Does Enter Addons – Ultimate Template Builder for Elementor have any unpatched vulnerabilities?

No. All known vulnerabilities in Enter Addons – Ultimate Template Builder for Elementor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Enter Addons – Ultimate Template Builder for Elementor compatible with WordPress 6.9.4?

According to WordPress.org data, Enter Addons – Ultimate Template Builder for Elementor 2.3.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Enter Addons – Ultimate Template Builder for Elementor compatible with PHP 7.4+?

Enter Addons – Ultimate Template Builder for Elementor requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Enter Addons – Ultimate Template Builder for Elementor Security & Risk Analysis

wordpress.org/plugins/enteraddons

EnterAddons | Ultimate Addons For WordPress And Elementor

1K active installs v2.3.3 PHP 7.4+ WP 6.5+ Updated Jan 20, 2026

addonselementorelementor-addonselementor-widgetelements

A · Safe

CVEs total10

Unpatched0

Last CVEJan 28, 2026

Plugin page Download

Safety Verdict

Is Enter Addons – Ultimate Template Builder for Elementor Safe to Use in 2026?

Generally Safe

Score 95/100

Enter Addons – Ultimate Template Builder for Elementor has a strong security track record. Known vulnerabilities have been patched promptly.

10 known CVEsLast CVE: Jan 28, 2026Updated 2mo ago

Risk Assessment

The EnterAddons v2.3.3 plugin exhibits a mixed security posture. While the static analysis shows a strong adherence to secure coding practices, particularly with 100% of SQL queries using prepared statements and a high percentage of properly escaped output (81%), there are underlying concerns indicated by its vulnerability history. The absence of critical or high severity vulnerabilities in its history, coupled with the lack of any currently unpatched CVEs, is positive. However, the presence of 10 medium severity CVEs, primarily involving CSRF, XSS, and authorization bypass, suggests past weaknesses that required remediation.

The static analysis reveals no critical taint flows, and all identified entry points (AJAX handlers) appear to have authentication checks, which is excellent. The plugin also demonstrates good practice with 7 nonce checks and 5 capability checks. The bundling of the Select2 library is a minor point, but not inherently a security risk in itself without further context on its specific version and implementation. The file operations and external HTTP requests are not inherently problematic without evidence of misuse.

In conclusion, EnterAddons v2.3.3 has implemented good defensive coding for its current version, addressing past issues. The historical pattern of medium severity vulnerabilities, however, warrants continued vigilance. Users should ensure they are always running the latest available version of the plugin to benefit from any further security patches and mitigations.

Key Concerns

10 medium severity historical CVEs
Bundled library (Select2)

Vulnerabilities

Enter Addons – Ultimate Template Builder for Elementor Security Vulnerabilities

CVEs by Year

8 CVEs in 2024

2024

1 CVE in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

10 total CVEs

CVE-2026-25014medium · 4.3Cross-Site Request Forgery (CSRF)

Enter Addons <= 2.3.2 - Cross-Site Request Forgery

Jan 28, 2026 Patched in 2.3.3 (6d)

CVE-2025-8687medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Enter Addons <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown and Image Comparison Widgets

Dec 12, 2025 Patched in 2.2.8 (1d)

CVE-2024-56252medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Enter Addons <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 30, 2024 Patched in 2.2.1 (10d)

CVE-2024-10868medium · 4.3Authorization Bypass Through User-Controlled Key

Enter Addons – Ultimate Template Builder for Elementor <= 2.1.9 - Authenticated (Contributor+) Post Disclosure

Nov 22, 2024 Patched in 2.2.0 (3d)

CVE-2024-47625medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Enter Addons <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 30, 2024 Patched in 2.1.9 (11d)

CVE-2024-7611medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Enter Addons – Ultimate Template Builder for Elementor <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Events Card Widget

Sep 6, 2024 Patched in 2.1.9 (19d)

CVE-2024-43225medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Enter Addons <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 9, 2024 Patched in 2.2.0 (111d)

CVE-2024-37263medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Enter Addons <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 27, 2024 Patched in 2.1.7 (6d)

CVE-2024-3680medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Enter Addons – Ultimate Template Builder for Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animation Title widget img tag

May 8, 2024 Patched in 2.1.6 (14d)

CVE-2024-3831medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Enter Addons – Ultimate Template Builder for Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading widget

May 8, 2024 Patched in 2.1.6 (24d)

Code Analysis

Analyzed Mar 16, 2026

Enter Addons – Ultimate Template Builder for Elementor Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

196

847 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared2 total queries

Output Escaping

81% escaped1043 total outputs

Attack Surface

Enter Addons – Ultimate Template Builder for Elementor Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_settings_data_save_actionadmin\inc\Admin_Ajax_handler.php:26

authwp_ajax_mailchimp_action_fireclasses\Ajax_Handler.php:21

noprivwp_ajax_mailchimp_action_fireclasses\Ajax_Handler.php:22

WordPress Hooks 36

actionadmin_enqueue_scriptsadmin\Admin.php:21

actionadmin_footeradmin\Admin.php:22

actionadmin_initadmin\Admin.php:23

actionadmin_menuadmin\inc\Admin_Menu.php:21

actionadmin_initadmin\inc\Admin_Menu.php:22

actionadmin_noticesadmin\inc\Admin_Notices.php:23

actionswitch_themeappsero\src\Insights.php:140

actionswitch_themeappsero\src\Insights.php:141

actionadmin_footerappsero\src\Insights.php:158

actionadmin_noticesappsero\src\Insights.php:175

actionadmin_initappsero\src\Insights.php:178

filtercron_schedulesappsero\src\Insights.php:184

actionadmin_menuappsero\src\License.php:219

actionafter_switch_themeappsero\src\License.php:781

actionswitch_themeappsero\src\License.php:782

actionelementor/editor/after_saveclasses\Cache_Manager.php:20

actionafter_delete_postclasses\Cache_Manager.php:21

actionwp_enqueue_scriptsclasses\Cache_Manager.php:22

actionelementor/frontend/after_enqueue_stylesclasses\Editor_Widgets_Assets_Base.php:34

actionadd_meta_boxesclasses\Meta_Base.php:19

actionelementor/frontend/after_register_scriptscore\base\Enqueue_Base.php:33

actionelementor/elements/categories_registeredcore\base\Widgets_Base.php:38

actionelementor/widgets/registercore\base\Widgets_Base.php:40

actioninitenteraddons.php:115

actionplugins_loadedenteraddons.php:120

actionadmin_noticesenteraddons.php:123

filtersingle_templateheader-footer-builder\Header_Footer_Builder.php:21

actioninitheader-footer-builder\Header_Footer_Builder.php:23

filterparse_queryheader-footer-builder\Header_Footer_Builder.php:26

actionget_headerheader-footer-builder\Header_Footer_Builder.php:28

actionget_footerheader-footer-builder\Header_Footer_Builder.php:30

actionadd_meta_boxesheader-footer-builder\Post_Type_Meta.php:20

actionsave_post_ea_builder_templateheader-footer-builder\Post_Type_Meta.php:21

filterviews_edit-ea_builder_templateheader-footer-builder\Post_Type_Meta.php:22

filtermanage_ea_builder_template_posts_columnsheader-footer-builder\Post_Type_Meta.php:23

actionmanage_ea_builder_template_posts_custom_columnheader-footer-builder\Post_Type_Meta.php:24

Maintenance & Trust

Enter Addons – Ultimate Template Builder for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 20, 2026

PHP min version7.4

Downloads39K

Community Trust

Rating100/100

Number of ratings3

Active installs1K

Alternatives

Enter Addons – Ultimate Template Builder for Elementor Alternatives

Qi Addons For Elementor

qi-addons-for-elementor

Qi Addons for Elementor is a comprehensive library of 60+ custom, flexible & easily styled Elementor widgets developed by Qode Interactive.

200K 10 CVEs

Mega Elements – Addons for Elementor

mega-elements-addons-for-elementor

A powerful and advanced all in one Elementor addons with unique styling features to create a beautiful website effortlessly.

10K 6 CVEs

ElementsReady Addons for Elementor

element-ready-lite

ElementsReady Addons for Elementor comes up with ultimate widgets like Post, Accordion, Portfolio, Testimonial, Nav menu, Carousel, Slider etc..

3K 9 CVEs

WPB Addons for Elementor – News Ticker, Timeline, Team, Services, Testimonials, and Much More

wpb-elementor-addons

A powerful collection of custom Elementor widgets and extensions to build advanced layouts with ease.

3K 1 unpatched

MT Addons for Elementor

mt-addons-for-elementor

MT Addons for Elementor with 50+ widgets, crafted by ModelTheme for dynamic, stylish website creation.

2K 1 CVE

Developer Profile

Enter Addons – Ultimate Template Builder for Elementor Developer Profile

themelooks

11 plugins · 3K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

20 days

View full developer profile

Detection Fingerprints

How We Detect Enter Addons – Ultimate Template Builder for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/enteraddons/assets/css/frontend.css/wp-content/plugins/enteraddons/assets/js/frontend.js/wp-content/plugins/enteraddons/widgets/assets/css/widgets.css/wp-content/plugins/enteraddons/widgets/assets/js/widgets.js/wp-content/plugins/enteraddons/header-footer-builder/assets/css/header-footer-builder.css/wp-content/plugins/enteraddons/header-footer-builder/assets/js/header-footer-builder.js

Script Paths

/wp-content/plugins/enteraddons/assets/js/frontend.js/wp-content/plugins/enteraddons/widgets/assets/js/widgets.js/wp-content/plugins/enteraddons/header-footer-builder/assets/js/header-footer-builder.js

Version Parameters

enteraddons/assets/css/frontend.css?ver=enteraddons/assets/js/frontend.js?ver=enteraddons/widgets/assets/css/widgets.css?ver=enteraddons/widgets/assets/js/widgets.js?ver=enteraddons/header-footer-builder/assets/css/header-footer-builder.css?ver=enteraddons/header-footer-builder/assets/js/header-footer-builder.js?ver=

HTML / DOM Fingerprints

CSS Classes

enteraddons-wrapperelementor-enteraddons-addonsenteraddons-animated-textenteraddons-btnenteraddons-price-table

HTML Comments

+4 more

Data Attributes

data-enteraddons-animationdata-enteraddons-animation-delaydata-enteraddons-durationdata-enteraddons-iterationdata-enteraddons-direction

JS Globals

EnterAddonsFrontendEnterAddonsWidgetsFrontendEnterAddonsHeaderFooterBuilderFrontend

FAQ