Does Creative Addons for Elementor have any unpatched vulnerabilities?

No. All known vulnerabilities in Creative Addons for Elementor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Creative Addons for Elementor compatible with WordPress 6.9.4?

According to WordPress.org data, Creative Addons for Elementor 1.8.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Creative Addons for Elementor compatible with PHP 7.0+?

Creative Addons for Elementor requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Creative Addons for Elementor updated?

Creative Addons for Elementor was last updated on Dec 14, 2025. Frequent updates are generally a positive security signal.

What is Creative Addons for Elementor's security score?

Creative Addons for Elementor has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Creative Addons for Elementor Security & Risk Analysis

wordpress.org/plugins/creative-addons-for-elementor

Write articles and documents faster and more easily using our powerful and practical Elementor widgets.

900 active installs v1.8.5 PHP 7.0+ WP 5.4+ Updated Dec 14, 2025

builderelementor-addonselementor-page-builderelementor-widgetsknowledge-base

A · Safe

CVEs total1

Unpatched0

Last CVEApr 1, 2024

Plugin page Download

Safety Verdict

Is Creative Addons for Elementor Safe to Use in 2026?

Generally Safe

Score 100/100

Creative Addons for Elementor has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 1, 2024Updated 3mo ago

Risk Assessment

The 'creative-addons-for-elementor' v1.8.5 plugin exhibits a mixed security posture. While it demonstrates good practices in using prepared statements for SQL queries and properly escaping a high percentage of its output, there are significant concerns regarding its attack surface. A notable portion of its AJAX handlers, 8 out of 15, lack authentication checks, creating potential entry points for unauthorized actions. The presence of the `unserialize` function, even if used in a limited context, is a known risk that can lead to vulnerabilities if not handled with extreme care and proper input validation. The plugin's vulnerability history shows one medium-severity CVE related to Cross-site Scripting, which is concerning as it indicates past issues with input sanitization during output. Although this specific vulnerability is currently patched, the pattern of XSS suggests a need for ongoing vigilance in sanitizing user-provided data. The lack of any detected taint flows in the static analysis is a positive sign, suggesting that critical vulnerabilities stemming from unsanitized paths are not currently apparent in this version. However, the high number of unprotected AJAX endpoints and the use of `unserialize` warrant careful consideration.

Key Concerns

8 unprotected AJAX handlers
Use of unserialize function
1 medium severity CVE historically

Vulnerabilities

Creative Addons for Elementor Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-2924medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Creative Addons for Elementor <= 1.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 1, 2024 Patched in 1.6.0 (1d)

Code Analysis

Analyzed Mar 16, 2026

Creative Addons for Elementor Code Analysis

Dangerous Functions

Raw SQL Queries

20 prepared

Unescaped Output

622 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$unserialized_error_message = unserialize( $serialized_error_message ); //base64_decode(unserialize(includes\system\logging.php:61

unserialize$unserialized_stackMsg = unserialize( $serialized_stackMsg ); //base64_decode(unserialize( $serializincludes\system\logging.php:155

SQL Query Safety

95% prepared21 total queries

Output Escaping

94% escaped660 total outputs

Attack Surface

8 unprotected

Creative Addons for Elementor Attack Surface

Entry Points15

Unprotected8

AJAX Handlers 15

authwp_ajax_crel-save-widgetsincludes\admin\admin_handlers.php:18

noprivwp_ajax_crel-switch-to-globalsincludes\admin\admin_handlers.php:19

authwp_ajax_crel-switch-to-globalsincludes\admin\admin_handlers.php:20

noprivwp_ajax_crel-save-widgetsincludes\admin\admin_handlers.php:21

authwp_ajax_crel-save-presetsincludes\admin\admin_handlers.php:22

noprivwp_ajax_crel-save-presetsincludes\admin\admin_handlers.php:23

authwp_ajax_crel_toggle_debugincludes\admin\admin_handlers.php:25

noprivwp_ajax_crel_toggle_debugincludes\admin\admin_handlers.php:26

authwp_ajax_crel-update-presetincludes\custom_presets\presets_handlers.php:18

noprivwp_ajax_crel-update-presetincludes\custom_presets\presets_handlers.php:19

authwp_ajax_crel-delete-presetincludes\custom_presets\presets_handlers.php:20

noprivwp_ajax_crel-delete-presetincludes\custom_presets\presets_handlers.php:21

authwp_ajax_crel-search-kbincludes\kb\kb_search_cntrl.php:14

noprivwp_ajax_crel-search-kbincludes\kb\kb_search_cntrl.php:15

authwp_ajax_crel_deactivate_feedbackincludes\system\deactivate_feedback.php:15

WordPress Hooks 25

actionadmin_noticescreative-addons-for-elementor.php:56

actionadmin_noticescreative-addons-for-elementor.php:62

actionadmin_noticescreative-addons-for-elementor.php:68

actionplugins_loadedcreative-addons-for-elementor.php:74

actionadmin_initincludes\admin\admin_handlers.php:24

actionadmin_menuincludes\admin\admin_menus.php:12

actionadmin_menuincludes\admin\admin_menus.php:13

actionwp_enqueue_scriptsincludes\assets_manager.php:14

actionwp_enqueue_scriptsincludes\assets_manager.php:15

actionelementor/editor/after_enqueue_scriptsincludes\assets_manager.php:18

actionelementor/css-file/post/enqueueincludes\assets_manager.php:19

actionadmin_enqueue_scriptsincludes\assets_manager.php:21

actionelementor/editor/after_saveincludes\cache_manager.php:18

actionafter_delete_postincludes\cache_manager.php:19

actionelementor/core/files/clear_cacheincludes\cache_manager.php:20

actionelementor/controls/controls_registeredincludes\controls_manager.php:15

actionadmin_enqueue_scriptsincludes\system\deactivate_feedback.php:14

actionadmin_footerincludes\system\deactivate_feedback.php:22

filterplugin_row_metaincludes\system\plugin-links.php:41

actionadmin_initincludes\system\upgrades.php:18

actionadmin_initincludes\system\upgrades.php:21

filterwp_mail_content_typeincludes\utilities.php:1212

actionelementor/widgets/registerincludes\widgets_manager.php:16

actionelementor/elements/categories_registeredincludes\widgets_manager.php:17

actionelementor/editor/after_enqueue_scriptsincludes\widgets_manager.php:18

Maintenance & Trust

Creative Addons for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 14, 2025

PHP min version7.0

Downloads28K

Community Trust

Rating100/100

Number of ratings3

Active installs900

Alternatives

Creative Addons for Elementor Alternatives

Move Addons for Elementor

move-addons

Move Addons is a WordPress plugin for Elementor page builder, is a powerful tool that helps you to make almost every possible customization to your we …

3K 8 CVEs

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 21 CVEs

Ultimate Addons for Elementor

header-footer-elementor

Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa …

2.0M 12 CVEs

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

Elementor templates, Header footer builder, Elementor Post Grid, Woocommerce Grid builder, Slider, Forms, Gallery, Nav menu addons, Elementor widgets.

600K 1 unpatched

Element Pack Addons for Elementor

bdthemes-element-pack-lite

Ultimate Elementor addon with 300+ widgets, templates, live copy paste, post grid, header footer, mega menu, dynamic builder, WooCommerce and more.

100K 36 CVEs

Developer Profile

Creative Addons for Elementor Developer Profile

echoplugins

5 plugins · 14K total installs

100

trust score

Avg Security Score

100/100

Avg Patch Time

3 days

View full developer profile

Detection Fingerprints

How We Detect Creative Addons for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/creative-addons-for-elementor/assets/css/front-end/front-end.css/wp-content/plugins/creative-addons-for-elementor/assets/css/front-end/elementor-editor.css/wp-content/plugins/creative-addons-for-elementor/assets/js/public-scripts.js/wp-content/plugins/creative-addons-for-elementor/assets/js/admin-elementor.js

Script Paths

/wp-content/plugins/creative-addons-for-elementor/assets/js/public-scripts.js/wp-content/plugins/creative-addons-for-elementor/assets/js/admin-elementor.js

Version Parameters

/wp-content/plugins/creative-addons-for-elementor/assets/js/public-scripts.js?ver=/wp-content/plugins/creative-addons-for-elementor/assets/css/front-end/front-end.css?ver=/wp-content/plugins/creative-addons-for-elementor/assets/css/front-end/elementor-editor.css?ver=/wp-content/plugins/creative-addons-for-elementor/assets/js/admin-elementor.js?ver=

HTML / DOM Fingerprints

CSS Classes

crel-notice

Data Attributes

crel_varscrel_elementor

JS Globals