WP-Safety

ElementsCSS Addons for Elementor (Elementor Widgets Extender & Addons) Security & Risk Analysis

wordpress.org/plugins/css-for-elementor

Extends existing Elementor and Elementor Pro Widgets, adds more useful new Widgets, features that saves your valuable time.

200 active installs v1.0.8.9 PHP + WP 4.0.1+ Updated Nov 9, 2025
custom-header-footerelementor-addonselementor-extensionselementor-moduleselements
56
C · Use Caution
CVEs total2
Unpatched2
Last CVEApr 1, 2025
Plugin page Download
Safety Verdict

Is ElementsCSS Addons for Elementor (Elementor Widgets Extender & Addons) Safe to Use in 2026?

Use With Caution

Score 56/100

ElementsCSS Addons for Elementor (Elementor Widgets Extender & Addons) has 2 unpatched vulnerabilities. Evaluate alternatives or apply available mitigations.

2 known CVEs 2 unpatched Last CVE: Apr 1, 2025Updated 4mo ago
Risk Assessment

The "css-for-elementor" plugin, version 1.0.8.9, presents a mixed security posture. While it demonstrates good practices in handling SQL queries with prepared statements and avoids dangerous functions and file operations, significant concerns arise from its attack surface and output escaping. A substantial number of AJAX handlers (7 out of 7) lack authentication checks, creating a broad entry point for potential exploitation. Furthermore, only 41% of outputs are properly escaped, suggesting a considerable risk of Cross-Site Scripting (XSS) vulnerabilities where user-supplied data might not be neutralized before being rendered on a webpage. The plugin's history of known vulnerabilities, including SSRF and XSS, with two currently unpatched (one high and one medium severity), further exacerbates these concerns. This pattern indicates recurring security weaknesses that have not been fully addressed, despite previous remediation efforts. The combination of a large, unprotected attack surface, insufficient output escaping, and a history of critical vulnerability types points to a plugin that requires immediate attention to mitigate potential risks.

Key Concerns

  • Unpatched CVEs
  • Unprotected AJAX handlers
  • Low percentage of properly escaped output
  • Missing nonce checks on AJAX
  • Unsanitized paths in taint analysis
Vulnerabilities
2

ElementsCSS Addons for Elementor (Elementor Widgets Extender & Addons) Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2025-31796high · 7.2Server-Side Request Forgery (SSRF)

ElementsCSS Addons for Elementor <= 1.0.8.7 - Unauthenticated Server-Side Request Forgery

Apr 1, 2025Unpatched
CVE-2025-22321medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ElementsCSS Addons for Elementor <= 1.0.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 3, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

ElementsCSS Addons for Elementor (Elementor Widgets Extender & Addons) Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
249
173 escaped
Nonce Checks
2
Capability Checks
1
File Operations
0
External Requests
4
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

41% escaped422 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
cssfe_mailchimp_subscribe_form_handler (includes\wp-ajax.php:38)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

ElementsCSS Addons for Elementor (Elementor Widgets Extender & Addons) Attack Surface

Entry Points8
Unprotected7

AJAX Handlers 7

authwp_ajax_review_already_didincludes\wp-ajax.php:3
noprivwp_ajax_review_already_didincludes\wp-ajax.php:4
authwp_ajax_maybe_later_will_reviewincludes\wp-ajax.php:20
noprivwp_ajax_maybe_later_will_reviewincludes\wp-ajax.php:21
authwp_ajax_cssfe_subscribe_formincludes\wp-ajax.php:92
noprivwp_ajax_cssfe_subscribe_formincludes\wp-ajax.php:93
authwp_ajax_wpr_check_changelogrollback\class-css-for-elementor-rollback.php:168

Shortcodes 1

[modern] public\shortcode\page-shortcode.php:4
WordPress Hooks 56
actionadmin_initadmin\class-css-for-elementor-admin.php:181
actionadmin_initadmin\class-css-for-elementor-admin.php:182
actionadmin_initadmin\class-css-for-elementor-admin.php:183
actionadmin_initadmin\class-css-for-elementor-admin.php:184
actionadmin_initadmin\class-css-for-elementor-admin.php:185
actionadmin_initadmin\class-css-for-elementor-admin.php:186
actionadmin_initadmin\class-css-for-elementor-admin.php:187
actionadmin_initadmin\class-css-for-elementor-admin.php:188
actionadmin_noticescss-for-elementor.php:79
actionadmin_noticescss-for-elementor.php:115
actionadmin_initcss-for-elementor.php:118
filterelementor/document/urls/exit_to_dashboardcss-for-elementor.php:151
actionin_admin_headercss-for-elementor.php:210
actionelementor/element/wc-archive-products/section_advanced/after_section_endelementor-control\cssfe-archive-products.php:7
actionelementor/element/form/section_messages_style/after_section_endelementor-control\cssfe-form-accept.php:7
actionelementor/element/section/section_advanced/after_section_endelementor-control\cssfe-pratice.php:3
actionelementor/frontend/section/before_renderelementor-control\cssfe-pratice.php:4
filterrewrite_rules_arrayincludes\class-css-for-elementor-feed-url.php:7
filterfeed_namesincludes\class-css-for-elementor-feed-url.php:8
filterfeed_linkincludes\class-css-for-elementor-feed-url.php:9
actioninitincludes\class-css-for-elementor-feed-url.php:10
actioninitincludes\class-css-for-elementor-feed-url.php:11
actionplugins_loadedincludes\class-css-for-elementor-widgets.php:86
actionelementor/elements/categories_registeredincludes\class-css-for-elementor-widgets.php:87
actionwp_enqueue_scriptsincludes\class-css-for-elementor-widgets.php:88
actionelementor/frontend/after_register_scriptsincludes\class-css-for-elementor-widgets.php:89
actionelementor/dynamic_tags/registerincludes\class-css-for-elementor-widgets.php:91
actionelementor/dynamic_tags/registerincludes\class-css-for-elementor-widgets.php:93
actionelementor/initincludes\class-css-for-elementor-widgets.php:191
actionadmin_noticesincludes\class-css-for-elementor-widgets.php:210
actionadmin_noticesincludes\class-css-for-elementor-widgets.php:216
actionadmin_noticesincludes\class-css-for-elementor-widgets.php:222
actionelementor/widgets/widgets_registeredincludes\class-css-for-elementor-widgets.php:247
actionplugins_loadedincludes\class-css-for-elementor.php:185
actionadmin_enqueue_scriptsincludes\class-css-for-elementor.php:200
actionadmin_enqueue_scriptsincludes\class-css-for-elementor.php:201
actionadmin_menuincludes\class-css-for-elementor.php:202
actionwp_enqueue_scriptsincludes\class-css-for-elementor.php:217
actionwp_enqueue_scriptsincludes\class-css-for-elementor.php:218
actionwp_footerincludes\css-for-elementor-css-js.php:3
actionwp_headincludes\css-for-elementor-css-js.php:4
actionwp_headincludes\css-for-elementor-css-js.php:272
actionelementor/element/after_section_endincludes\css-for-elementor-frontend.php:13
actionelementor/element/after_section_endincludes\css-for-elementor-frontend.php:66
actionelementor/element/after_section_endincludes\css-for-elementor-frontend.php:173
actionelementor/element/section/section_layout/after_section_endincludes\css-for-elementor-frontend.php:256
actionelementor/element/form/section_form_fields/after_section_endincludes\css-for-elementor-frontend.php:310
actionwp_footerincludes\css-js-elementor-front.php:3
actionwp_headincludes\css-js-elementor-front.php:4
actioninitpublic\shortcode\page-shortcode.php:3
actionadmin_enqueue_scriptsrollback\class-css-for-elementor-rollback.php:152
actionadmin_menurollback\class-css-for-elementor-rollback.php:156
actionadmin_menurollback\class-css-for-elementor-rollback.php:158
actionpre_current_active_pluginsrollback\class-css-for-elementor-rollback.php:161
filterupgrader_pre_installrollback\class-plugin-rollback-upgrader.php:57
filterupgrader_clear_destinationrollback\class-plugin-rollback-upgrader.php:58
Maintenance & Trust

ElementsCSS Addons for Elementor (Elementor Widgets Extender & Addons) Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 9, 2025
PHP min version
Downloads23K

Community Trust

Rating88/100
Number of ratings18
Active installs200
Alternatives

ElementsCSS Addons for Elementor (Elementor Widgets Extender & Addons) Alternatives

WPBITS Addons For Elementor Page Builder

WPBITS Addons For Elementor Page Builder

wpbits-addons-for-elementor

A
95

Addons for Elementor Page Builder.

2K 7 CVEs
Sidebars for Hello Elementor Theme

Sidebars for Hello Elementor Theme

sidebars-for-helloelementortheme

A
85

This plugin comes with 6 responsive sidebars for just about everything you need to use anywhere within your website built using Elementor and Hello El &hellip;

1K No CVEs
Creative Elements for Elementor

Creative Elements for Elementor

creative-elements-for-elementor

A
85

Creative Elements for Elementor - Absolutely Free Elementor Addons Creative Elements for Elementor is the creative addons collection for the Elemento &hellip;

90 No CVEs
Qi Addons For Elementor

Qi Addons For Elementor

qi-addons-for-elementor

A
91

Qi Addons for Elementor is a comprehensive library of 60+ custom, flexible & easily styled Elementor widgets developed by Qode Interactive.

200K 10 CVEs
Livemesh Addons by Elementor

Livemesh Addons by Elementor

addons-for-elementor

A
94

Elementor Addons that saves time with multiple ready-to-use drag and drop styles for 30+ essential widgets built for Elementor page builder.

40K 18 CVEs
Developer Profile

ElementsCSS Addons for Elementor (Elementor Widgets Extender & Addons) Developer Profile

TheInnovs

4 plugins · 210 total installs

81
trust score
Avg Security Score
82/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect ElementsCSS Addons for Elementor (Elementor Widgets Extender & Addons)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/css-for-elementor/admin/css/custom.css/wp-content/plugins/css-for-elementor/admin/css/review.css/wp-content/plugins/css-for-elementor/admin/js/custom.js/wp-content/plugins/css-for-elementor/admin/js/review.js
Script Paths
/wp-content/plugins/css-for-elementor/admin/js/custom.js/wp-content/plugins/css-for-elementor/admin/js/review.js
Version Parameters
css-for-elementor/admin/css/custom.css?ver=css-for-elementor/admin/css/review.css?ver=css-for-elementor/admin/js/custom.js?ver=css-for-elementor/admin/js/review.js?ver=

HTML / DOM Fingerprints

CSS Classes
cssfe-reviewcssfe-review-noticereview-logoplu-logo
Data Attributes
id="cssfeReviewAlreadyDid"id="cssfeMaybeLater"id="cssfeNeverShowAgain"
JS Globals
window.cssfeReviewAlreadyDidwindow.cssfeMaybeLaterwindow.cssfeNeverShowAgain
FAQ

Frequently Asked Questions about ElementsCSS Addons for Elementor (Elementor Widgets Extender & Addons)