WP-Safety

Creative Addons for Elementor Security & Risk Analysis

wordpress.org/plugins/creative-addons-for-elementor

Write articles and documents faster and more easily using our powerful and practical Elementor widgets.

900 active installs v1.8.5 PHP 7.0+ WP 5.4+ Updated Dec 14, 2025
builderelementor-addonselementor-page-builderelementor-widgetsknowledge-base
100
A · Safe
CVEs total1
Unpatched0
Last CVEApr 1, 2024
Plugin page Download
Safety Verdict

Is Creative Addons for Elementor Safe to Use in 2026?

Generally Safe

Score 100/100

Creative Addons for Elementor has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Apr 1, 2024Updated 5mo ago
Risk Assessment

The 'creative-addons-for-elementor' v1.8.5 plugin exhibits a mixed security posture. While it demonstrates good practices in using prepared statements for SQL queries and properly escaping a high percentage of its output, there are significant concerns regarding its attack surface. A notable portion of its AJAX handlers, 8 out of 15, lack authentication checks, creating potential entry points for unauthorized actions. The presence of the `unserialize` function, even if used in a limited context, is a known risk that can lead to vulnerabilities if not handled with extreme care and proper input validation. The plugin's vulnerability history shows one medium-severity CVE related to Cross-site Scripting, which is concerning as it indicates past issues with input sanitization during output. Although this specific vulnerability is currently patched, the pattern of XSS suggests a need for ongoing vigilance in sanitizing user-provided data. The lack of any detected taint flows in the static analysis is a positive sign, suggesting that critical vulnerabilities stemming from unsanitized paths are not currently apparent in this version. However, the high number of unprotected AJAX endpoints and the use of `unserialize` warrant careful consideration.

Key Concerns

  • 8 unprotected AJAX handlers
  • Use of unserialize function
  • 1 medium severity CVE historically
Vulnerabilities
1 published

Creative Addons for Elementor Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-2924medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Creative Addons for Elementor <= 1.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 1, 2024 Patched in 1.6.0 (1d)
Version History

Creative Addons for Elementor Release Timeline

v1.8.5Current
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.1
v1.7.0
v1.6.0
v1.5.121 CVE
CVE-2024-2924
v1.5.111 CVE
CVE-2024-2924
v1.5.101 CVE
CVE-2024-2924
v1.5.91 CVE
CVE-2024-2924
v1.5.81 CVE
CVE-2024-2924
v1.5.71 CVE
CVE-2024-2924
v1.5.61 CVE
CVE-2024-2924
v1.5.51 CVE
CVE-2024-2924
Code Analysis
Analyzed Mar 16, 2026

Creative Addons for Elementor Code Analysis

Dangerous Functions
2
Raw SQL Queries
1
20 prepared
Unescaped Output
38
622 escaped
Nonce Checks
8
Capability Checks
14
File Operations
3
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$unserialized_error_message = unserialize( $serialized_error_message ); //base64_decode(unserialize(includes\system\logging.php:61
unserialize$unserialized_stackMsg = unserialize( $serialized_stackMsg ); //base64_decode(unserialize( $serializincludes\system\logging.php:155

SQL Query Safety

95% prepared21 total queries

Output Escaping

94% escaped660 total outputs
Attack Surface
8 unprotected

Creative Addons for Elementor Attack Surface

Entry Points15
Unprotected8

AJAX Handlers 15

authwp_ajax_crel-save-widgetsincludes\admin\admin_handlers.php:18
noprivwp_ajax_crel-switch-to-globalsincludes\admin\admin_handlers.php:19
authwp_ajax_crel-switch-to-globalsincludes\admin\admin_handlers.php:20
noprivwp_ajax_crel-save-widgetsincludes\admin\admin_handlers.php:21
authwp_ajax_crel-save-presetsincludes\admin\admin_handlers.php:22
noprivwp_ajax_crel-save-presetsincludes\admin\admin_handlers.php:23
authwp_ajax_crel_toggle_debugincludes\admin\admin_handlers.php:25
noprivwp_ajax_crel_toggle_debugincludes\admin\admin_handlers.php:26
authwp_ajax_crel-update-presetincludes\custom_presets\presets_handlers.php:18
noprivwp_ajax_crel-update-presetincludes\custom_presets\presets_handlers.php:19
authwp_ajax_crel-delete-presetincludes\custom_presets\presets_handlers.php:20
noprivwp_ajax_crel-delete-presetincludes\custom_presets\presets_handlers.php:21
authwp_ajax_crel-search-kbincludes\kb\kb_search_cntrl.php:14
noprivwp_ajax_crel-search-kbincludes\kb\kb_search_cntrl.php:15
authwp_ajax_crel_deactivate_feedbackincludes\system\deactivate_feedback.php:15
WordPress Hooks 25
actionadmin_noticescreative-addons-for-elementor.php:56
actionadmin_noticescreative-addons-for-elementor.php:62
actionadmin_noticescreative-addons-for-elementor.php:68
actionplugins_loadedcreative-addons-for-elementor.php:74
actionadmin_initincludes\admin\admin_handlers.php:24
actionadmin_menuincludes\admin\admin_menus.php:12
actionadmin_menuincludes\admin\admin_menus.php:13
actionwp_enqueue_scriptsincludes\assets_manager.php:14
actionwp_enqueue_scriptsincludes\assets_manager.php:15
actionelementor/editor/after_enqueue_scriptsincludes\assets_manager.php:18
actionelementor/css-file/post/enqueueincludes\assets_manager.php:19
actionadmin_enqueue_scriptsincludes\assets_manager.php:21
actionelementor/editor/after_saveincludes\cache_manager.php:18
actionafter_delete_postincludes\cache_manager.php:19
actionelementor/core/files/clear_cacheincludes\cache_manager.php:20
actionelementor/controls/controls_registeredincludes\controls_manager.php:15
actionadmin_enqueue_scriptsincludes\system\deactivate_feedback.php:14
actionadmin_footerincludes\system\deactivate_feedback.php:22
filterplugin_row_metaincludes\system\plugin-links.php:41
actionadmin_initincludes\system\upgrades.php:18
actionadmin_initincludes\system\upgrades.php:21
filterwp_mail_content_typeincludes\utilities.php:1212
actionelementor/widgets/registerincludes\widgets_manager.php:16
actionelementor/elements/categories_registeredincludes\widgets_manager.php:17
actionelementor/editor/after_enqueue_scriptsincludes\widgets_manager.php:18
Maintenance & Trust

Creative Addons for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 14, 2025
PHP min version7.0
Downloads29K

Community Trust

Rating100/100
Number of ratings3
Active installs900
Alternatives

Creative Addons for Elementor Alternatives

Move Addons for Elementor

Move Addons for Elementor

move-addons

A
97

Move Addons is a WordPress plugin for Elementor page builder, is a powerful tool that helps you to make almost every possible customization to your we &hellip;

3K 8 CVEs
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

A
89

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 24 CVEs
Ultimate Addons for Elementor

Ultimate Addons for Elementor

header-footer-elementor

A
96

Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa &hellip;

2.0M 12 CVEs
Royal Addons for Elementor – Addons and Templates Kit for Elementor

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

B
82

Elementor templates, Header footer builder, Elementor Post Grid, Woocommerce Grid builder, Slider, Forms, Gallery, Nav menu addons, Elementor widgets.

600K 76 CVEs
HT Mega Addons for Elementor – Elementor Widgets & Template Builder

HT Mega Addons for Elementor – Elementor Widgets & Template Builder

ht-mega-for-elementor

B
83

Elementor addon offering 135+ widgets — Mega Menu, Ready Templates, Page Builder, Slider, Gallery, Post Grid, AI Writer & more.

70K 33 CVEs
Developer Profile

Creative Addons for Elementor Developer Profile

echoplugins

5 plugins · 14K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
34 days
View full developer profile
Detection Fingerprints

How We Detect Creative Addons for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/creative-addons-for-elementor/assets/css/front-end/front-end.css/wp-content/plugins/creative-addons-for-elementor/assets/css/front-end/elementor-editor.css/wp-content/plugins/creative-addons-for-elementor/assets/js/public-scripts.js/wp-content/plugins/creative-addons-for-elementor/assets/js/admin-elementor.js
Script Paths
/wp-content/plugins/creative-addons-for-elementor/assets/js/public-scripts.js/wp-content/plugins/creative-addons-for-elementor/assets/js/admin-elementor.js
Version Parameters
/wp-content/plugins/creative-addons-for-elementor/assets/js/public-scripts.js?ver=/wp-content/plugins/creative-addons-for-elementor/assets/css/front-end/front-end.css?ver=/wp-content/plugins/creative-addons-for-elementor/assets/css/front-end/elementor-editor.css?ver=/wp-content/plugins/creative-addons-for-elementor/assets/js/admin-elementor.js?ver=

HTML / DOM Fingerprints

CSS Classes
crel-notice
Data Attributes
crel_varscrel_elementor
JS Globals
crel_varscrel_elementor
FAQ

Frequently Asked Questions about Creative Addons for Elementor