WP-Safety

Exclusive Addons for Elementor Security & Risk Analysis

wordpress.org/plugins/exclusive-addons-for-elementor

Exclusive Addons is one of the Best Elementor Addons With 90+ Elementor Free & Pro Widgets with all the customizations options you ever imagined.

60K active installs v2.7.9.8 PHP + WP 4.6+ Updated Dec 2, 2025
elementorelementor-addonselementor-widgetsultimate-addonswoocommerce-builder
96
A · Safe
CVEs total24
Unpatched0
Last CVEAug 5, 2025
Plugin page Download
Safety Verdict

Is Exclusive Addons for Elementor Safe to Use in 2026?

Generally Safe

Score 96/100

Exclusive Addons for Elementor has a strong security track record. Known vulnerabilities have been patched promptly.

24 known CVEsLast CVE: Aug 5, 2025Updated 4mo ago
Risk Assessment

The "exclusive-addons-for-elementor" plugin v2.7.9.8 presents a mixed security posture. While the static analysis shows a relatively low number of critical code-level risks, with no identified unsanitized taint flows and all SQL queries using prepared statements, there are notable areas of concern. The presence of two AJAX handlers without authentication checks directly contributes to a tangible attack surface that could be exploited by unauthenticated users. Furthermore, the plugin's history of 24 known CVEs, predominantly categorized as medium severity and including issues like "Exposure of Sensitive Information," "Improper Input Validation," and "Missing Authorization," suggests a recurring pattern of security weaknesses that require ongoing vigilance. The fact that the last vulnerability was dated in the future (2025-08-05) is unusual and requires clarification, but assuming it's a data anomaly, the historical trend indicates a plugin that has been prone to various vulnerabilities in the past. Despite the absence of currently unpatched CVEs and good practices in SQL handling and output escaping, the two unprotected AJAX endpoints and the extensive vulnerability history necessitate caution.

Key Concerns

  • Unprotected AJAX handlers detected
  • High number of past vulnerabilities (24 CVEs)
  • Use of 'unserialize' function
Vulnerabilities
24

Exclusive Addons for Elementor Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2023
2023
18 CVEs in 2024
2024
4 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
24

24 total CVEs

CVE-2025-7498medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exclusive Addons for Elementor <= 2.7.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown

Aug 5, 2025 Patched in 2.7.9.5 (1d)
CVE-2025-4783medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exclusive Addons for Elementor <= 2.7.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget

May 26, 2025 Patched in 2.7.9.2 (1d)
CVE-2025-48244medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exclusive Addons Elementor <= 2.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

May 19, 2025 Patched in 2.7.9.1 (10d)
CVE-2025-1571medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exclusive Addons for Elementor <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text and Image Comparison Widgets

Feb 27, 2025 Patched in 2.7.7 (1d)
CVE-2024-10312medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

Exclusive Addons for Elementor <= 2.7.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates

Oct 28, 2024 Patched in 2.7.5 (1d)
CVE-2024-49292medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exclusive Addons Elementor <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 15, 2024 Patched in 2.7.2 (4d)
CVE-2024-5332medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exclusive Addons for Elementor <= 2.6.9.8 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Card Widget

Jun 25, 2024 Patched in 2.6.9.9 (1d)
CVE-2024-4618medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exclusive Addons for Elementor <= 2.6.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget

May 14, 2024 Patched in 2.6.9.7 (1d)
CVE-2024-33914medium · 5.4Missing Authorization

Exclusive Addons Elementor <= 2.6.9.1 - Missing Authorization to Post Duplication

Apr 29, 2024 Patched in 2.6.9.2 (9d)
CVE-2024-3985medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exclusive Addons for Elementor <= 2.6.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action

Apr 22, 2024 Patched in 2.6.9.5 (11d)
CVE-2024-2750medium · 6.4Improper Neutralization of Alternate XSS Syntax

Exclusive Addons for Elementor <= 2.6.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget

Apr 22, 2024 Patched in 2.6.9.4 (11d)
CVE-2024-3489medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exclusive Addons for Elementor <= 2.6.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Expired Title

Apr 22, 2024 Patched in 2.6.9.5 (11d)
CVE-2024-2503medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exclusive Addons for Elementor <= 2.6.9.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Post Grid

Apr 15, 2024 Patched in 2.6.9.3 (47d)
CVE-2024-2751medium · 6.4Improper Input Validation

Exclusive Addons for Elementor <= 2.6.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via InfoBox

Apr 15, 2024 Patched in 2.6.9.3 (18d)
CVE-2024-30232medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exclusive Addons Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 26, 2024 Patched in 2.6.9.1 (7d)
CVE-2024-30177medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exclusive Addons Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 25, 2024 Patched in 2.6.9 (8d)
CVE-2024-1234medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 29, 2024 Patched in 2.6.9.1 (14d)
CVE-2024-1414medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widget

Feb 29, 2024 Patched in 2.6.9.1 (14d)
CVE-2024-2028medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Covid-19 Stats Widget

Feb 29, 2024 Patched in 2.6.9.1 (14d)
CVE-2024-1413medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget

Feb 29, 2024 Patched in 2.6.9.1 (14d)
CVE-2024-0823medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exclusive Addons for Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 26, 2024 Patched in 2.6.9 (186d)
CVE-2024-0824medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exclusive Addons for Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Anything

Jan 26, 2024 Patched in 2.6.9 (186d)
CVE-2022-45067medium · 4.3Cross-Site Request Forgery (CSRF)

Exclusive Addons for Elementor <= 2.6.1 - Cross-Site Request Forgery

Jan 7, 2023 Patched in 2.6.2 (381d)
WF-84003388-c47c-41db-8d2d-4643aa375a89-exclusive-addons-for-elementormedium · 4.3Missing Authorization

Appsero <= 1.2.1 - Missing Authorization

Dec 16, 2022 Patched in 2.6.2 (699d)
Code Analysis
Analyzed Mar 16, 2026

Exclusive Addons for Elementor Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
1 prepared
Unescaped Output
104
695 escaped
Nonce Checks
7
Capability Checks
9
File Operations
0
External Requests
9
Bundled Libraries
0

Dangerous Functions Found

unserializereturn unserialize(wp_remote_retrieve_body($response));admin\dashboard-notice.php:56

SQL Query Safety

100% prepared1 total queries

Output Escaping

87% escaped799 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
exad_facebook_feed_ajax (base.php:349)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Exclusive Addons for Elementor Attack Surface

Entry Points9
Unprotected2

AJAX Handlers 9

authwp_ajax_exad_install_pluginadmin\dashboard-notice.php:19
authwp_ajax_exad_upgrade_pluginadmin\dashboard-notice.php:20
authwp_ajax_exad_activate_pluginadmin\dashboard-notice.php:21
authwp_ajax_exad_notice_dismissadmin\dashboard-notice.php:22
authwp_ajax_exad_ajax_save_elements_settingadmin\dashboard-settings.php:47
authwp_ajax_ajax_paginationbase.php:102
noprivwp_ajax_ajax_paginationbase.php:103
authwp_ajax_exad_facebook_feed_actionbase.php:106
noprivwp_ajax_exad_facebook_feed_actionbase.php:107
WordPress Hooks 36
actionadmin_menuadmin\dashboard-settings.php:45
actionadmin_enqueue_scriptsadmin\dashboard-settings.php:46
actionadmin_initbase.php:88
actioninitbase.php:91
filterelementor/utils/get_placeholder_image_srcbase.php:93
actionelementor/elements/categories_registeredbase.php:95
actionelementor/controls/controls_registeredbase.php:97
filterbody_classbase.php:99
filterelementor/document/save/database.php:109
actionadmin_noticesexclusive-addons-elementor.php:44
actionadmin_noticesexclusive-addons-elementor.php:50
actionadmin_noticesexclusive-addons-elementor.php:56
actioninitexclusive-addons-elementor.php:63
actionelementor/element/section/section_background/before_section_endextensions\glass-effect.php:12
actionelementor/element/column/section_style/before_section_endextensions\glass-effect.php:13
actionelementor/element/common/_section_background/before_section_endextensions\glass-effect.php:14
filterelementor/icons_manager/additional_tabsextensions\icons-manager.php:9
actionelementor/element/column/section_advanced/after_section_endextensions\link-anything.php:11
actionelementor/element/section/section_advanced/after_section_endextensions\link-anything.php:12
actionelementor/element/common/_section_style/after_section_endextensions\link-anything.php:13
actionelementor/frontend/before_renderextensions\link-anything.php:15
filteradmin_action_exad_duplicateextensions\post-duplicator.php:7
filterpost_row_actionsextensions\post-duplicator.php:8
filterpage_row_actionsextensions\post-duplicator.php:9
actionelementor/frontend/column/before_renderextensions\sticky.php:12
actionelementor/element/section/section_advanced/after_section_endextensions\sticky.php:14
actionelementor/element/column/section_advanced/after_section_endextensions\sticky.php:15
actionelementor/element/common/_section_style/after_section_endextensions\sticky.php:16
actionelementor/widgets/registerincludes\addons-manager-class.php:76
actionelementor/frontend/after_register_scriptsincludes\assets-manager-class.php:18
actionwp_enqueue_scriptsincludes\assets-manager-class.php:20
actionelementor/editor/after_enqueue_scriptsincludes\assets-manager-class.php:22
filterwpml_elementor_widgets_to_translateincludes\multilang-compatibility\class-elements-free-wpml-compatibility.php:38
actionelementor/editor/footerlibrary\library-manager.class.php:15
actionelementor/ajax/register_actionslibrary\library-manager.class.php:16
actionelementor/preview/enqueue_styleslibrary\library-manager.class.php:17
Maintenance & Trust

Exclusive Addons for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 2, 2025
PHP min version
Downloads1.5M

Community Trust

Rating92/100
Number of ratings48
Active installs60K
Alternatives

Exclusive Addons for Elementor Alternatives

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

A
89

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 22 CVEs
Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs
Ultimate Addons for Elementor

Ultimate Addons for Elementor

header-footer-elementor

A
96

Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa &hellip;

2.0M 12 CVEs
Premium Addons for Elementor – Powerful Elementor Templates & Widgets

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

A
95

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 35 CVEs
Royal Addons for Elementor – Addons and Templates Kit for Elementor

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

C
50

Elementor templates, Header footer builder, Elementor Post Grid, Woocommerce Grid builder, Slider, Forms, Gallery, Nav menu addons, Elementor widgets.

600K 1 unpatched
Developer Profile

Exclusive Addons for Elementor Developer Profile

Tim Strifler

2 plugins · 160K total installs

87
trust score
Avg Security Score
98/100
Avg Patch Time
69 days
View full developer profile
Detection Fingerprints

How We Detect Exclusive Addons for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/exclusive-addons-for-elementor/admin/assets/css/exad-admin.min.css/wp-content/plugins/exclusive-addons-for-elementor/admin/assets/js/exad-admin.min.js/wp-content/plugins/exclusive-addons-for-elementor/admin/assets/css/exad-notice.min.css
Script Paths
/wp-content/plugins/exclusive-addons-for-elementor/admin/assets/js/exad-admin.min.js
Version Parameters
exclusive-addons-for-elementor/admin/assets/js/exad-admin.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
exad-admin-cssexad-notice-css
Data Attributes
exad-dashboard-sidebar-icon.svg
JS Globals
js_exad_settings
FAQ

Frequently Asked Questions about Exclusive Addons for Elementor