc\aio-redux-core\inc\classes\class-redux-connection-banner.php:198

actioninitinc\aio-redux-core\inc\classes\class-redux-enable-gutenberg.php:118

actioninitinc\aio-redux-core\inc\classes\class-redux-enable-gutenberg.php:119

actionplugins_loadedinc\aio-redux-core\inc\classes\class-redux-enable-gutenberg.php:121

actionafter_setup_themeinc\aio-redux-core\inc\classes\class-redux-enable-gutenberg.php:122

actionadmin_noticesinc\aio-redux-core\inc\classes\class-redux-enable-gutenberg.php:123

actionadmin_enqueue_scriptsinc\aio-redux-core\inc\classes\class-redux-enqueue.php:57

actionwp_enqueue_scriptsinc\aio-redux-core\inc\classes\class-redux-enqueue.php:60

filterredux/fieldsinc\aio-redux-core\inc\classes\class-redux-extension-abstract.php:180

actionwp_headinc\aio-redux-core\inc\classes\class-redux-functions-ex.php:158

actionredux/constructinc\aio-redux-core\inc\classes\class-redux-instances.php:74

actionadmin_initinc\aio-redux-core\inc\classes\class-redux-options-constructor.php:55

actionwp_headinc\aio-redux-core\inc\classes\class-redux-output.php:30

actionwp_enqueue_scriptsinc\aio-redux-core\inc\classes\class-redux-output.php:31

actionlogin_headinc\aio-redux-core\inc\classes\class-redux-output.php:36

actionlogin_enqueue_scriptsinc\aio-redux-core\inc\classes\class-redux-output.php:37

actionadmin_headinc\aio-redux-core\inc\classes\class-redux-output.php:42

actionadmin_enqueue_scriptsinc\aio-redux-core\inc\classes\class-redux-output.php:43

filterstyle_loader_taginc\aio-redux-core\inc\classes\class-redux-output.php:222

filterwp_resource_hintsinc\aio-redux-core\inc\classes\class-redux-output.php:223

actionadmin_menuinc\aio-redux-core\inc\classes\class-redux-page-render.php:47

actionnetwork_admin_menuinc\aio-redux-core\inc\classes\class-redux-page-render.php:51

actionadmin_headinc\aio-redux-core\inc\classes\class-redux-page-render.php:140

filteradmin_footer_textinc\aio-redux-core\inc\classes\class-redux-page-render.php:143

filterdeprecated_file_trigger_errorinc\aio-redux-core\inc\classes\class-redux-panel.php:316

actionrest_api_initinc\aio-redux-core\inc\classes\class-redux-rest-api-builder.php:46

actionadmin_initinc\aio-redux-core\inc\classes\class-redux-user-feedback.php:81

actionadmin_initinc\aio-redux-core\inc\classes\class-redux-user-feedback.php:82

actionadmin_noticesinc\aio-redux-core\inc\classes\class-redux-user-feedback.php:163

actioncustomize_registerinc\aio-redux-core\inc\extensions\customizer\class-redux-extension-customizer.php:137

actionwp_headinc\aio-redux-core\inc\extensions\customizer\class-redux-extension-customizer.php:138

actioncustomize_save_afterinc\aio-redux-core\inc\extensions\customizer\class-redux-extension-customizer.php:142

actioncustomize_controls_print_scriptsinc\aio-redux-core\inc\extensions\customizer\class-redux-extension-customizer.php:145

actioncustomize_controls_initinc\aio-redux-core\inc\extensions\customizer\class-redux-extension-customizer.php:146

actionwp_enqueue_stylesinc\aio-redux-core\inc\extensions\customizer\class-redux-extension-customizer.php:147

filterupload_mimesinc\aio-redux-core\inc\extensions\import_export\class-redux-extension-import-export.php:92

filterredux/font-iconsinc\aio-redux-core\inc\fields\select\elusive-icons.php:11

actionadmin_enqueue_scriptsinc\aio-redux-core\inc\themecheck\class-redux-themecheck.php:71

actionadmin_enqueue_scriptsinc\aio-redux-core\inc\themecheck\class-redux-themecheck.php:72

actionthemecheck_checks_loadedinc\aio-redux-core\inc\themecheck\class-redux-themecheck.php:74

actionthemecheck_checks_loadedinc\aio-redux-core\inc\themecheck\class-redux-themecheck.php:75

actioninitinc\aio-redux-core\inc\validation\unique_slug\class-redux-validation-unique-slug.php:80

actioninitinc\aio-redux-core\inc\welcome\class-redux-welcome.php:49

actionadmin_menuinc\aio-redux-core\inc\welcome\class-redux-welcome.php:61

filteradmin_footer_textinc\aio-redux-core\inc\welcome\class-redux-welcome.php:67

actionadmin_headinc\aio-redux-core\inc\welcome\class-redux-welcome.php:68

actioninittemplate\shortcode-post-card.php:30

actioninittemplate\shortcode-post-card.php:35

actionwp_headtemplate\shortcode-post-carousel.php:20

actioninittemplate\shortcode-post-carousel.php:31

actioninittemplate\shortcode-post-carousel.php:36

actionwoocommerce_after_shop_loop_item_titletemplate\template-woo-product.php:429

actionwoocommerce_before_shop_loop_itemtemplate\template-woo-product.php:461

actionwoocommerce_after_shop_loop_item_titletemplate\template-woo-product.php:499

actionwoocommerce_after_shop_loop_item_titletemplate\template-woo-product.php:518

actionwoocommerce_after_shop_loop_item_titletemplate\template-woo-product.php:573

actionadv_woo_special_offer_count_downtemplate\template-woo-product.php:585

actionwoocommerce_before_shop_loop_itemtemplate\template-woo-product.php:589

actionfusion_builder_before_inittemplate\template-woo-product.php:1677

actionfusion_builder_before_inittemplate\template-woo-product.php:2802

Maintenance & Trust

All in one Avada Addons Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13

Last updatedJul 29, 2021

PHP min version5.6

Downloads4K

Community Trust

Rating100/100

Number of ratings3

Active installs40

Alternatives

All in one Avada Addons Alternatives

Product Gallery Slider, Additional Variation Images, Product Video, Product Image Zoom and Lightbox for WooCommerce – WooGallery

gallery-slider-for-woocommerce

100

🔥 All-in-One WooCommerce Product Image and Video Gallery Solution to Enhance Your Customers' Shopping Experience and Boost Sales Instantly! 🚀

20K No CVEs

Product Gallery Slider, Additional Variation Images for WooCommerce

woo-product-gallery-slider

Enhance your customers' shopping experience and boost sales instantly with this WooCommerce Product Gallery Slider! 🚀

20K 2 CVEs

Product Slider, Product Carousel and Product Grid Gallery for WooCommerce – WooProduct Slider

woo-product-slider

Display your WooCommerce products in a responsive Product Slider, Product Carousel, or Product Grid Gallery with easy customization.

20K 2 CVEs

YITH WooCommerce Product Gallery & Image Zoom

yith-woocommerce-zoom-magnifier

YITH WooCommerce Product Gallery & Image Zoom add zoom effect to product images and a customizable image slider.

20K 1 CVE

Product Category Slider & Grid for WooCommerce – WooCategory

woo-category-slider-grid

100

Display product categories in responsive sliders or grids to showcase them effectively on your WooCommerce store and improve shoppers' navigation.

10K 1 CVE

Developer Profile

All in one Avada Addons Developer Profile

Marco

2 plugins · 50 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect All in one Avada Addons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/all-in-one-avada-addons/assets/css/public/all-in-one-style.css/wp-content/plugins/all-in-one-avada-addons/assets/js/public/global.js/wp-content/plugins/all-in-one-avada-addons/assets/css/admin/all-in-one-style-admin.css/wp-content/plugins/all-in-one-avada-addons/assets/js/admin/global-admin.js

Script Paths

/wp-content/plugins/all-in-one-avada-addons/assets/js/public/global.js/wp-content/plugins/all-in-one-avada-addons/assets/js/admin/global-admin.js

Version Parameters

all-in-one-avada-addons/assets/css/public/all-in-one-style.css?ver=all-in-one-avada-addons/assets/js/public/global.js?ver=all-in-one-avada-addons/assets/css/admin/all-in-one-style-admin.css?ver=all-in-one-avada-addons/assets/js/admin/global-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

aio-header-dashboardlogo-aio-panel-optionsaio-dash-plugin-nameaio-dashboard-areasaio-dashboard-welcome-area

JS Globals

PLUGIN_URL

FAQ