WP-Safety

Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress Security & Risk Analysis

wordpress.org/plugins/jeg-elementor-kit

Extend Elementor with 68+ widgets, 114 prebuilt demos, Mega Menu Builder, Theme Builder, and advanced interactive effects.

400K active installs v3.0.3 PHP 7.4+ WP 5.0+ Updated Feb 2, 2026
addonselementorelementstemplateswidgets
92
A · Safe
CVEs total18
Unpatched0
Last CVEMay 1, 2026
Plugin page Download
Safety Verdict

Is Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress Safe to Use in 2026?

Generally Safe

Score 92/100

Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

18 known CVEsLast CVE: May 1, 2026Updated 3mo ago
Risk Assessment

The static analysis of jeg-elementor-kit v3.0.3 reveals a mixed security posture. On the positive side, the plugin demonstrates good practices by exclusively using prepared statements for its SQL queries and maintaining a high percentage of properly escaped output. It also has no identified critical or high severity taint flows, indicating a generally good approach to handling user input in terms of preventing direct code injection or manipulation of sensitive operations. The absence of bundled libraries and a relatively low number of file operations and external HTTP requests are also favorable security indicators.

Key Concerns

  • Unprotected AJAX handlers present
  • Significant vulnerability history
  • 1 high severity vulnerability historically
  • 16 medium severity vulnerabilities historically
  • 4 unsanitized path taint flows
  • Limited capability checks
  • Limited nonce checks
Vulnerabilities
18 published

Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress Security Vulnerabilities

CVEs by Year

2 CVEs in 2022
2022
11 CVEs in 2024
2024
3 CVEs in 2025
2025
2 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

High
1
Medium
17

18 total CVEs

CVE-2026-6916medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Kit for Elementor <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sg_content_number_prefix' Shortcode Attribute

May 1, 2026 Patched in 3.1.1 (1d)
CVE-2025-14275medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Elementor Kit <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

Jan 7, 2026 Patched in 3.0.2 (1d)
CVE-2025-9978medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Kit for Elementor – Powerful Elementor Addons, Widgets & Templates for WordPress < 2.6.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG

Oct 3, 2025 Patched in 2.7.0 (26d)
CVE-2025-2944medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Elementor Kit <= 2.6.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Button and Countdown Widgets

May 9, 2025 Patched in 2.6.13 (1d)
CVE-2024-13217medium · 4.3Exposure of Private Personal Information to an Unauthorized Actor

Jeg Elementor Kit <= 2.6.11 - Authenticated (Contributor+) Sensitive Information Exposure via Countdown and Off-Canvas

Feb 26, 2025 Patched in 2.6.12 (1d)
CVE-2024-8899medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

Jeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Sensitive Information Exposure via sg_content_template

Nov 25, 2024 Patched in 2.6.10 (1d)
CVE-2024-10308medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Countdown Widget

Nov 25, 2024 Patched in 2.6.10 (1d)
CVE-2024-47390medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Elementor Kit <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 30, 2024 Patched in 2.6.9 (11d)
CVE-2024-6804medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Elementor Kit <= 2.6.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File

Aug 26, 2024 Patched in 2.6.8 (1d)
CVE-2024-4479medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Elementor Kit <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Tabs and JKit - Accordion Widgets

Jun 14, 2024 Patched in 2.6.6 (1d)
CVE-2024-3161medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

Apr 30, 2024 Patched in 2.6.5 (3d)
CVE-2024-0334medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Cross-Site Scripting via Elementor Widget URL Custom Attributes

Apr 30, 2024 Patched in 2.6.5 (91d)
CVE-2024-3819medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Banner

Apr 26, 2024 Patched in 2.6.5 (7d)
CVE-2024-1327medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box

Apr 2, 2024 Patched in 2.6.4 (1d)
CVE-2024-3162medium · 6.4Improper Neutralization of Alternate XSS Syntax

Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial

Apr 2, 2024 Patched in 2.6.4 (28d)
CVE-2024-1326medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jeg Elementor Kit <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags

Feb 27, 2024 Patched in 2.6.3 (23d)
CVE-2022-3794medium · 5.4Authorization Bypass Through User-Controlled Key

Jeg Elementor Kit <= 2.5.6 - Authorization Bypass

Nov 4, 2022 Patched in 2.5.7 (445d)
CVE-2022-3805high · 8.6Authorization Bypass Through User-Controlled Key

Jeg Elementor Kit <= 2.5.6 - Unauthenticated Authorization Bypass

Nov 4, 2022 Patched in 2.5.7 (445d)
Version History

Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress Release Timeline

v3.0.3Current1 CVE23 files changed
CVE-2026-6916
v3.0.21 CVE63 files changed
CVE-2026-6916
v3.0.12 CVEs8 files changed
CVE-2025-14275 CVE-2026-6916
v3.0.02 CVEs176 files changed
CVE-2025-14275 CVE-2026-6916
v2.7.02 CVEs149 files changed
CVE-2025-14275 CVE-2026-6916
v2.6.143 CVEs8 files changed
CVE-2025-9978 CVE-2025-14275 CVE-2026-6916
v2.6.133 CVEs20 files changed
CVE-2025-9978 CVE-2025-14275 CVE-2026-6916
v2.6.124 CVEs18 files changed
CVE-2025-9978 CVE-2025-2944 CVE-2025-14275 +1 more
v2.6.115 CVEs4 files changed
CVE-2025-9978 CVE-2024-13217 CVE-2025-2944 +2 more
v2.6.105 CVEs45 files changed
CVE-2025-9978 CVE-2024-13217 CVE-2025-2944 +2 more
v2.6.97 CVEs26 files changed
CVE-2025-9978 CVE-2024-13217 CVE-2024-8899 +4 more
v2.6.88 CVEs43 files changed
CVE-2025-9978 CVE-2024-13217 CVE-2024-8899 +5 more
v2.6.79 CVEs3 files changed
CVE-2025-9978 CVE-2024-13217 CVE-2024-8899 +6 more
v2.6.69 CVEs18 files changed
CVE-2025-9978 CVE-2024-13217 CVE-2024-8899 +6 more
v2.6.510 CVEs9 files changed
CVE-2025-9978 CVE-2024-13217 CVE-2024-8899 +7 more
v2.6.413 CVEs9 files changed
CVE-2025-9978 CVE-2024-13217 CVE-2024-3819 +10 more
v2.6.315 CVEs65 files changed
CVE-2025-9978 CVE-2024-13217 CVE-2024-1327 +12 more
v2.6.216 CVEs41 files changed
CVE-2025-9978 CVE-2024-13217 CVE-2024-1327 +13 more
v2.6.116 CVEs12 files changed
CVE-2025-9978 CVE-2024-13217 CVE-2024-1327 +13 more
v2.6.016 CVEs
CVE-2025-9978 CVE-2024-13217 CVE-2024-1327 +13 more
Code Analysis
Analyzed Mar 16, 2026

Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
21 prepared
Unescaped Output
22
560 escaped
Nonce Checks
4
Capability Checks
20
File Operations
1
External Requests
14
Bundled Libraries
0

SQL Query Safety

100% prepared21 total queries

Output Escaping

96% escaped582 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
admin_ajax_parse_request (class\ajax\class-ajax.php:127)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress Attack Surface

Entry Points12
Unprotected3

AJAX Handlers 12

authwp_ajax_jkit_create_elementclass\ajax\class-ajax.php:76
authwp_ajax_jkit_delete_elementclass\ajax\class-ajax.php:77
authwp_ajax_jkit_update_sequenceclass\ajax\class-ajax.php:78
authwp_ajax_jkit_clone_elementclass\ajax\class-ajax.php:79
authwp_ajax_jkit_detail_elementclass\ajax\class-ajax.php:80
authwp_ajax_jkit_update_elementclass\ajax\class-ajax.php:81
authwp_ajax_jkit_find_taxonomyclass\ajax\class-ajax.php:83
authwp_ajax_jkit_find_authorclass\ajax\class-ajax.php:84
authwp_ajax_jkit_find_posts_objectclass\ajax\class-ajax.php:85
authwp_ajax_jkit_notice_banner_closeclass\banner\class-banner.php:57
authwp_ajax_jkit_notice_banner_reviewclass\banner\class-banner.php:58
authwp_ajax_jkit_notice_banner_upgrade_closeclass\banner\class-banner.php:59
WordPress Hooks 68
actionrest_api_initclass\admin\class-api.php:66
filterwp_doing_ajaxclass\admin\class-api.php:76
filterhttp_request_host_is_externalclass\admin\class-api.php:1293
filterhttp_request_host_is_externalclass\admin\class-api.php:1328
filterhttp_request_argsclass\admin\class-api.php:2679
actionparse_requestclass\ajax\class-ajax.php:71
filterquery_varsclass\ajax\class-ajax.php:72
actionparse_requestclass\ajax\class-ajax.php:74
filterwp_doing_ajaxclass\ajax\class-ajax.php:108
filterwp_doing_ajaxclass\ajax\class-ajax.php:129
filterjeg_register_elementsclass\ajax\class-ajax.php:189
filterposts_whereclass\ajax\class-ajax.php:364
actionin_admin_headerclass\banner\class-banner.php:53
actionadmin_noticesclass\banner\class-banner.php:55
actionadmin_enqueue_scriptsclass\banner\class-banner.php:60
filterelementor/fonts/additional_fontsclass\class-fonts.php:62
filterbody_classclass\class-init.php:60
actionafter_setup_themeclass\class-init.php:62
actioninitclass\dashboard\class-dashboard.php:170
actionadmin_menuclass\dashboard\class-dashboard.php:172
actionadmin_menuclass\dashboard\class-dashboard.php:173
actionadmin_bar_menuclass\dashboard\class-dashboard.php:174
actionadmin_enqueue_scriptsclass\dashboard\class-dashboard.php:176
actionwizard_enqueue_scriptsclass\dashboard\class-dashboard.php:177
actionelementor/initclass\elements\class-element.php:54
filterjeg_register_elementsclass\elements\class-element.php:55
filterelementor/widgets/registerclass\elements\class-element.php:56
actionelementor/element/common/_section_style/after_section_endclass\elements\class-element.php:57
actionelementor/element/column/section_advanced/after_section_endclass\elements\class-element.php:58
actionelementor/element/section/section_advanced/after_section_endclass\elements\class-element.php:59
actionelementor/element/container/section_layout/after_section_endclass\elements\class-element.php:60
actionelementor/elements/categories_registeredclass\elements\class-element.php:61
filterelementor/editor/localize_settingsclass\elements\class-element.php:62
actionelementor/editor/templates/panel/categoryclass\elements\class-element.php:63
filterjkit_faq_schema_seo_dataclass\elements\views\class-accordion-view.php:23
filternav_menu_item_argsclass\elements\views\class-nav-menu-view.php:33
filternav_menu_css_classclass\elements\views\class-nav-menu-view.php:34
filterwalker_nav_menu_start_elclass\elements\views\class-nav-menu-view.php:35
filtercomment_form_default_fieldsclass\elements\views\class-post-comment-view.php:22
filtercomments_openclass\elements\views\class-post-comment-view.php:25
filterjeg_default_query_argsclass\elements\views\class-view-abstract.php:562
actionafter_setup_themeclass\options\class-options.php:77
filteradd_post_metadataclass\options\class-options.php:78
filterupdate_post_metadataclass\options\class-options.php:79
actionwpclass\templates\class-template.php:50
filtertemplate_includeclass\templates\class-template.php:52
actionwp_enqueue_scriptsclass\templates\class-template.php:55
actionget_headerclass\templates\class-template.php:116
actionjkit_headerclass\templates\class-template.php:117
actionget_footerclass\templates\class-template.php:121
actionjkit_footerclass\templates\class-template.php:122
actioninitclass\wizard\class-wizard.php:38
filtershow_admin_barclass\wizard\class-wizard.php:67
actionwp_headclass\wizard\class-wizard.php:76
actionwp_headclass\wizard\class-wizard.php:77
actionwp_headclass\wizard\class-wizard.php:78
actionwp_headclass\wizard\class-wizard.php:79
actionwp_footerclass\wizard\class-wizard.php:82
actionwp_footerclass\wizard\class-wizard.php:83
filterwp_enqueue_scriptsclass\wizard\class-wizard.php:87
actionwp_enqueue_scriptsclass\wizard\class-wizard.php:88
filtersafe_style_csshelper.php:826
filterwp_kses_allowed_htmlhelper.php:844
filterplugin_row_metahelper.php:1266
actionwp_footerhelper.php:1433
actionplugins_loadedjeg-elementor-kit.php:24
actionupgrader_process_completejeg-elementor-kit.php:92
actionupgrader_overwrote_packagejeg-elementor-kit.php:109
Maintenance & Trust

Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 2, 2026
PHP min version7.4
Downloads3.4M

Community Trust

Rating76/100
Number of ratings74
Active installs400K
Alternatives

Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress Alternatives

Balcomsoft Elementor Addons

Balcomsoft Elementor Addons

balcomsoft-elementor-addons

A
85

Minimum Requirements WordPress 4.4 or greater WooCommerce 3.0.0 or greater Elementor 3.8.0 or greater Visit the Elementor server requirements docu &hellip;

0 No CVEs
Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 59 CVEs
Premium Addons for Elementor – Powerful Elementor Templates & Widgets

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

A
95

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 36 CVEs
Royal Addons for Elementor – Addons and Templates Kit for Elementor

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

B
82

Elementor templates, Header footer builder, Elementor Post Grid, Woocommerce Grid builder, Slider, Forms, Gallery, Nav menu addons, Elementor widgets.

600K 76 CVEs
Unlimited Elements For Elementor

Unlimited Elements For Elementor

unlimited-elements-for-elementor

B
76

Elementor all-in-one addons pack with the best widgets for Elementor, offering 100+ free widgets, templates, and tools to create stunning websites!

300K 31 CVEs
Developer Profile

Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress Developer Profile

jegtheme

1 plugin · 400K total installs

82
trust score
Avg Security Score
92/100
Avg Patch Time
60 days
View full developer profile
Detection Fingerprints

How We Detect Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/jeg-elementor-kit/assets/css/admin/notice-banner.css/wp-content/plugins/jeg-elementor-kit/assets/js/admin/notice-banner.js
Script Paths
/wp-content/plugins/jeg-elementor-kit/assets/js/admin/notice-banner.js
Version Parameters
jeg-elementor-kit/assets/css/admin/notice-banner.css?ver=jeg-elementor-kit/assets/js/admin/notice-banner.js?ver=

HTML / DOM Fingerprints

CSS Classes
jkit-notice-banner
Data Attributes
data-action="jkit_notice_banner_close"data-action="jkit_notice_banner_review"data-action="jkit_notice_banner_upgrade_close"
JS Globals
JEG_ELEMENTOR_KIT_URLJEG_ELEMENTOR_KIT_VERSION
FAQ

Frequently Asked Questions about Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress