Gum Addon for Elementor Security & Risk Analysis
wordpress.org/plugins/gum-elementor-addonOffers inbuilt widgets for elementor that help to create design more attractive
Is Gum Addon for Elementor Safe to Use in 2026?
Generally Safe
Score 97/100Gum Addon for Elementor has a strong security track record. Known vulnerabilities have been patched promptly.
The plugin "gum-elementor-addon" version 1.3.15 presents a mixed security posture. On the positive side, static analysis reveals a notably clean attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events, and importantly, none of these entry points are exposed without authentication. The plugin also demonstrates good practices in its use of prepared statements for all SQL queries and a lack of file operations or external HTTP requests, which generally reduces the potential for common web vulnerabilities. However, a significant concern arises from the output escaping, where only 65% of outputs are properly escaped, indicating a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, especially given that XSS is the most common historical vulnerability type for this plugin. Furthermore, the absence of nonce checks and capability checks, although not directly exploitable due to the limited attack surface, points to potential gaps in secure coding practices that could become problematic if new entry points are introduced in future versions.
The vulnerability history is a critical red flag, with a total of 6 known CVEs, all of which are currently patched. The common thread among these past vulnerabilities is XSS, reinforcing the findings from the static analysis regarding insufficient output escaping. While the lack of currently unpatched CVEs is positive, the recurring nature of XSS vulnerabilities suggests a systemic weakness in how the plugin handles user-supplied data before rendering it to the page. The absence of any taint analysis results is not necessarily a strength, but rather suggests that the static analysis tools may not have been configured to fully analyze the plugin's code for taint flows, or that the identified vulnerabilities were not detected by the specific taint analysis methods used.
In conclusion, while "gum-elementor-addon" v1.3.15 has a commendable absence of direct exploitable entry points and employs secure SQL practices, the significant proportion of unescaped output and the history of XSS vulnerabilities present a notable risk. Developers should prioritize addressing the output escaping issues to mitigate the ongoing XSS threat. The lack of nonce and capability checks also indicates an area for improvement in overall secure coding practices.
Key Concerns
- Significant percentage of unescaped output
- History of 6 medium severity CVEs
- Common vulnerability type: XSS
- No nonce checks
- No capability checks
Gum Addon for Elementor Security Vulnerabilities
CVEs by Year
Severity Breakdown
6 total CVEs
Gum Elementor Addon <= 1.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
Gum Elementor Addon <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Gum Elementor Addon <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Gum Elementor Addon <= 1.3.5 - Authenticated (Editor+) Stored Cross-Site Scripting
Gum Elementor Addon <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price Table and Post Slider Widgets
Gum Elementor Addon <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Widget
Gum Addon for Elementor Code Analysis
Output Escaping
Gum Addon for Elementor Attack Surface
WordPress Hooks 58
Maintenance & Trust
Gum Addon for Elementor Maintenance & Trust
Maintenance Signals
Community Trust
Gum Addon for Elementor Alternatives
Responsive Sliding Menu
responsive-sliding-menu
Responsive Sliding Menu is a plugin that generates a side-opening menu shortcode. The menu is fully customizable
Flexi Post Grid
flexi-post-grid
AJAX-powered Post Grid widget for Elementor with preset layouts, filters, pagination types, and slider support.
Post and Product Grid for Elementor – Blog & WooCommerce Layout Addon
dynamic-post-grid-elementor-addon
Build advanced post and product layouts for Elementor with dynamic grids, lists, and sliders. Perfect for blogs, news sites, magazines, portfolios, an …
CW Pricing Table For Elementor
cw-pricing-table-for-elementor
CW Pricing Table For Elementor offers free widgets, including Pricing Tables, Carousels, and more.
Post Carousel for Elementor
post-carousel-for-elementor
Post Carousel for Elementor – Add beautifully responsive and modern post carousels to your Elementor pages with 40+ ready preset styles.
Gum Addon for Elementor Developer Profile
1 plugin · 50K total installs
How We Detect Gum Addon for Elementor
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/gum-elementor-addon/assets/css/gum-elementor-addon.css/wp-content/plugins/gum-elementor-addon/assets/js/gum-elementor-addon.js/wp-content/plugins/gum-elementor-addon/widgets/css/accordion.css/wp-content/plugins/gum-elementor-addon/widgets/css/blog-grid.css/wp-content/plugins/gum-elementor-addon/widgets/css/blog-image.css/wp-content/plugins/gum-elementor-addon/widgets/css/blog-lists.css/wp-content/plugins/gum-elementor-addon/widgets/css/blog-post-adjacent.css/wp-content/plugins/gum-elementor-addon/widgets/css/blog-post-meta.css+19 more/wp-content/plugins/gum-elementor-addon/assets/js/gum-elementor-addon.js/wp-content/plugins/gum-elementor-addon/widgets/js/accordion.js/wp-content/plugins/gum-elementor-addon/widgets/js/blog-grid.js/wp-content/plugins/gum-elementor-addon/widgets/js/blog-image.js/wp-content/plugins/gum-elementor-addon/widgets/js/blog-lists.js/wp-content/plugins/gum-elementor-addon/widgets/js/blog-post-adjacent.js+20 moregum-elementor-addon/assets/css/gum-elementor-addon.css?ver=gum-elementor-addon/assets/js/gum-elementor-addon.js?ver=gum-elementor-addon/widgets/css/accordion.css?ver=gum-elementor-addon/widgets/css/blog-grid.css?ver=gum-elementor-addon/widgets/css/blog-image.css?ver=gum-elementor-addon/widgets/css/blog-lists.css?ver=gum-elementor-addon/widgets/css/blog-post-adjacent.css?ver=gum-elementor-addon/widgets/css/blog-post-meta.css?ver=gum-elementor-addon/widgets/css/blog-post-related.css?ver=gum-elementor-addon/widgets/css/blog-post-share.css?ver=gum-elementor-addon/widgets/css/blog-term.css?ver=gum-elementor-addon/widgets/css/button.css?ver=gum-elementor-addon/widgets/css/carousel-ibox.css?ver=gum-elementor-addon/widgets/css/circle-bar.css?ver=gum-elementor-addon/widgets/css/counter.css?ver=gum-elementor-addon/widgets/css/heading.css?ver=gum-elementor-addon/widgets/css/icon-list.css?ver=gum-elementor-addon/widgets/css/image-box.css?ver=gum-elementor-addon/widgets/css/navigation-menu.css?ver=gum-elementor-addon/widgets/css/popover-btn.css?ver=gum-elementor-addon/widgets/css/post-slider.css?ver=gum-elementor-addon/widgets/css/pricetable.css?ver=gum-elementor-addon/widgets/css/progress.css?ver=gum-elementor-addon/widgets/css/section.css?ver=gum-elementor-addon/widgets/css/slideshow.css?ver=gum-elementor-addon/widgets/css/to-top-btn.css?ver=gum-elementor-addon/widgets/css/toggle-period.css?ver=gum-elementor-addon/widgets/js/accordion.js?ver=gum-elementor-addon/widgets/js/blog-grid.js?ver=gum-elementor-addon/widgets/js/blog-image.js?ver=gum-elementor-addon/widgets/js/blog-lists.js?ver=gum-elementor-addon/widgets/js/blog-post-adjacent.js?ver=gum-elementor-addon/widgets/js/blog-post-meta.js?ver=gum-elementor-addon/widgets/js/blog-post-related.js?ver=gum-elementor-addon/widgets/js/blog-post-share.js?ver=gum-elementor-addon/widgets/js/blog-term.js?ver=gum-elementor-addon/widgets/js/button.js?ver=gum-elementor-addon/widgets/js/carousel-ibox.js?ver=gum-elementor-addon/widgets/js/circle-bar.js?ver=gum-elementor-addon/widgets/js/counter.js?ver=gum-elementor-addon/widgets/js/heading.js?ver=gum-elementor-addon/widgets/js/icon-list.js?ver=gum-elementor-addon/widgets/js/image-box.js?ver=gum-elementor-addon/widgets/js/navigation-menu.js?ver=gum-elementor-addon/widgets/js/popover-btn.js?ver=gum-elementor-addon/widgets/js/post-slider.js?ver=gum-elementor-addon/widgets/js/pricetable.js?ver=gum-elementor-addon/widgets/js/progress.js?ver=gum-elementor-addon/widgets/js/section.js?ver=gum-elementor-addon/widgets/js/slideshow.js?ver=gum-elementor-addon/widgets/js/to-top-btn.js?ver=gum-elementor-addon/widgets/js/toggle-period.js?ver=HTML / DOM Fingerprints
gum-elementor-addonGumElementorAddon