WP-Safety

Apollo13 Framework Extensions Security & Risk Analysis

wordpress.org/plugins/apollo13-framework-extensions

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K active installs v1.9.9 PHP 5.4.0+ WP 4.7+ Updated Dec 4, 2025
custom-post-typeselementor-widgetsshortcodeswpbakery-page-builder-support
95
A · Safe
CVEs total6
Unpatched0
Last CVEFeb 18, 2026
Plugin page Download
Safety Verdict

Is Apollo13 Framework Extensions Safe to Use in 2026?

Generally Safe

Score 95/100

Apollo13 Framework Extensions has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

6 known CVEsLast CVE: Feb 18, 2026Updated 5mo ago
Risk Assessment

The plugin 'apollo13-framework-extensions' v1.9.9 exhibits a mixed security posture. On the positive side, static analysis shows a strong adherence to secure coding practices, with 100% of SQL queries using prepared statements, a high percentage of output escaping (84%), and the presence of nonce and capability checks on entry points. Crucially, no critical or high severity taint flows were identified, and all entry points appear to have authorization checks, contributing to a reduced immediate risk from directly exploitable code flaws. However, the plugin's history of 6 known medium severity vulnerabilities, including Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and Missing Authorization issues, indicates a pattern of past exploitable weaknesses that, while currently patched, suggest an underlying susceptibility. The presence of the `unserialize` function, a known source of vulnerabilities if not handled with extreme care, is also a concern, though its exploitation is not evident in the taint analysis.

Despite the current lack of unpatched CVEs and critical taint flows, the historical prevalence of medium-severity vulnerabilities warrants attention. This suggests that while developers are addressing issues, there may be recurring patterns or oversight in certain areas. The attack surface, while protected by checks, is still present across AJAX handlers and shortcodes. The plugin's strengths lie in its implemented security mechanisms like prepared statements and output escaping. The primary weakness identified is its historical vulnerability record and the presence of a potentially dangerous function. Overall, the plugin is in a relatively secure state for this version, but vigilance regarding its past exploitability is advised.

Key Concerns

  • History of 6 medium severity vulnerabilities
  • Presence of dangerous function (unserialize)
Vulnerabilities
6 published

Apollo13 Framework Extensions Security Vulnerabilities

CVEs by Year

3 CVEs in 2023
2023
2 CVEs in 2024
2024
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
6

6 total CVEs

CVE-2025-13617medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Apollo13 Framework Extension <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via `a13_alt_link` Parameter

Feb 18, 2026 Patched in 1.9.9 (1d)
CVE-2024-37480medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Apollo13 Framework Extensions <= 1.9.3 - Authenticated (Author+) Stored Cross-Site Scripting

Jul 4, 2024 Patched in 1.9.4 (62d)
CVE-2024-24880medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Apollo13 Framework Extensions <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 5, 2024 Patched in 1.9.3 (4d)
CVE-2023-51539medium · 4.3Cross-Site Request Forgery (CSRF)

Apollo13 Framework Extensions <= 1.9.1 - Cross-Site Request Forgery

Dec 27, 2023 Patched in 1.9.2 (27d)
CVE-2023-47190medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Apollo13 Framework Extensions <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Nov 3, 2023 Patched in 1.9.1 (81d)
CVE-2023-25959medium · 5.4Missing Authorization

Apollo13 Framework Extensions <= 1.8.10 - Missing Authorization

Feb 24, 2023 Patched in 1.9.0 (333d)
Version History

Apollo13 Framework Extensions Release Timeline

v1.9.32 CVEs
CVE-2025-13617 CVE-2024-37480
v1.9.14 CVEs
CVE-2024-24880 CVE-2025-13617 CVE-2023-51539 +1 more
v1.8.76 CVEs
CVE-2024-24880 CVE-2023-47190 CVE-2025-13617 +3 more
v1.7.16 CVEs
CVE-2024-24880 CVE-2023-47190 CVE-2025-13617 +3 more
v1.6.36 CVEs
CVE-2024-24880 CVE-2023-47190 CVE-2025-13617 +3 more
v1.5.86 CVEs
CVE-2024-24880 CVE-2023-47190 CVE-2025-13617 +3 more
v1.5.56 CVEs
CVE-2024-24880 CVE-2023-47190 CVE-2025-13617 +3 more
v1.4.46 CVEs
CVE-2024-24880 CVE-2023-47190 CVE-2025-13617 +3 more
v1.4.36 CVEs
CVE-2024-24880 CVE-2023-47190 CVE-2025-13617 +3 more
v1.4.06 CVEs
CVE-2024-24880 CVE-2023-47190 CVE-2025-13617 +3 more
v1.3.06 CVEs
CVE-2024-24880 CVE-2023-47190 CVE-2025-13617 +3 more
v1.2.16 CVEs
CVE-2024-24880 CVE-2023-47190 CVE-2025-13617 +3 more
Code Analysis
Analyzed Mar 16, 2026

Apollo13 Framework Extensions Code Analysis

Dangerous Functions
6
Raw SQL Queries
0
5 prepared
Unescaped Output
103
523 escaped
Nonce Checks
4
Capability Checks
6
File Operations
7
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$demo = unserialize(get_option(A13FRAMEWORK_TPL_SLUG .'_processed_demo_import'));design_importer\actions.php:86
unserialize$demo = unserialize(get_option(A13FRAMEWORK_TPL_SLUG .'_processed_demo_import'));design_importer\actions.php:246
unserialize$demo = unserialize(get_option(A13FRAMEWORK_TPL_SLUG .'_processed_demo_import'));design_importer\actions.php:314
unserialize$demo = unserialize(get_option(A13FRAMEWORK_TPL_SLUG .'_processed_demo_import'));design_importer\actions.php:515
unserialize$importer = unserialize( get_transient( 'a13_import_content_process' ) );design_importer\actions.php:543
unserialize$demo = unserialize(get_option(A13FRAMEWORK_TPL_SLUG .'_processed_demo_import'));design_importer\actions.php:750

SQL Query Safety

100% prepared5 total queries

Output Escaping

84% escaped626 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
start_el (features\mega-menu.php:51)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Apollo13 Framework Extensions Attack Surface

Entry Points22
Unprotected0

AJAX Handlers 5

authwp_ajax_apollo13framework_import_demo_datadesign_importer\importer.php:4
authwp_ajax_apollo13framework_import_theme_settingsfeatures\exporter.php:189
authwp_ajax_apollo13framework_prepare_gallery_items_htmlsupports\cpt-admin.php:2
authwp_ajax_apollo13framework_nava_add_postsupports\wpbakery_pb_extensions\nava_support.php:60
authwp_ajax_apollo13framework_nava_delete_postsupports\wpbakery_pb_extensions\nava_support.php:102

Shortcodes 17

[a13_countdown] shortcodes\countdown.php:54
[a13fe_countdown] shortcodes\countdown.php:56
[a13_counter] shortcodes\counter.php:100
[a13fe_counter] shortcodes\counter.php:102
[a13fe-gallery] shortcodes\gallery.php:3
[a13fe-post-list] shortcodes\post-list.php:3
[a13fe-scroller] shortcodes\scroller.php:3
[a13fe-slider] shortcodes\slider.php:3
[a13fe-socials] shortcodes\socials.php:3
[a13fe-writing-effect] shortcodes\writing_effect.php:3
[vc_a13_album_body] supports\wpbakery_pb_extensions\shortcodes.php:5
[vc_a13_product_body] supports\wpbakery_pb_extensions\shortcodes.php:12
[vc_a13_work_body] supports\wpbakery_pb_extensions\shortcodes.php:19
[vc_a13_post_body] supports\wpbakery_pb_extensions\shortcodes.php:26
[vc_a13_team_member] supports\wpbakery_pb_extensions\shortcodes.php:74
[vc_a13_testimonial_signature] supports\wpbakery_pb_extensions\shortcodes.php:81
[vc_a13_post_meta_1] supports\wpbakery_pb_extensions\shortcodes.php:85
WordPress Hooks 94
actionplugins_loadedapollo13-framework-extensions.php:53
actionafter_setup_themeapollo13-framework-extensions.php:82
filterimport_post_meta_keydesign_importer\a13-wordpress-importer\class-apollo13-framework-import.php:71
filterhttp_request_timeoutdesign_importer\a13-wordpress-importer\class-apollo13-framework-import.php:72
actionapollo13framework_apollo13_importer_page_contentdesign_importer\importer.php:425
actionwp_enqueue_scriptsfeatures\assets.php:21
actionapollo13framework_apollo13_exporter_page_contentfeatures\exporter.php:35
filterapollo13framework_only_contentfeatures\maintenance.php:18
filterwp_setup_nav_menu_itemfeatures\mega-menu-fe.php:23
filterwp_edit_nav_menu_walkerfeatures\mega-menu.php:254
actionwp_nav_menu_item_custom_fieldsfeatures\mega-menu.php:348
actionwp_update_nav_menu_itemfeatures\mega-menu.php:387
filterpost_linkfeatures\permalinks.php:43
filterpost_type_linkfeatures\permalinks.php:44
filterwp_mail_content_typefeatures\photoproffing.php:21
filterthe_excerpt_rssfeatures\rss.php:28
filterthe_content_feedfeatures\rss.php:29
actionapollo13framework_additional_theme_optionssettings\customizer\options.php:45
actionapollo13framework_options_before_subsection_anchorssettings\customizer\options.php:101
actionapollo13framework_options_after_subsection_single_work_slidersettings\customizer\options.php:130
actionapollo13framework_options_after_subsection_album_socialssettings\customizer\options.php:159
filterapollo13framework_meta_boxes_postsettings\meta_boxes\meta.php:2
filterapollo13framework_meta_boxes_pagesettings\meta_boxes\meta.php:106
filterapollo13framework_meta_boxes_albumsettings\meta_boxes\meta.php:210
filterapollo13framework_meta_boxes_worksettings\meta_boxes\meta.php:292
filterapollo13framework_meta_boxes_images_managersettings\meta_boxes\meta.php:365
filterapollo13framework_save_post_metasettings\meta_boxes\processing.php:37
actionapollo13framework_generate_user_csssettings\user_css\user.php:2
actionafter_setup_themesettings\user_css\user.php:103
actionadmin_noticessettings\user_css\user.php:113
actioninitsupports\cpt.php:15
actionrestrict_manage_postssupports\cpt.php:212
actionrestrict_manage_postssupports\cpt.php:248
actionrestrict_manage_postssupports\cpt.php:284
actionadmin_noticessupports\elementor_extensions\extend.php:13
actionelementor/widgets/widgets_registeredsupports\elementor_extensions\widgets.php:120
actionelementor/frontend/after_enqueue_stylessupports\elementor_extensions\widgets.php:122
actionelementor/frontend/after_register_scriptssupports\elementor_extensions\widgets.php:124
actionelementor/preview/enqueue_scriptssupports\elementor_extensions\widgets.php:126
actionelementor/elements/categories_registeredsupports\elementor_extensions\widgets.php:128
filterwp_image_editorssupports\image_resize\class-apollo13-image-resize.php:28
actionadmin_initsupports\image_resize\class-apollo13-image-resize.php:41
filteradmin_noticessupports\image_resize\class-apollo13-image-resize.php:46
filterimage_resize_dimensionssupports\image_resize\class-apollo13-image-resize.php:261
filterimage_downsizesupports\image_resize\class-apollo13-image-resize.php:312
actionwp_footersupports\wpbakery_pb_extensions\actions.php:9
actionvc_before_initsupports\wpbakery_pb_extensions\actions.php:15
actionwp_footersupports\wpbakery_pb_extensions\actions.php:43
actioninitsupports\wpbakery_pb_extensions\extend.php:36
actionvc_base_register_front_jssupports\wpbakery_pb_extensions\extend.php:40
filtervc_gitem_zone_image_block_linksupports\wpbakery_pb_extensions\extend.php:55
filtervc_gitem_template_attribute_a13_item_overlay_colorsupports\wpbakery_pb_extensions\filters.php:17
filtervc_gitem_template_attribute_a13_item_overlay_font_colorsupports\wpbakery_pb_extensions\filters.php:36
filtervc_gitem_template_attribute_a13_item_meta_datasupports\wpbakery_pb_extensions\filters.php:50
filtervc_gitem_template_attribute_a13_post_categoriessupports\wpbakery_pb_extensions\filters.php:64
filterpost_classsupports\wpbakery_pb_extensions\filters.php:83
filtervc_gitem_template_attribute_a13_product_bodysupports\wpbakery_pb_extensions\filters.php:89
filtervc_grid_item_shortcodessupports\wpbakery_pb_extensions\filters.php:165
filtervc_gitem_template_attribute_a13_team_member_socialssupports\wpbakery_pb_extensions\filters.php:170
filtervc_gitem_template_attribute_a13_work_bodysupports\wpbakery_pb_extensions\filters.php:171
filtervc_gitem_template_attribute_a13_album_bodysupports\wpbakery_pb_extensions\filters.php:172
filtervc_gitem_template_attribute_a13_post_bodysupports\wpbakery_pb_extensions\filters.php:173
actionvc_before_initsupports\wpbakery_pb_extensions\map_config.php:560
actionvc_after_initsupports\wpbakery_pb_extensions\map_config.php:573
actionsave_postsupports\wpbakery_pb_extensions\nava_support.php:3
actionadmin_initsupports\wpbakery_pb_extensions\theme_post_grids.php:28
actionsave_postwidgets\cpt.php:18
actiondeleted_postwidgets\cpt.php:19
actionswitch_themewidgets\cpt.php:20
actionsave_postwidgets\cpt.php:133
actiondeleted_postwidgets\cpt.php:134
actionswitch_themewidgets\cpt.php:135
actionsave_postwidgets\cpt.php:251
actiondeleted_postwidgets\cpt.php:252
actionswitch_themewidgets\cpt.php:253
actionwidgets_initwidgets\cpt.php:419
actionwidgets_initwidgets\menu.php:85
actionsave_postwidgets\posts.php:54
actiondeleted_postwidgets\posts.php:55
actionswitch_themewidgets\posts.php:56
actionsave_postwidgets\posts.php:158
actiondeleted_postwidgets\posts.php:159
actionswitch_themewidgets\posts.php:160
actionsave_postwidgets\posts.php:265
actiondeleted_postwidgets\posts.php:266
actionswitch_themewidgets\posts.php:267
actionwidgets_initwidgets\posts.php:377
actionsave_postwidgets\text.php:19
actiondeleted_postwidgets\text.php:20
actionswitch_themewidgets\text.php:21
actionsave_postwidgets\text.php:218
actiondeleted_postwidgets\text.php:219
actionswitch_themewidgets\text.php:220
actionwidgets_initwidgets\text.php:321
Maintenance & Trust

Apollo13 Framework Extensions Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedDec 4, 2025
PHP min version5.4.0
Downloads537K

Community Trust

Rating100/100
Number of ratings1
Active installs20K
Alternatives

Apollo13 Framework Extensions Alternatives

WebMan Amplifier

WebMan Amplifier

webman-amplifier

A
99

Amplifies functionality of WP themes. Provides custom post types, shortcodes, metaboxes, icons. Theme developer's best friend!

2K 1 CVE
SFN Easy FAQ Manager

SFN Easy FAQ Manager

wordpress-faq-manager

A
100

Uses custom post types and taxonomies to manage an FAQ section for your site.

2K No CVEs
Matcha Extra

Matcha Extra

matcha-extra

A
100

Used for adding extra features to WP Matcha Themes.

0 No CVEs
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

A
89

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 24 CVEs
Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 59 CVEs
Developer Profile

Apollo13 Framework Extensions Developer Profile

apollo13themes

3 plugins · 60K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
156 days
View full developer profile
Detection Fingerprints

How We Detect Apollo13 Framework Extensions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/apollo13-framework-extensions/assets/js/a13-slider.js/wp-content/plugins/apollo13-framework-extensions/assets/js/anime.min.js
Script Paths
/wp-content/plugins/apollo13-framework-extensions/assets/js/a13-slider.js/wp-content/plugins/apollo13-framework-extensions/assets/js/anime.min.js
Version Parameters
/wp-content/plugins/apollo13-framework-extensions/assets/js/a13-slider.js?ver=/wp-content/plugins/apollo13-framework-extensions/assets/js/anime.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
a13_class_a13_count_downflippingtimecountcurrtopnext+2 more
Data Attributes
data-styledata-weeksdata-daysdata-hoursdata-minutesdata-seconds+1 more
Shortcode Output
<div class="a13_count_down<style> .a13_class_<div class="time <%= label %><span class="count curr top
FAQ

Frequently Asked Questions about Apollo13 Framework Extensions