WP-Safety

HMH Footer Builder For Elementor Security & Risk Analysis

wordpress.org/plugins/hmh-footer-builder-for-elementor

HMH Footer Builder For Elementor - Easy way to create any footers you can imagine.

10 active installs v1.0 PHP 5.2.4+ WP 4.0+ Updated May 20, 2019
build-footercustom-footeredit-footer-with-elementorwordpress-footer
64
C · Use Caution
CVEs total1
Unpatched1
Last CVEApr 1, 2025
Download
Safety Verdict

Is HMH Footer Builder For Elementor Safe to Use in 2026?

Use With Caution

Score 64/100

HMH Footer Builder For Elementor has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 1, 2025Updated 6yr ago
Risk Assessment

The "hmh-footer-builder-for-elementor" plugin v1.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by implementing nonce checks and capability checks for its entry points, and all SQL queries utilize prepared statements. The taint analysis shows no critical or high severity unsanitized flows, and a high percentage of output is properly escaped, suggesting an effort to prevent common injection vulnerabilities.

However, significant concerns arise from the presence of the `unserialize` function, which is inherently dangerous if not handled with extreme care and input validation. While the static analysis did not reveal specific unsanitized `unserialize` usage, its mere presence introduces a potential risk. Furthermore, the plugin has a history of known vulnerabilities, with one medium severity Cross-Site Scripting (XSS) vulnerability being currently unpatched. This indicates a potential pattern of security weaknesses that require diligent maintenance and prompt patching.

In conclusion, while the plugin has implemented some robust security measures, the presence of `unserialize` and an unpatched medium-severity vulnerability are notable weaknesses. The plugin's overall security is bolstered by its protected entry points and SQL practices, but these strengths are somewhat undermined by the identified historical and potentially exploitable code constructs. Continuous monitoring and prompt remediation of identified vulnerabilities are crucial for maintaining a secure environment.

Key Concerns

  • Unpatched CVE
  • Dangerous function detected (unserialize)
Vulnerabilities
1

HMH Footer Builder For Elementor Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-31749medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

HMH Footer Builder For Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 1, 2025Unpatched
Code Analysis
Analyzed Mar 17, 2026

HMH Footer Builder For Elementor Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
28
344 escaped
Nonce Checks
2
Capability Checks
2
File Operations
0
External Requests
2
Bundled Libraries
3

Dangerous Functions Found

unserialize$instagram = unserialize( base64_decode( $instagram ) );includes\shortcodes\elementor\custom_instagram.class.php:235
unserialize$instagram = unserialize( base64_decode( $instagram ) );includes\shortcodes\instagram.class.php:280

Bundled Libraries

DataTablesSelect2jQuery

Output Escaping

92% escaped372 total outputs
Data Flows
All sanitized

Data Flow Analysis

5 flows
begin_wrap_html (bestbugcore\classes\helper.class.php:83)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

HMH Footer Builder For Elementor Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_bb_save_optionsbestbugcore\classes\options.class.php:28
authwp_ajax_bb_save_postbestbugcore\classes\options.class.php:29
WordPress Hooks 57
actionwp_footerbestbugcore\classes\helper.class.php:27
actionadmin_footerbestbugcore\classes\helper.class.php:28
actionadmin_menubestbugcore\classes\options.class.php:27
actioninitbestbugcore\classes\posttypes.class.php:24
actioninitbestbugcore\extend\index.php:13
filtervc_shortcodes_css_classbestbugcore\extend\index.php:14
actioninitbestbugcore\extend\vc-params\number.class.php:26
actionadmin_enqueue_scriptsbestbugcore\extend\vc-params\number.class.php:36
actioninitbestbugcore\extend\vc-params\range.class.php:23
actionadmin_enqueue_scriptsbestbugcore\extend\vc-params\range.class.php:33
actioninitbestbugcore\extend\vc-params\responsive.class.php:23
actionadmin_enqueue_scriptsbestbugcore\extend\vc-params\responsive.class.php:33
actionadmin_footerbestbugcore\extend\vc-params\responsive.class.php:35
actionsave_postbestbugcore\extend\vc-params\responsive.class.php:38
actioninitbestbugcore\extend\vc-params\tabs.class.php:25
actionadmin_enqueue_scriptsbestbugcore\extend\vc-params\tabs.class.php:36
actioninitbestbugcore\extend\vc-params\tags.class.php:23
actionadmin_enqueue_scriptsbestbugcore\extend\vc-params\tags.class.php:32
actioninitbestbugcore\extend\vc-params\toggle.class.php:23
actionadmin_enqueue_scriptsbestbugcore\extend\vc-params\toggle.class.php:33
actionplugins_loadedbestbugcore\index.php:31
actionadmin_footerbestbugcore\index.php:32
actionadd_meta_boxesincludes\admin\metabox-footer.class.php:22
actionsave_postincludes\admin\metabox-footer.class.php:23
actionadmin_enqueue_scriptsincludes\admin\metabox-footer.class.php:30
actionwp_enqueue_scriptsincludes\admin\metabox-footer.class.php:32
actionadd_meta_boxesincludes\admin\metabox.class.php:23
actionsave_postincludes\admin\metabox.class.php:24
actionadmin_enqueue_scriptsincludes\admin\metabox.class.php:31
actionwp_enqueue_scriptsincludes\admin\metabox.class.php:33
actioninitincludes\filter.class.php:22
filtersingle_templateincludes\filter.class.php:23
actionbbfb_footerincludes\filter.class.php:28
actionwp_footerincludes\filter.class.php:30
actionadmin_enqueue_scriptsincludes\filter.class.php:34
actionwp_enqueue_scriptsincludes\filter.class.php:36
actionadmin_enqueue_scriptsincludes\helper.class.php:29
actionwp_enqueue_scriptsincludes\helper.class.php:31
filterbb_register_optionsincludes\options.class.php:28
actionadmin_enqueue_scriptsincludes\options.class.php:31
actionwp_enqueue_scriptsincludes\options.class.php:33
filterbb_register_posttypesincludes\posttypes.class.php:24
actionadmin_enqueue_scriptsincludes\posttypes.class.php:30
actionwp_enqueue_scriptsincludes\posttypes.class.php:32
actionelementor/widgets/widgets_registeredincludes\shortcodes\index.php:6
actioninitincludes\shortcodes\instagram.class.php:22
actionadmin_enqueue_scriptsincludes\shortcodes\instagram.class.php:33
actionwp_enqueue_scriptsincludes\shortcodes\instagram.class.php:35
actioninitincludes\shortcodes\menu.class.php:22
actionadmin_enqueue_scriptsincludes\shortcodes\menu.class.php:33
actionwp_enqueue_scriptsincludes\shortcodes\menu.class.php:35
actioninitincludes\shortcodes\social.class.php:22
actionadmin_enqueue_scriptsincludes\shortcodes\social.class.php:33
actionwp_enqueue_scriptsincludes\shortcodes\social.class.php:35
actioninitindex.php:75
actionadmin_enqueue_scriptsindex.php:81
actionwp_enqueue_scriptsindex.php:83
Maintenance & Trust

HMH Footer Builder For Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24
Last updatedMay 20, 2019
PHP min version5.2.4
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

HMH Footer Builder For Elementor Alternatives

DB Signatures

DB Signatures

db-signatures

A
85

Add some HTML content to the bottom of every posts, pages and custom post types.

10 No CVEs
Per Page Headers and Footers Code

Per Page Headers and Footers Code

per-page-headers-and-footers-code

A
85

This plugin allows you to add header and footer code to your wordpress website on a per page basis.

0 No CVEs
Developer Profile

HMH Footer Builder For Elementor Developer Profile

WPelite

2 plugins · 10 total installs

77
trust score
Avg Security Score
75/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect HMH Footer Builder For Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/hmh-footer-builder-for-elementor/assets/admin/css/admin.css/wp-content/plugins/hmh-footer-builder-for-elementor/assets/css/bbfb.css/wp-content/plugins/hmh-footer-builder-for-elementor/assets/js/script.js
Script Paths
/wp-content/plugins/hmh-footer-builder-for-elementor/assets/js/script.js
Version Parameters
hmh-footer-builder-for-elementor/assets/admin/css/admin.css?ver=hmh-footer-builder-for-elementor/assets/css/bbfb.css?ver=hmh-footer-builder-for-elementor/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
bb-footer-inside
Data Attributes
id="bb-footer-inside-class="bb-footer-inside"
Shortcode Output
[bbfb_menus][bbfb_instagram][bbfb_social]
FAQ

Frequently Asked Questions about HMH Footer Builder For Elementor