WP-Safety

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) Security & Risk Analysis

wordpress.org/plugins/magical-addons-for-elementor

60+ widgets, 100+ sections, 1600+ icons, GSAP animations, custom CSS/code, conditional display, header/footer builder & role manager

5K active installs v1.4.3 PHP 5.6+ WP 5.0+ Updated Mar 11, 2026
elementorelementor-addonselementor-widgetpage-buildertemplate-library
96
A · Safe
CVEs total9
Unpatched0
Last CVEJul 28, 2025
Plugin page Download
Safety Verdict

Is Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) Safe to Use in 2026?

Generally Safe

Score 96/100

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) has a strong security track record. Known vulnerabilities have been patched promptly.

9 known CVEsLast CVE: Jul 28, 2025Updated 23d ago
Risk Assessment

The plugin 'magical-addons-for-elementor' v1.4.3 presents a mixed security profile. On one hand, the static analysis indicates good practices in several areas. Notably, there are no detected dangerous functions, all SQL queries utilize prepared statements, and file operations are absent. The plugin also demonstrates a strong adherence to security by including nonce and capability checks for its entry points and performing proper output escaping on a high percentage of outputs. The taint analysis shows no critical or high severity unsanitized flows, which is a positive sign.

However, a significant concern arises from the plugin's historical vulnerability data. The presence of nine known medium-severity CVEs, even though none are currently unpatched, suggests a recurring pattern of security weaknesses. The common vulnerability types identified (Exposure of Sensitive Information, SSRF, and XSS) are serious and could lead to significant compromise if exploited. While the current version shows improvements and a lack of critical issues, the history indicates a need for ongoing vigilance and robust testing to prevent recurrence.

In conclusion, while v1.4.3 has made strides in securing its codebase with proper checks and sanitization for its current entry points, its past vulnerability record is a red flag. The plugin appears to have a history of issues that, while not critical in this specific version, could still pose risks if not thoroughly addressed in future development and auditing. The presence of external HTTP requests also warrants careful monitoring for potential SSRF vulnerabilities, despite the current taint analysis results.

Key Concerns

  • History of 9 medium CVEs
  • External HTTP requests present
Vulnerabilities
9

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) Security Vulnerabilities

CVEs by Year

8 CVEs in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
9

9 total CVEs

CVE-2025-8196medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Magical Addons For Elementor <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes

Jul 28, 2025 Patched in 1.3.9 (1d)
CVE-2024-54212medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Magical Addons For Elementor <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 2, 2024 Patched in 1.3.7 (158d)
CVE-2024-10352medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

Magical Addons For Elementor <= 1.2.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template

Nov 8, 2024 Patched in 1.2.5 (1d)
CVE-2024-51665medium · 6.4Server-Side Request Forgery (SSRF)

Magical Addons For Elementor <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery

Nov 1, 2024 Patched in 1.2.3 (6d)
CVE-2024-38730medium · 6.4Server-Side Request Forgery (SSRF)

Magical Addons For Elementor <= 1.1.41 - Authenticated (Subscriber+) Server-Side Request Forgery

Jul 11, 2024 Patched in 1.1.42 (8d)
CVE-2024-38681medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Magical Addons For Elementor <= 1.1.41 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 10, 2024 Patched in 1.1.42 (23d)
CVE-2024-5161medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Magical Addons For Elementor <= 1.1.39 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 5, 2024 Patched in 1.1.40 (1d)
CVE-2024-34547medium · 4.3Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) <= 1.1.34 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 7, 2024 Patched in 1.1.35 (9d)
CVE-2024-2923medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) <= 1.1.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Effect Widget

May 6, 2024 Patched in 1.1.38 (4d)
Code Analysis
Analyzed Mar 16, 2026

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
185
700 escaped
Nonce Checks
11
Capability Checks
9
File Operations
0
External Requests
3
Bundled Libraries
0

Output Escaping

79% escaped885 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
mg_mc_form (includes\functions.php:496)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 5

authwp_ajax_magical_dismiss_reviewincludes\admin\helper\admin-info.php:17
authwp_ajax_mg_dismiss_gsap_noticeincludes\basic\mg-admin-notice.php:55
authwp_ajax_magical_save_role_managerincludes\extra\role-manager\role-manager.php:56
authwp_ajax_mg_mc_formincludes\functions.php:550
noprivwp_ajax_mg_mc_formincludes\functions.php:551
WordPress Hooks 77
actionadmin_initincludes\admin\admin-page.php:18
actionadmin_menuincludes\admin\admin-page.php:19
actionadmin_enqueue_scriptsincludes\admin\admin-page.php:20
actionrest_api_initincludes\admin\class-rest-api.php:38
actionadmin_initincludes\admin\class-settings-defaults.php:24
actionelementor/tracker/send_eventincludes\admin\helper\activation.php:13
actioninitincludes\admin\helper\activation.php:14
actionadmin_noticesincludes\admin\helper\admin-info.php:13
actionadmin_noticesincludes\admin\helper\admin-info.php:14
actioninitincludes\admin\helper\admin-info.php:15
actionadmin_enqueue_scriptsincludes\admin\helper\admin-info.php:16
actionwp_enqueue_scriptsincludes\basic\assets-managment.php:19
actionelementor/frontend/after_enqueue_scriptsincludes\basic\assets-managment.php:20
actionelementor/editor/after_enqueue_stylesincludes\basic\assets-managment.php:21
actionelementor/editor/before_enqueue_scriptsincludes\basic\assets-managment.php:22
actionadmin_noticesincludes\basic\mg-admin-notice.php:38
actionadmin_noticesincludes\basic\mg-admin-notice.php:43
actionadmin_noticesincludes\basic\mg-admin-notice.php:49
actionadmin_noticesincludes\basic\mg-admin-notice.php:53
actionadmin_enqueue_scriptsincludes\basic\mg-admin-notice.php:54
actionelementor/frontend/after_enqueue_stylesincludes\basic\style-script.php:11
actionelementor/frontend/after_enqueue_scriptsincludes\basic\style-script.php:12
actionadmin_enqueue_scriptsincludes\basic\style-script.php:13
actionelementor/preview/enqueue_stylesincludes\basic\style-script.php:15
actionelementor/element/common/_section_style/after_section_endincludes\extra\conditional-display\condition-display-field.php:38
actionelementor/element/section/section_advanced/after_section_endincludes\extra\conditional-display\condition-display-field.php:41
actionelementor/element/column/section_advanced/after_section_endincludes\extra\conditional-display\condition-display-field.php:42
actionelementor/frontend/widget/before_renderincludes\extra\conditional-display\conditional-display.php:42
actionelementor/frontend/section/before_renderincludes\extra\conditional-display\conditional-display.php:43
actionelementor/frontend/column/before_renderincludes\extra\conditional-display\conditional-display.php:44
filterelementor/widget/render_contentincludes\extra\conditional-display\conditional-display.php:83
filterelementor/section/render_contentincludes\extra\conditional-display\conditional-display.php:97
filterelementor/column/render_contentincludes\extra\conditional-display\conditional-display.php:111
actionelementor/element/after_section_endincludes\extra\custom-attribute.php:18
actionelementor/frontend/before_renderincludes\extra\custom-attribute.php:21
actionelementor/initincludes\extra\custom-attribute.php:195
actionadd_meta_boxesincludes\extra\custom-code\custom-code-meta.php:31
actionsave_postincludes\extra\custom-code\custom-code-meta.php:32
actioninitincludes\extra\custom-code\custom-code.php:40
actionadmin_menuincludes\extra\custom-code\custom-code.php:41
actionadmin_enqueue_scriptsincludes\extra\custom-code\custom-code.php:42
actionwp_headincludes\extra\custom-code\custom-code.php:45
actionwp_footerincludes\extra\custom-code\custom-code.php:46
actionwp_body_openincludes\extra\custom-code\custom-code.php:47
actionelementor/element/section/section_advanced/after_section_endincludes\extra\customcss.php:10
actionelementor/element/column/section_advanced/after_section_endincludes\extra\customcss.php:11
actionelementor/element/common/_section_style/after_section_endincludes\extra\customcss.php:12
actionelementor/element/container/section_layout/after_section_endincludes\extra\customcss.php:14
actionelementor/frontend/after_enqueue_stylesincludes\extra\customcss.php:17
actionelementor/editor/after_enqueue_scriptsincludes\extra\customcss.php:20
actionelementor/preview/enqueue_stylesincludes\extra\customcss.php:23
actionelementor/element/common/_section_style/after_section_endincludes\extra\gsap-animations\gsap-animations.php:49
actionelementor/element/section/section_advanced/after_section_endincludes\extra\gsap-animations\gsap-animations.php:50
actionelementor/element/column/section_advanced/after_section_endincludes\extra\gsap-animations\gsap-animations.php:51
actionelementor/element/container/section_layout/after_section_endincludes\extra\gsap-animations\gsap-animations.php:52
actionelementor/frontend/before_renderincludes\extra\gsap-animations\gsap-animations.php:55
actionwp_enqueue_scriptsincludes\extra\gsap-animations\gsap-animations.php:58
actionelementor/editor/after_enqueue_scriptsincludes\extra\gsap-animations\gsap-animations.php:61
actionelementor/editor/after_enqueue_scriptsincludes\extra\gsap-animations\gsap-animations.php:64
actionelementor/preview/enqueue_scriptsincludes\extra\gsap-animations\gsap-animations.php:67
actionwp_footerincludes\extra\gsap-animations\gsap-animations.php:70
actionelementor/initincludes\extra\gsap-animations\gsap-animations.php:1521
actioninitincludes\extra\role-manager\role-manager.php:52
actionadmin_enqueue_scriptsincludes\extra\role-manager\role-manager.php:55
actionactivated_pluginincludes\functions.php:193
actionelementor/frontend/after_register_stylesincludes\lions-icons.php:28
actionelementor/frontend/after_enqueue_stylesincludes\lions-icons.php:29
actionelementor/editor/after_enqueue_stylesincludes\lions-icons.php:30
filterelementor/icons_manager/additional_tabsincludes\lions-icons.php:33
actionelementor/widgets/registerincludes\magical-init-widgets.php:11
filterelementor/editor/localize_settingsincludes\pro-widgets.php:15
actionelementor/editor/after_enqueue_scriptsincludes\pro-widgets.php:16
actionplugins_loadedmagical-addons-for-elementor.php:118
actioninitmagical-addons-for-elementor.php:141
actionelementor/elements/categories_registeredmagical-addons-for-elementor.php:268
actionelementor/editor/after_enqueue_stylesmagical-addons-for-elementor.php:269
actionelementor/preview/enqueue_stylesmagical-addons-for-elementor.php:270
Maintenance & Trust

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 11, 2026
PHP min version5.6
Downloads254K

Community Trust

Rating92/100
Number of ratings11
Active installs5K
Alternatives

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) Alternatives

HT Mega Addons for Elementor – Elementor Widgets & Template Builder

HT Mega Addons for Elementor – Elementor Widgets & Template Builder

ht-mega-for-elementor

B
82

Elementor addon offering 135+ widgets — Mega Menu, Ready Templates, Page Builder, Slider, Gallery, Post Grid, AI Writer & more.

80K 32 CVEs
Livemesh Addons by Elementor

Livemesh Addons by Elementor

addons-for-elementor

A
94

Elementor Addons that saves time with multiple ready-to-use drag and drop styles for 30+ essential widgets built for Elementor page builder.

40K 18 CVEs
Move Addons for Elementor

Move Addons for Elementor

move-addons

A
97

Move Addons is a WordPress plugin for Elementor page builder, is a powerful tool that helps you to make almost every possible customization to your we &hellip;

3K 8 CVEs
WPBITS Addons For Elementor Page Builder

WPBITS Addons For Elementor Page Builder

wpbits-addons-for-elementor

A
95

Addons for Elementor Page Builder.

2K 7 CVEs
SKT Addons for Elementor

SKT Addons for Elementor

skt-addons-for-elementor

A
94

SKT Addons for Elementor is one of the great Elementor Addons which comes With 123 completely Free Elementor Widgets including Business hour, image gr &hellip;

1K 7 CVEs
Developer Profile

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) Developer Profile

Noor Alam

102 plugins · 29K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
233 days
View full developer profile
Detection Fingerprints

How We Detect Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/magical-addons-for-elementor/assets/css/magical-addons-for-elementor.css/wp-content/plugins/magical-addons-for-elementor/assets/css/frontend.css/wp-content/plugins/magical-addons-for-elementor/assets/js/elementor-frontend.js/wp-content/plugins/magical-addons-for-elementor/assets/js/frontend.js/wp-content/plugins/magical-addons-for-elementor/assets/js/vendors/slick.min.js/wp-content/plugins/magical-addons-for-elementor/assets/js/vendors/isotope.pkgd.min.js/wp-content/plugins/magical-addons-for-elementor/assets/js/vendors/isotope.pkgd.min.js/wp-content/plugins/magical-addons-for-elementor/assets/js/vendors/isotope.pkgd.min.js+24 more
Script Paths
elementor-frontend.jsfrontend.jsvendors/slick.min.jsvendors/isotope.pkgd.min.jsvendors/wow.min.jsvendors/magnific-popup.js+16 more
Version Parameters
magical-addons-for-elementor/assets/css/magical-addons-for-elementor.css?ver=magical-addons-for-elementor/assets/css/frontend.css?ver=magical-addons-for-elementor/assets/js/elementor-frontend.js?ver=magical-addons-for-elementor/assets/js/frontend.js?ver=magical-addons-for-elementor/assets/js/vendors/slick.min.js?ver=magical-addons-for-elementor/assets/js/vendors/isotope.pkgd.min.js?ver=magical-addons-for-elementor/assets/js/vendors/wow.min.js?ver=magical-addons-for-elementor/assets/js/vendors/magnific-popup.js?ver=magical-addons-for-elementor/assets/js/vendors/waypoints.min.js?ver=magical-addons-for-elementor/assets/js/vendors/counterup.min.js?ver=magical-addons-for-elementor/assets/js/vendors/particles.min.js?ver=magical-addons-for-elementor/assets/js/vendors/tilt.jquery.min.js?ver=magical-addons-for-elementor/assets/js/vendors/typed.js?ver=magical-addons-for-elementor/assets/js/vendors/splitting.min.js?ver=magical-addons-for-elementor/assets/js/vendors/TweenMax.min.js?ver=magical-addons-for-elementor/assets/js/vendors/MorphSVGPlugin.min.js?ver=magical-addons-for-elementor/assets/js/vendors/DrawSVGPlugin.min.js?ver=magical-addons-for-elementor/assets/js/vendors/ScrollTrigger.min.js?ver=magical-addons-for-elementor/assets/js/vendors/swiper.min.js?ver=magical-addons-for-elementor/assets/js/vendors/lottie.min.js?ver=magical-addons-for-elementor/assets/js/vendors/rellax.min.js?ver=magical-addons-for-elementor/assets/js/vendors/aos.js?ver=magical-addons-for-elementor/assets/js/vendors/appear.min.js?ver=magical-addons-for-elementor/assets/js/vendors/anime.min.js?ver=magical-addons-for-elementor/assets/js/elementor-widgets.js?ver=magical-addons-for-elementor/assets/css/elementor-widgets.css?ver=magical-addons-for-elementor/assets/css/vendors/magnific-popup.css?ver=magical-addons-for-elementor/assets/css/vendors/slick.css?ver=magical-addons-for-elementor/assets/css/vendors/slick-theme.css?ver=magical-addons-for-elementor/assets/css/vendors/aos.css?ver=

HTML / DOM Fingerprints

CSS Classes
magical-addons-for-elementormagical-addons-for-elementor-widgetmagical-addons-for-elementor-pro-widget
HTML Comments
<!-- Magical Addons For Elementor Addons --><!-- ./Magical Addons For Elementor Addons -->
Data Attributes
data-wow-durationdata-wow-delaydata-tiltdata-tilt-maxdata-aosdata-aos-duration+3 more
JS Globals
MagicalAddonsmgAddons
REST Endpoints
/wp-json/magical-addons-for-elementor/v1/settings
FAQ

Frequently Asked Questions about Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )