Does Elemailer Lite – Elementor email template & campaign builder have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Elemailer Lite – Elementor email template & campaign builder compatible with WordPress 6.7.5?

According to WordPress.org data, Elemailer Lite – Elementor email template & campaign builder 2.8 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Elemailer Lite – Elementor email template & campaign builder compatible with PHP 7.2+?

Elemailer Lite – Elementor email template & campaign builder requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Elemailer Lite – Elementor email template & campaign builder Security & Risk Analysis

wordpress.org/plugins/elemailer-lite

Elemailer is an Elementor addon to create Email templates. It gives you the most flexible design environment to design emails through drag and drop bu …

5K active installs v2.8 PHP 7.2+ WP 5.8+ Updated Aug 5, 2025

cf7elementor-addonsemailemail-marketingemail-template

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Elemailer Lite – Elementor email template & campaign builder Safe to Use in 2026?

Generally Safe

Score 100/100

Elemailer Lite – Elementor email template & campaign builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago

Risk Assessment

Elemailer Lite v2.8 exhibits a generally good security posture with several strengths. The plugin demonstrates a strong commitment to secure coding practices, as evidenced by 100% of its SQL queries using prepared statements and over 90% of output being properly escaped. The absence of critical or high severity taint flows and a clean vulnerability history with zero recorded CVEs are significant positive indicators. Furthermore, the presence of nonces and capability checks on most entry points suggests a layered security approach.

However, a key concern lies within its attack surface. The analysis reveals 14 AJAX handlers, with one handler lacking any authentication checks. This single unprotected entry point represents a potential avenue for unauthorized actions or information disclosure if it processes user-supplied input without proper validation. The presence of the `unserialize` function, while not directly flagged as a vulnerability in this static analysis, is a function that requires extreme caution and input sanitization to prevent object injection vulnerabilities. The plugin also performs external HTTP requests, which, if not handled carefully, could lead to SSRF or other related vulnerabilities, though no specific issues were highlighted here.

Overall, Elemailer Lite v2.8 appears to be a well-maintained plugin with a proactive approach to security. The lack of historical vulnerabilities is encouraging. The primary area for improvement and continued vigilance is addressing the unprotected AJAX handler. While the `unserialize` function warrants attention, the absence of critical taint flows suggests it is not currently being exploited. The plugin's strengths in SQL and output sanitization, coupled with its clean CVE history, present a relatively low risk, but the unprotected AJAX handler introduces a notable, actionable risk.

Key Concerns

Unprotected AJAX handler
Use of unserialize function

Vulnerabilities

None known

Elemailer Lite – Elementor email template & campaign builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Elemailer Lite – Elementor email template & campaign builder Release Timeline

v2.8Current

v2.7

v2.6

v2.5

v2.4

v2.3

v2.2

v2.1

v2.0

v1.9

v1.8

v1.7

v1.6

v1.5

v1.4

v1.3

v1.2

v1.0.10

v1.0.9

v1.0.8

Code Analysis

Analyzed Mar 16, 2026

Elemailer Lite – Elementor email template & campaign builder Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

284 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$hash = unserialize(file_get_contents("http://vimeo.com/api/v2/video/$vid.php"));integrations\elementor\widgets\video\video.php:263

SQL Query Safety

100% prepared1 total queries

Output Escaping

93% escaped307 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

3 flows

remote_request (integrations\elementor\library.php:332)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Elemailer Lite – Elementor email template & campaign builder Attack Surface

Entry Points14

Unprotected1

AJAX Handlers 14

noprivwp_ajax_elemailer_get_taxonomiescore\global.php:9

authwp_ajax_elemailer_get_taxonomiescore\global.php:10

noprivwp_ajax_elemailer_get_termscore\global.php:31

authwp_ajax_elemailer_get_termscore\global.php:32

noprivwp_ajax_elemailer_get_postscore\global.php:60

authwp_ajax_elemailer_get_postscore\global.php:61

authwp_ajax_elemailer-noticeshelpers\notice.php:27

authwp_ajax_elemailer-lite-remote-requestintegrations\elementor\library.php:30

authwp_ajax_elemailer-lite-my-template-remote-requestintegrations\elementor\library.php:31

authwp_ajax_elemailer-lite-my-template-delete-requestintegrations\elementor\library.php:32

authwp_ajax_elemailer-lite-elementor-batch-processintegrations\elementor\library.php:33

authwp_ajax_elemailer-lite-elementor-batch-my-template-processintegrations\elementor\library.php:34

authwp_ajax_elemailer-sync-page-builderintegrations\elementor\library.php:35

authwp_ajax_elemailer-saved-my-templatesintegrations\elementor\library.php:36

WordPress Hooks 47

actionadmin_footerapp\form-template\base.php:33

actionpublish_em-form-templateapp\form-template\base.php:34

filtermanage_edit-em-form-template_columnsapp\form-template\base.php:42

actionmanage_em-form-template_posts_custom_columnapp\form-template\base.php:43

actionrest_api_initcore\api.php:50

actioninitcore\cpt.php:30

actioninitcore\taxonomy.php:31

actionplugins_loadedelemailer-lite.php:38

actionwp_loadedelemailer-lite.php:55

actionadmin_headhelpers\notice.php:26

filtersafe_style_csshelpers\util.php:162

actionelementor/element/form/section_email/before_section_endintegrations\elementor\actions\hooks.php:29

actionelementor/element/form/section_email_2/before_section_endintegrations\elementor\actions\hooks.php:32

actionelementor/element/section/section_background/before_section_endintegrations\elementor\actions\hooks.php:35

filterelementor/document/configintegrations\elementor\actions\hooks.php:38

actionelementor/experiments/default-features-registeredintegrations\elementor\actions\hooks.php:42

filterelementor/admin/localize_settingsintegrations\elementor\actions\hooks.php:44

actionelementor_pro/forms/actions/registerintegrations\elementor\actions\hooks.php:64

actionelementor_pro/forms/form_submittedintegrations\elementor\actions\hooks.php:68

filterpre_option_elementor_experiment-editor_v2integrations\elementor\actions\hooks.php:187

actionadmin_noticesintegrations\elementor\base.php:22

actionadmin_noticesintegrations\elementor\base.php:33

actionadmin_noticesintegrations\elementor\base.php:37

actionelementor/editor/after_enqueue_stylesintegrations\elementor\base.php:48

actionelementor/frontend/after_enqueue_stylesintegrations\elementor\base.php:51

actionelementor/editor/after_enqueue_scriptsintegrations\elementor\base.php:54

actionelementor/frontend/before_enqueue_scriptsintegrations\elementor\base.php:57

actionadmin_initintegrations\elementor\base.php:59

actionadmin_noticesintegrations\elementor\base.php:60

actionelementor/page_templates/canvas/after_contentintegrations\elementor\base.php:61

filterelementor/utils/get_placeholder_image_srcintegrations\elementor\import.php:41

actionelementor/editor/footerintegrations\elementor\library.php:26

actionelementor/editor/footerintegrations\elementor\library.php:27

actionelementor/editor/before_enqueue_scriptsintegrations\elementor\library.php:28

actionelementor/preview/enqueue_stylesintegrations\elementor\library.php:29

actionelementor/document/after_saveintegrations\elementor\library.php:37

actionelementor/elements/categories_registeredintegrations\elementor\widgets\base.php:28

actionelementor/widgets/registerintegrations\elementor\widgets\base.php:31

actionwpcf7_before_send_mailintegrations\shortcode\actions\hooks.php:27

actioninitplugin.php:34

actionadmin_menuplugin.php:102

actionadmin_initplugin.php:103

actionadmin_enqueue_scriptsplugin.php:106

actionwp_enqueue_scriptsplugin.php:108

actionelementor/frontend/after_enqueue_stylesplugin.php:110

actionadmin_noticesplugin.php:116

actionafter_setup_themeplugin.php:144

Maintenance & Trust

Elemailer Lite – Elementor email template & campaign builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedAug 5, 2025

PHP min version7.2

Downloads94K

Community Trust

Rating90/100

Number of ratings28

Active installs5K

Alternatives

Elemailer Lite – Elementor email template & campaign builder Alternatives

Email addon for CF7

cf7-email-add-on

Email addon for CF7 plugin provides the responsive Email templates to admin and users.

3K 1 CVE

HTML Template for CF7

cf7-html-email-template-extension

100

Improve your Contact Form 7 emails with a HTML Template.

1K No CVEs

Connect SendGrid for Emails

connect-sendgrid-for-emails

Connect SendGrid to your WordPress site to send emails using SendGrid's cloud-based email platform.

900 No CVEs

Email Templates for Contact Form 7

email-templates-for-contact-form-7

100

Client-friendly HTML email templates for Contact Form 7, with a visual editor and live preview.

0 No CVEs

Hostinger Reach – AI-Powered Email Marketing for WordPress

hostinger-reach

Launch and grow your email marketing effortlessly with Hostinger Reach. Collect contacts, sync subscribers, and send emails – all in one, AI powered.

1.0M 1 CVE

Developer Profile

Elemailer Lite – Elementor email template & campaign builder Developer Profile

Elemailer

1 plugin · 5K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Elemailer Lite – Elementor email template & campaign builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/elemailer-lite/assets/css/elemailer-frontend.css/wp-content/plugins/elemailer-lite/assets/css/elemailer-editor.css/wp-content/plugins/elemailer-lite/assets/js/elemailer-frontend.js/wp-content/plugins/elemailer-lite/assets/js/elemailer-editor.js/wp-content/plugins/elemailer-lite/assets/js/admin-notice.js

Script Paths

/wp-content/plugins/elemailer-lite/assets/js/elemailer-frontend.js/wp-content/plugins/elemailer-lite/assets/js/elemailer-editor.js/wp-content/plugins/elemailer-lite/assets/js/admin-notice.js

Version Parameters

elemailer-lite/assets/css/elemailer-frontend.css?ver=elemailer-lite/assets/css/elemailer-editor.css?ver=elemailer-lite/assets/js/elemailer-frontend.js?ver=elemailer-lite/assets/js/elemailer-editor.js?ver=elemailer-lite/assets/js/admin-notice.js?ver=

HTML / DOM Fingerprints

CSS Classes

elementor-section-wrapelemailer-lite-notice-never-show

HTML Comments

Data Attributes

data-elementor-iddata-elementor-post-type

JS Globals

elemailer_lite_params

Shortcode Output

Email designed with Elementor ❤️ Powered by  <a target="_blank" href="https://elemailer.com?source=inemail">Elemailer</a>

FAQ