WP-Safety

Animate It! Security & Risk Analysis

wordpress.org/plugins/animate-it

Add cool CSS3 animations to your content.

30K active installs v3.0.4 PHP + WP 4.7.0+ Updated Nov 21, 2025
animate-csscss3-animationinfinitejqueryon-scroll
98
A · Safe
CVEs total4
Unpatched0
Last CVEMar 30, 2022
Plugin page Download
Safety Verdict

Is Animate It! Safe to Use in 2026?

Generally Safe

Score 98/100

Animate It! has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Mar 30, 2022Updated 4mo ago
Risk Assessment

The "animate-it" plugin v3.0.4 exhibits a mixed security posture. On the positive side, it demonstrates good practices in SQL query handling, using prepared statements exclusively, and ensuring all output is properly escaped. The absence of critical or high-severity taint flows is also a strong indicator of secure coding in those areas. The plugin also has a history of known vulnerabilities, but importantly, none are currently unpatched, which is a positive sign of developer responsiveness.

However, there are notable security concerns. The plugin exposes one unprotected AJAX handler, which presents a significant attack vector. While the static analysis shows no dangerous functions or external HTTP requests, and a single nonce and capability check are present, the unprotected AJAX endpoint bypasses these crucial security measures. The vulnerability history, while showing no currently unpatched issues, reveals a past pattern of Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerabilities, indicating a potential for insecure input handling in previously discovered issues.

In conclusion, while the plugin has made strides in secure coding practices regarding SQL and output escaping, the presence of an unprotected AJAX handler is a critical flaw that elevates the risk. The historical prevalence of XSS and CSRF, though addressed in past versions, warrants continued vigilance. The overall security is compromised by this single, yet significant, unprotected entry point.

Key Concerns

  • Unprotected AJAX handler found
  • Past history of XSS vulnerabilities
  • Past history of CSRF vulnerabilities
Vulnerabilities
4

Animate It! Security Vulnerabilities

CVEs by Year

3 CVEs in 2019
2019
1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

High
1
Medium
3

4 total CVEs

WF-a3335613-1206-4555-8e48-748a336548d4-animate-itmedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Animate It! < 2.4.0 - Cross-Site Scripting

Mar 30, 2022 Patched in 2.4.0 (664d)
CVE-2019-17386high · 8.8Cross-Site Request Forgery (CSRF)

Animate It <= 2.3.5 - Cross-Site Request Forgery

Jul 27, 2019 Patched in 2.3.6 (1641d)
CVE-2019-17384medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Animate It <= 2.3.5 - Cross-Site Scripting

Jul 27, 2019 Patched in 2.3.6 (1641d)
CVE-2019-17385medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Animate It <= 2.3.5 - Cross-Site Scripting

Jul 27, 2019 Patched in 2.3.6 (1641d)
Code Analysis
Analyzed Mar 16, 2026

Animate It! Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
46 escaped
Nonce Checks
1
Capability Checks
1
File Operations
2
External Requests
0
Bundled Libraries
1

Bundled Libraries

TinyMCE1.0

Output Escaping

100% escaped46 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
update_edsanimate_options (edsanimate.php:192)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Animate It! Attack Surface

Entry Points4
Unprotected1

AJAX Handlers 1

authwp_ajax_edsanimate_get_popupedsanimate.php:90

Shortcodes 3

[edsanimate_start] edsanimate.php:71
[edsanimate_end] edsanimate.php:72
[edsanimate] edsanimate.php:73
WordPress Hooks 14
filterwidget_textedsanimate.php:51
actionplugins_loadededsanimate.php:56
actionplugins_loadededsanimate.php:59
actionadmin_menuedsanimate.php:62
actionwp_enqueue_scriptsedsanimate.php:65
actionadmin_enqueue_scriptsedsanimate.php:68
filterwidget_textedsanimate.php:76
actionin_widget_formedsanimate.php:77
filterwidget_update_callbackedsanimate.php:78
filterdynamic_sidebar_paramsedsanimate.php:79
actioninitedsanimate.php:85
filtertiny_mce_versionedsanimate.php:87
filtermce_external_languagesedsanimate.php:92
actioninitedsanimate.php:98
Maintenance & Trust

Animate It! Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 21, 2025
PHP min version
Downloads725K

Community Trust

Rating98/100
Number of ratings127
Active installs30K
Alternatives

Animate It! Alternatives

Infinite Scroll and Load More Ajax Pagination

Infinite Scroll and Load More Ajax Pagination

infinite-scroll-and-load-more-ajax-pagination

A
85

No more page refresh for next page click. User can stay on same page to see all result with Infinite Scroll and Load More.

200 No CVEs
WP Infinite Scrolling

WP Infinite Scrolling

wp-infinite-scrolling

A
85

WP Infinite Scrolling enables infinite scrolling on your WordPress blog.

100 No CVEs
Animations by Imoptimal

Animations by Imoptimal

animations-by-imoptimal

A
85

Accentuate most important elements on your website through animation - either when its entering the screens viewport or when its hovered on/tapped on &hellip;

70 No CVEs
Enable jQuery Migrate Helper

Enable jQuery Migrate Helper

enable-jquery-migrate-helper

B
71

Get information about calls to deprecated jQuery features in plugins or themes.

90K 1 unpatched
Ajax Load More – Infinite Scroll, Load More, & Lazy Load

Ajax Load More – Infinite Scroll, Load More, & Lazy Load

ajax-load-more

B
82

Add infinite scroll, lazy loading, and load more buttons to posts, pages, and WooCommerce products — fast and fully customizable for WordPress.

40K 17 CVEs
Developer Profile

Animate It! Developer Profile

eleopard

3 plugins · 30K total installs

62
trust score
Avg Security Score
75/100
Avg Patch Time
1397 days
View full developer profile
Detection Fingerprints

How We Detect Animate It!

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/animate-it/assets/css/animate.css/wp-content/plugins/animate-it/assets/css/eds-animate.css/wp-content/plugins/animate-it/assets/css/animate-it-editor.css/wp-content/plugins/animate-it/assets/js/eds-animate.js/wp-content/plugins/animate-it/assets/js/eds-animate-admin.js/wp-content/plugins/animate-it/assets/js/eds-tinymce-popup.js
Script Paths
/wp-content/plugins/animate-it/assets/js/eds-animate.js/wp-content/plugins/animate-it/assets/js/eds-animate-admin.js/wp-content/plugins/animate-it/assets/js/eds-tinymce-popup.js
Version Parameters
animate-it/assets/css/animate.css?ver=animate-it/assets/css/eds-animate.css?ver=animate-it/assets/css/animate-it-editor.css?ver=animate-it/assets/js/eds-animate.js?ver=animate-it/assets/js/eds-animate-admin.js?ver=animate-it/assets/js/eds-tinymce-popup.js?ver=

HTML / DOM Fingerprints

CSS Classes
eds-animateanimate-it-iconanimate-it-add-animationanimate-it-add-animation-btneds-animate-popup-contenteds-animate-select-animationeds-animate-animate-ineds-animate-delay+56 more
HTML Comments
<!-- EDSAnimate Start --><!-- EDSAnimate End --><!--EDSAnimate StartEDSAnimate End -->+2 more
Data Attributes
data-edsanimatedata-edsanimate-animationdata-edsanimate-delaydata-edsanimate-durationdata-edsanimate-easingdata-edsanimate-iterations+53 more
JS Globals
EDS_Animateeds_animate_it_objectEDS_TinyMCE
Shortcode Output
[edsanimate][edsanimate_start][edsanimate_end]
FAQ

Frequently Asked Questions about Animate It!