WP-Safety

Element Path for Elementor Security & Risk Analysis

wordpress.org/plugins/element-path-for-elementor

Extend the ability of Elementor Website Builder

0 active installs v1.0.0 PHP 5.6+ WP 4.7.0+ Updated Dec 4, 2022
addonselementor-addonelementor-addonselementor-extensionselementor-widget
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Element Path for Elementor Safe to Use in 2026?

Generally Safe

Score 85/100

Element Path for Elementor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

This plugin, "element-path-for-elementor" v1.0.0, exhibits a mixed security posture. While it demonstrates strong adherence to secure coding practices in certain areas, such as 100% use of prepared statements for SQL queries and nearly all output being properly escaped, it also presents significant risks due to a lack of authorization checks on its entry points. The static analysis reveals three AJAX handlers, all of which are unprotected, creating a substantial attack surface for unauthenticated users. This is a critical concern as it could allow unauthorized actions or data manipulation.

The presence of the `unserialize` function, while only one instance, warrants caution. Although no specific critical or high-severity taint flows were identified, the possibility of deserialization vulnerabilities exists if the data being unserialized is not strictly controlled or validated. The absence of any recorded vulnerabilities in its history is a positive indicator of past development diligence, but it does not negate the immediate risks identified in the current version's code. The plugin bundles Select2, which, if outdated, could introduce further vulnerabilities, though its version is not specified here.

In conclusion, while the plugin shows strengths in data handling and output sanitization, the complete lack of authorization on its AJAX endpoints is a severe security weakness. This makes it a high-risk plugin for any WordPress site. The potential for deserialization vulnerabilities also adds to the concern. Users should exercise extreme caution and prioritize patching this vulnerability by awaiting an update that implements proper authentication and authorization for its AJAX endpoints.

Key Concerns

  • 3 AJAX handlers without auth checks
  • Dangerous function unserialize present
  • Bundled library Select2 (version unknown)
Vulnerabilities
None known

Element Path for Elementor Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Element Path for Elementor Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Element Path for Elementor Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
13
1497 escaped
Nonce Checks
2
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
1

Dangerous Functions Found

unserialize$posted_data = unserialize( $posted_data );includes\classes\class-meta-boxes.php:123

Bundled Libraries

Select2

Output Escaping

99% escaped1510 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
import_element (includes\classes\class-hooks.php:32)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Element Path for Elementor Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

authwp_ajax_populate_import_popupincludes\classes\class-hooks.php:24
authwp_ajax_import_elementincludes\classes\class-hooks.php:25
authwp_ajax_add_social_itemincludes\classes\class-meta-boxes.php:17
WordPress Hooks 23
actionadmin_enqueue_scriptselement-path.php:35
actionelementor/editor/after_enqueue_styleselement-path.php:36
actioninitelement-path.php:37
actionplugins_loadedelement-path.php:39
actionelementor/widgets/widgets_registeredelement-path.php:40
actionelementor/frontend/after_enqueue_styleselement-path.php:41
actionelementor/frontend/before_enqueue_styleselement-path.php:43
actionelementor/frontend/after_register_scriptselement-path.php:44
actioninitincludes\classes\class-hooks.php:14
actionadmin_menuincludes\classes\class-hooks.php:15
actionadmin_initincludes\classes\class-hooks.php:16
actionelementor/elements/categories_registeredincludes\classes\class-hooks.php:17
actionpb_settings_before_elmpath_elements_activeincludes\classes\class-hooks.php:19
actionpb_settings_before_elmpath_elements_ext_activeincludes\classes\class-hooks.php:20
actionpb_settings_fields_areaincludes\classes\class-hooks.php:21
actionelmpath_update_dataincludes\classes\class-hooks.php:22
actionadmin_enqueue_scriptsincludes\classes\class-hooks.php:250
actionadd_meta_boxesincludes\classes\class-meta-boxes.php:15
actionsave_postincludes\classes\class-meta-boxes.php:16
actionadmin_menuincludes\classes\class-pb-settings.php:37
actionadmin_initincludes\classes\class-pb-settings.php:42
actionadmin_noticesincludes\classes\class-pb-settings.php:43
filterwhitelist_optionsincludes\classes\class-pb-settings.php:45

Scheduled Events 1

elmpath_update_data
Maintenance & Trust

Element Path for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedDec 4, 2022
PHP min version5.6
Downloads830

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Element Path for Elementor Alternatives

Livemesh Addons by Elementor

Livemesh Addons by Elementor

addons-for-elementor

D
30

Elementor Addons that saves time with multiple ready-to-use drag and drop styles for 30+ essential widgets built for Elementor page builder.

40K 3 unpatched
LA-Studio Element Kit for Elementor

LA-Studio Element Kit for Elementor

lastudio-element-kit

B
83

The advanced addons for Elementor

10K 18 CVEs
WPBITS Addons For Elementor Page Builder

WPBITS Addons For Elementor Page Builder

wpbits-addons-for-elementor

B
72

Addons for Elementor Page Builder.

2K 1 unpatched
Easy Elementor Addons – Addons Pack for Elementor Page Builder

Easy Elementor Addons – Addons Pack for Elementor Page Builder

easy-elementor-addons

A
94

Level up with Easy Elementor Addons – adds powerful widgets and sleek design tools to your favorite Elementor page builder.

1K 7 CVEs
Vertex Addons for Elementor

Vertex Addons for Elementor

addons-for-elementor-builder

A
95

Enhance Elementor with Vertex Addons — fast, lightweight widgets & extensions to build stunning sites without code. Perfect for pros & agencies.

400 3 CVEs
Developer Profile

Element Path for Elementor Developer Profile

Template Path

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Element Path for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/element-path-for-elementor/assets/admin/css/style.css/wp-content/plugins/element-path-for-elementor/assets/front/js/owl.carousel.min.js/wp-content/plugins/element-path-for-elementor/assets/front/js/jquery.jConveyorTicker.js/wp-content/plugins/element-path-for-elementor/assets/front/js/jquery.appear.js/wp-content/plugins/element-path-for-elementor/assets/front/js/image-compare-viewer.min.js/wp-content/plugins/element-path-for-elementor/assets/front/js/waypoint.min.js/wp-content/plugins/element-path-for-elementor/assets/front/js/timeline.min.js/wp-content/plugins/element-path-for-elementor/assets/front/js/jquery.justifiedGallery.min.js+18 more
Script Paths
assets/admin/css/style.cssassets/front/js/owl.carousel.min.jsassets/front/js/jquery.jConveyorTicker.jsassets/front/js/jquery.appear.jsassets/front/js/image-compare-viewer.min.jsassets/front/js/waypoint.min.js+20 more
Version Parameters
?ver=1.0.0

HTML / DOM Fingerprints

CSS Classes
elmpath-accordion-wrapper
Data Attributes
data-elmpath-typewriter
JS Globals
elmpath
FAQ

Frequently Asked Questions about Element Path for Elementor