WP-Safety

Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress Security & Risk Analysis

wordpress.org/plugins/jeg-elementor-kit

Extend Elementor with 68+ widgets, 114 prebuilt demos, Mega Menu Builder, Theme Builder, and advanced interactive effects.

400K active installs v3.0.3 PHP 7.4+ WP 5.0+ Updated Feb 2, 2026
addonselementorelementstemplateswidgets
92
A · Safe
CVEs total17
Unpatched0
Last CVEJan 7, 2026
Plugin page Download
Safety Verdict

Is Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress Safe to Use in 2026?

Generally Safe

Score 92/100

Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress has a strong security track record. Known vulnerabilities have been patched promptly.

17 known CVEsLast CVE: Jan 7, 2026Updated 2mo ago
Risk Assessment

The static analysis of jeg-elementor-kit v3.0.3 reveals a mixed security posture. On the positive side, the plugin demonstrates good practices by exclusively using prepared statements for its SQL queries and maintaining a high percentage of properly escaped output. It also has no identified critical or high severity taint flows, indicating a generally good approach to handling user input in terms of preventing direct code injection or manipulation of sensitive operations. The absence of bundled libraries and a relatively low number of file operations and external HTTP requests are also favorable security indicators.

Key Concerns

  • Unprotected AJAX handlers present
  • Significant vulnerability history
  • 1 high severity vulnerability historically
  • 16 medium severity vulnerabilities historically
  • 4 unsanitized path taint flows
  • Limited capability checks
  • Limited nonce checks
Vulnerabilities
17

Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress Security Vulnerabilities

CVEs by Year

2 CVEs in 2022
2022
11 CVEs in 2024
2024
3 CVEs in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
1
Medium
16

17 total CVEs

CVE-2025-14275medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Elementor Kit <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

Jan 7, 2026 Patched in 3.0.2 (1d)
CVE-2025-9978medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Kit for Elementor – Powerful Elementor Addons, Widgets & Templates for WordPress < 2.6.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG

Oct 3, 2025 Patched in 2.7.0 (26d)
CVE-2025-2944medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Elementor Kit <= 2.6.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Button and Countdown Widgets

May 9, 2025 Patched in 2.6.13 (1d)
CVE-2024-13217medium · 4.3Exposure of Private Personal Information to an Unauthorized Actor

Jeg Elementor Kit <= 2.6.11 - Authenticated (Contributor+) Sensitive Information Exposure via Countdown and Off-Canvas

Feb 26, 2025 Patched in 2.6.12 (1d)
CVE-2024-8899medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

Jeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Sensitive Information Exposure via sg_content_template

Nov 25, 2024 Patched in 2.6.10 (1d)
CVE-2024-10308medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Countdown Widget

Nov 25, 2024 Patched in 2.6.10 (1d)
CVE-2024-47390medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Elementor Kit <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 30, 2024 Patched in 2.6.9 (11d)
CVE-2024-6804medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Elementor Kit <= 2.6.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File

Aug 26, 2024 Patched in 2.6.8 (1d)
CVE-2024-4479medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Elementor Kit <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Tabs and JKit - Accordion Widgets

Jun 14, 2024 Patched in 2.6.6 (1d)
CVE-2024-3161medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

Apr 30, 2024 Patched in 2.6.5 (3d)
CVE-2024-0334medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Cross-Site Scripting via Elementor Widget URL Custom Attributes

Apr 30, 2024 Patched in 2.6.5 (91d)
CVE-2024-3819medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Banner

Apr 26, 2024 Patched in 2.6.5 (7d)
CVE-2024-1327medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box

Apr 2, 2024 Patched in 2.6.4 (1d)
CVE-2024-3162medium · 6.4Improper Neutralization of Alternate XSS Syntax

Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial

Apr 2, 2024 Patched in 2.6.4 (28d)
CVE-2024-1326medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Elementor Kit <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags

Feb 27, 2024 Patched in 2.6.3 (23d)
CVE-2022-3794medium · 5.4Authorization Bypass Through User-Controlled Key

Jeg Elementor Kit <= 2.5.6 - Authorization Bypass

Nov 4, 2022 Patched in 2.5.7 (445d)
CVE-2022-3805high · 8.6Authorization Bypass Through User-Controlled Key

Jeg Elementor Kit <= 2.5.6 - Unauthenticated Authorization Bypass

Nov 4, 2022 Patched in 2.5.7 (445d)
Code Analysis
Analyzed Mar 16, 2026

Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
21 prepared
Unescaped Output
22
560 escaped
Nonce Checks
4
Capability Checks
20
File Operations
1
External Requests
14
Bundled Libraries
0

SQL Query Safety

100% prepared21 total queries

Output Escaping

96% escaped582 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
admin_ajax_parse_request (class\ajax\class-ajax.php:127)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress Attack Surface

Entry Points12
Unprotected3

AJAX Handlers 12

authwp_ajax_jkit_create_elementclass\ajax\class-ajax.php:76
authwp_ajax_jkit_delete_elementclass\ajax\class-ajax.php:77
authwp_ajax_jkit_update_sequenceclass\ajax\class-ajax.php:78
authwp_ajax_jkit_clone_elementclass\ajax\class-ajax.php:79
authwp_ajax_jkit_detail_elementclass\ajax\class-ajax.php:80
authwp_ajax_jkit_update_elementclass\ajax\class-ajax.php:81
authwp_ajax_jkit_find_taxonomyclass\ajax\class-ajax.php:83
authwp_ajax_jkit_find_authorclass\ajax\class-ajax.php:84
authwp_ajax_jkit_find_posts_objectclass\ajax\class-ajax.php:85
authwp_ajax_jkit_notice_banner_closeclass\banner\class-banner.php:57
authwp_ajax_jkit_notice_banner_reviewclass\banner\class-banner.php:58
authwp_ajax_jkit_notice_banner_upgrade_closeclass\banner\class-banner.php:59
WordPress Hooks 68
actionrest_api_initclass\admin\class-api.php:66
filterwp_doing_ajaxclass\admin\class-api.php:76
filterhttp_request_host_is_externalclass\admin\class-api.php:1293
filterhttp_request_host_is_externalclass\admin\class-api.php:1328
filterhttp_request_argsclass\admin\class-api.php:2679
actionparse_requestclass\ajax\class-ajax.php:71
filterquery_varsclass\ajax\class-ajax.php:72
actionparse_requestclass\ajax\class-ajax.php:74
filterwp_doing_ajaxclass\ajax\class-ajax.php:108
filterwp_doing_ajaxclass\ajax\class-ajax.php:129
filterjeg_register_elementsclass\ajax\class-ajax.php:189
filterposts_whereclass\ajax\class-ajax.php:364
actionin_admin_headerclass\banner\class-banner.php:53
actionadmin_noticesclass\banner\class-banner.php:55
actionadmin_enqueue_scriptsclass\banner\class-banner.php:60
filterelementor/fonts/additional_fontsclass\class-fonts.php:62
filterbody_classclass\class-init.php:60
actionafter_setup_themeclass\class-init.php:62
actioninitclass\dashboard\class-dashboard.php:170
actionadmin_menuclass\dashboard\class-dashboard.php:172
actionadmin_menuclass\dashboard\class-dashboard.php:173
actionadmin_bar_menuclass\dashboard\class-dashboard.php:174
actionadmin_enqueue_scriptsclass\dashboard\class-dashboard.php:176
actionwizard_enqueue_scriptsclass\dashboard\class-dashboard.php:177
actionelementor/initclass\elements\class-element.php:54
filterjeg_register_elementsclass\elements\class-element.php:55
filterelementor/widgets/registerclass\elements\class-element.php:56
actionelementor/element/common/_section_style/after_section_endclass\elements\class-element.php:57
actionelementor/element/column/section_advanced/after_section_endclass\elements\class-element.php:58
actionelementor/element/section/section_advanced/after_section_endclass\elements\class-element.php:59
actionelementor/element/container/section_layout/after_section_endclass\elements\class-element.php:60
actionelementor/elements/categories_registeredclass\elements\class-element.php:61
filterelementor/editor/localize_settingsclass\elements\class-element.php:62
actionelementor/editor/templates/panel/categoryclass\elements\class-element.php:63
filterjkit_faq_schema_seo_dataclass\elements\views\class-accordion-view.php:23
filternav_menu_item_argsclass\elements\views\class-nav-menu-view.php:33
filternav_menu_css_classclass\elements\views\class-nav-menu-view.php:34
filterwalker_nav_menu_start_elclass\elements\views\class-nav-menu-view.php:35
filtercomment_form_default_fieldsclass\elements\views\class-post-comment-view.php:22
filtercomments_openclass\elements\views\class-post-comment-view.php:25
filterjeg_default_query_argsclass\elements\views\class-view-abstract.php:562
actionafter_setup_themeclass\options\class-options.php:77
filteradd_post_metadataclass\options\class-options.php:78
filterupdate_post_metadataclass\options\class-options.php:79
actionwpclass\templates\class-template.php:50
filtertemplate_includeclass\templates\class-template.php:52
actionwp_enqueue_scriptsclass\templates\class-template.php:55
actionget_headerclass\templates\class-template.php:116
actionjkit_headerclass\templates\class-template.php:117
actionget_footerclass\templates\class-template.php:121
actionjkit_footerclass\templates\class-template.php:122
actioninitclass\wizard\class-wizard.php:38
filtershow_admin_barclass\wizard\class-wizard.php:67
actionwp_headclass\wizard\class-wizard.php:76
actionwp_headclass\wizard\class-wizard.php:77
actionwp_headclass\wizard\class-wizard.php:78
actionwp_headclass\wizard\class-wizard.php:79
actionwp_footerclass\wizard\class-wizard.php:82
actionwp_footerclass\wizard\class-wizard.php:83
filterwp_enqueue_scriptsclass\wizard\class-wizard.php:87
actionwp_enqueue_scriptsclass\wizard\class-wizard.php:88
filtersafe_style_csshelper.php:826
filterwp_kses_allowed_htmlhelper.php:844
filterplugin_row_metahelper.php:1266
actionwp_footerhelper.php:1433
actionplugins_loadedjeg-elementor-kit.php:24
actionupgrader_process_completejeg-elementor-kit.php:92
actionupgrader_overwrote_packagejeg-elementor-kit.php:109
Maintenance & Trust

Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 2, 2026
PHP min version7.4
Downloads3.4M

Community Trust

Rating76/100
Number of ratings74
Active installs400K
Alternatives

Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress Alternatives

Balcomsoft Elementor Addons

Balcomsoft Elementor Addons

balcomsoft-elementor-addons

A
100

Minimum Requirements WordPress 4.4 or greater WooCommerce 3.0.0 or greater Elementor 3.8.0 or greater Visit the Elementor server requirements docu &hellip;

0 No CVEs
Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs
Premium Addons for Elementor – Powerful Elementor Templates & Widgets

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

A
95

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 35 CVEs
Royal Addons for Elementor – Addons and Templates Kit for Elementor

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

C
50

Elementor templates, Header footer builder, Elementor Post Grid, Woocommerce Grid builder, Slider, Forms, Gallery, Nav menu addons, Elementor widgets.

600K 1 unpatched
Unlimited Elements For Elementor

Unlimited Elements For Elementor

unlimited-elements-for-elementor

B
76

Elementor all-in-one addons pack with the best widgets for Elementor, offering 100+ free widgets, templates, and tools to create stunning websites!

300K 29 CVEs
Developer Profile

Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress Developer Profile

jegtheme

1 plugin · 400K total installs

82
trust score
Avg Security Score
92/100
Avg Patch Time
64 days
View full developer profile
Detection Fingerprints

How We Detect Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/jeg-elementor-kit/assets/css/admin/notice-banner.css/wp-content/plugins/jeg-elementor-kit/assets/js/admin/notice-banner.js
Script Paths
/wp-content/plugins/jeg-elementor-kit/assets/js/admin/notice-banner.js
Version Parameters
jeg-elementor-kit/assets/css/admin/notice-banner.css?ver=jeg-elementor-kit/assets/js/admin/notice-banner.js?ver=

HTML / DOM Fingerprints

CSS Classes
jkit-notice-banner
Data Attributes
data-action="jkit_notice_banner_close"data-action="jkit_notice_banner_review"data-action="jkit_notice_banner_upgrade_close"
JS Globals
JEG_ELEMENTOR_KIT_URLJEG_ELEMENTOR_KIT_VERSION
FAQ

Frequently Asked Questions about Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress