WP-Safety

MAS Elementor Security & Risk Analysis

wordpress.org/plugins/mas-addons-for-elementor

MAS Elementor is a free plugin. It is the addon for Elementor Plugin

1K active installs v1.2.2 PHP 7.4+ WP 6.3+ Updated Nov 17, 2025
carouselnav-menupostsproductstabs
99
A · Safe
CVEs total2
Unpatched0
Last CVEJan 7, 2025
Plugin page Download
Safety Verdict

Is MAS Elementor Safe to Use in 2026?

Generally Safe

Score 99/100

MAS Elementor has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 7, 2025Updated 4mo ago
Risk Assessment

The "mas-addons-for-elementor" plugin v1.2.2 exhibits a mixed security posture. On the positive side, the code demonstrates good practices with 100% of SQL queries using prepared statements and a high percentage (85%) of output being properly escaped. The absence of critical or high severity taint flows is also a positive indicator. However, several areas raise concerns. A significant attack surface exists with 3 out of 7 total entry points lacking authentication checks. This could allow unauthorized users to trigger plugin functionality. The plugin has a history of medium severity vulnerabilities, specifically Cross-Site Scripting (XSS) issues, with the most recent one documented in early 2025, suggesting a pattern of past weaknesses in input sanitization or output escaping. Despite having some nonce and capability checks, the presence of unprotected AJAX handlers is a notable weakness.

In conclusion, while the plugin shows strengths in database query handling and general output escaping, the unprotected AJAX endpoints present a tangible risk. The past prevalence of XSS vulnerabilities, even if currently patched, indicates a need for continued vigilance. The overall risk is moderate due to the combination of a potentially exploitable attack surface and a history of input validation issues.

Key Concerns

  • Unprotected AJAX handlers present
  • History of medium severity XSS vulnerabilities
  • Some output not properly escaped
Vulnerabilities
2

MAS Elementor Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-12328medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MAS Elementor <= 1.1.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG

Jan 7, 2025 Patched in 1.1.8 (1d)
CVE-2024-49233medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MAS Elementor <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 14, 2024 Patched in 1.1.7 (5d)
Code Analysis
Analyzed Mar 16, 2026

MAS Elementor Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
97
548 escaped
Nonce Checks
9
Capability Checks
11
File Operations
1
External Requests
5
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

85% escaped645 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
mas_live_search_jobs_suggest (modules\jobs-filter\module.php:109)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

MAS Elementor Attack Surface

Entry Points7
Unprotected3

AJAX Handlers 5

authwp_ajax_mas_live_search_jobs_suggestmodules\jobs-filter\module.php:72
noprivwp_ajax_mas_live_search_jobs_suggestmodules\jobs-filter\module.php:73
authwp_ajax_mas_premium_get_templatestemplates\classes\manager.php:37
authwp_ajax_mas_premium_inner_templatetemplates\classes\manager.php:38
authwp_ajax_elementor_get_template_datatemplates\classes\manager.php:43

Shortcodes 2

[portfolio] portfolio\modules\classes\class-mas-jetpack-portfolio.php:90
[jetpack_portfolio] portfolio\modules\classes\class-mas-jetpack-portfolio.php:91
WordPress Hooks 203
filterwp_nav_menu_argsclasses\class-wp-bootstrap-navwalker.php:42
actionelementor/elements/categories_registeredcore\modules-manager.php:90
actionadmin_noticesmas-elementor.php:50
actionadmin_noticesmas-elementor.php:57
actionadmin_noticesmas-elementor.php:64
actionplugins_loadedmas-elementor.php:70
actionplugins_loadedmas-elementor.php:71
actionelementor/widget/accordion/before_render_contentmodules\accordion\module.php:50
actionelementor/element/accordion/section_toggle_style_icon/before_section_endmodules\accordion\module.php:51
actionelementor/element/accordion/section_title_style/before_section_endmodules\accordion\module.php:52
actionelementor/element/accordion/section_toggle_style_title/before_section_endmodules\accordion\module.php:53
actionelementor/element/accordion/section_toggle_style_content/before_section_endmodules\accordion\module.php:54
filterelementor/accordion/print_templatemodules\accordion\module.php:55
actionelementor/element/yith_wcwl_add_to_wishlist/product_section/after_section_endmodules\add-to-wishlist\module.php:49
actionelementor/frontend/before_register_scriptsmodules\audio\module.php:54
actionelementor/frontend/before_register_stylesmodules\audio\module.php:56
actionelementor/frontend/before_register_stylesmodules\blockquote\module.php:54
actionelementor/element/button/section_style/before_section_endmodules\button\module.php:49
actionelementor/element/button/section_button/before_section_endmodules\button\module.php:50
actionelementor/frontend/widget/before_rendermodules\button\module.php:51
actionelementor/element/after_section_endmodules\carousel-attributes\module.php:994
actionelementor/frontend/section/before_rendermodules\carousel-attributes\module.php:995
actionelementor/frontend/section/after_rendermodules\carousel-attributes\module.php:996
actionelementor/frontend/column/before_rendermodules\carousel-attributes\module.php:997
actionelementor/element/column/section_advanced/before_section_endmodules\carousel-attributes\module.php:998
actionelementor/element/section/section_layout/after_section_endmodules\carousel-attributes\module.php:999
actionelementor/element/section/swiper_section_navigation/after_section_endmodules\carousel-attributes\module.php:1000
actionelementor/frontend/container/before_rendermodules\carousel-attributes\module.php:1003
actionelementor/frontend/container/after_rendermodules\carousel-attributes\module.php:1004
actionelementor/element/container/section_layout_container/after_section_endmodules\carousel-attributes\module.php:1005
actionelementor/element/container/swiper_section_navigation/after_section_endmodules\carousel-attributes\module.php:1006
actionelementor/element/container/swiper_section_navigation/after_section_endmodules\carousel-attributes\module.php:1007
actionelementor/frontend/before_enqueue_scriptsmodules\carousel-attributes\module.php:1058
actionelementor/frontend/before_enqueue_stylesmodules\carousel-attributes\module.php:1059
actionelementor/element/column/layout/before_section_startmodules\column\module.php:46
actionelementor/element/column/section_advanced/before_section_endmodules\column\module.php:47
actionelementor/element/after_add_attributesmodules\column\module.php:48
filterelementor/column/print_templatemodules\column\module.php:49
actionelementor/frontend/before_enqueue_scriptsmodules\column\module.php:50
actionelementor/frontend/before_register_scriptsmodules\countdown\module.php:54
filtersafe_style_cssmodules\countdown\module.php:55
actionelementor/widget/counter/skins_initmodules\counter\module.php:44
actionelementor/frontend/before_enqueue_scriptsmodules\counter\module.php:45
filterelementor/widget/print_templatemodules\counter\skins\skin-counter-v1.php:58
actionelementor/element/counter/section_counter/before_section_endmodules\counter\skins\skin-counter-v1.php:59
actionelementor/element/counter/section_title/after_section_endmodules\counter\skins\skin-counter-v1.php:60
actionelementor/element/counter/section_number/after_section_endmodules\counter\skins\skin-counter-v1.php:61
actionelementor/element/divider/section_divider/before_section_endmodules\divider\module.php:49
actionelementor/frontend/before_enqueue_stylesmodules\dynamic-tags\module.php:46
actionelementor/frontend/before_register_stylesmodules\episodes\module.php:63
actionelementor/frontend/before_register_scriptsmodules\forms\module.php:43
actionwp_loadedmodules\forms\module.php:44
actionwp_loadedmodules\forms\module.php:45
actionwp_loadedmodules\forms\module.php:46
actionelementor/element/icon/section_style_icon/before_section_endmodules\icon\module.php:51
filterelementor/icon/print_templatemodules\icon\module.php:52
actionelementor/element/icon-box/section_style_box/before_section_endmodules\icon-box\module.php:49
actionelementor/element/icon-list/section_icon_list/before_section_endmodules\icon-list\module.php:39
actionelementor/element/image/section_style_image/before_section_endmodules\image\module.php:49
actionelementor/element/image-box/section_style_content/before_section_endmodules\image-box\module.php:49
actionelementor/frontend/before_register_scriptsmodules\jobs-filter\module.php:71
actionelementor/frontend/before_register_stylesmodules\mas-breadcrumbs\module.php:62
filterwp_setup_nav_menu_itemmodules\mas-nav-menu\module.php:89
actionelementor/frontend/before_register_stylesmodules\mas-nav-menu\module.php:97
actionelementor/frontend/before_register_scriptsmodules\mas-nav-menu\module.php:98
actioninitmodules\mas-nav-menu\module.php:99
actionwp_nav_menu_item_custom_fieldsmodules\mas-nav-menu\module.php:101
actionwp_update_nav_menu_itemmodules\mas-nav-menu\module.php:102
filternav_menu_link_attributesmodules\mas-nav-menu\widgets\mas-nav-menu.php:875
actionelementor/frontend/before_register_stylesmodules\mas-nav-tabs\module.php:63
actionelementor/frontend/before_register_scriptsmodules\mas-nav-tabs\module.php:64
actionelementor/frontend/before_enqueue_stylesmodules\mas-overflow\module.php:50
actionelementor/frontend/section/before_rendermodules\mas-overflow\module.php:60
actionelementor/element/section/section_advanced/before_section_endmodules\mas-overflow\module.php:61
actionelementor/frontend/column/before_rendermodules\mas-overflow\module.php:64
actionelementor/element/column/section_advanced/before_section_endmodules\mas-overflow\module.php:65
actionelementor/documents/register_controlsmodules\mas-templates\module.php:56
filtertemplate_includemodules\mas-templates\module.php:57
actionelementor/frontend/before_register_stylesmodules\mas-tv-shows-episodes\module.php:63
actionelementor/frontend/before_register_stylesmodules\masvideos-genre\module.php:48
actionelementor/frontend/before_register_scriptsmodules\multipurpose-text\module.php:27
actionelementor/documents/register_controlsmodules\page-settings\module.php:56
filtermas_elementor/utils/get_public_post_typesmodules\posts\module.php:128
filterpre_handle_404modules\posts\module.php:129
actionelementor/editor/after_savemodules\posts\module.php:130
actionwp_enqueue_scriptsmodules\posts\module.php:133
actionelementor/frontend/before_register_stylesmodules\posts\module.php:134
actionpre_get_postsmodules\query-control\classes\elementor-post-query.php:84
actionpre_get_postsmodules\query-control\classes\elementor-post-query.php:90
filterfound_postsmodules\query-control\classes\elementor-post-query.php:91
actionelementor/ajax/register_actionsmodules\query-control\module.php:1202
actionelementor/controls/registermodules\query-control\module.php:1203
filtermas_elementor/editor/localize_settingsmodules\query-control\module.php:1205
actionpre_get_postsmodules\query-control\module.php:1212
filterfound_postsmodules\query-control\module.php:1213
filtercomments_templatemodules\review-form\module.php:28
actionelementor/frontend/before_register_scriptsmodules\scrollspy\module.php:47
actionelementor/frontend/section/before_rendermodules\section\module.php:49
actionelementor/element/section/section_advanced/before_section_endmodules\section\module.php:50
filterelementor/section/print_templatemodules\section\module.php:51
actionelementor/element/container/section_layout/before_section_endmodules\section\module.php:53
actionelementor/frontend/container/before_rendermodules\section\module.php:54
actionelementor/widget/shortcode/skins_initmodules\shortcode\module.php:51
actionelementor/element/testimonial/section_style_testimonial_content/before_section_endmodules\testimonial\module.php:51
actionelementor/element/video/section_video/before_section_endmodules\video\module.php:49
actionmas_elementor_shop_control_barmodules\woocommerce\classes\base-products-renderer.php:80
actionmas_elementor_shop_control_barmodules\woocommerce\classes\base-products-renderer.php:81
actionwoocommerce_before_shop_loopmodules\woocommerce\classes\base-products-renderer.php:82
actionmas_elementor_shop_control_barmodules\woocommerce\classes\base-products-renderer.php:83
filterwoocommerce_pagination_argsmodules\woocommerce\classes\base-products-renderer.php:89
actionwoocommerce_product_is_visiblemodules\woocommerce\classes\base-products-renderer.php:115
actionwoocommerce_after_shop_loopmodules\woocommerce\classes\current-query-renderer.php:111
actionwoocommerce_after_shop_loopmodules\woocommerce\classes\products-renderer.php:423
filterpost_classmodules\woocommerce\module.php:130
actionelementor/dynamic_tags/registermodules\woocommerce\module.php:435
actionelementor/frontend/before_register_stylesmodules\woocommerce\module.php:436
actionwp_enqueue_scriptsmodules\woocommerce\module.php:437
actionelementor/editor/before_enqueue_scriptsmodules\woocommerce\module.php:438
actioninitmodules\woocommerce\module.php:443
filterwoocommerce_add_to_cart_fragmentsmodules\woocommerce\module.php:447
filterwoocommerce_locate_templatemodules\woocommerce\module.php:448
filterelementor/widgets/wordpress/widget_argsmodules\woocommerce\module.php:451
actionwoocommerce_product_options_inventory_product_datamodules\woocommerce\module.php:454
actiontemplate_redirectmodules\woocommerce\module.php:459
filterwoocommerce_get_stock_htmlmodules\woocommerce\widgets\add-to-cart.php:2403
filterwoocommerce_product_single_add_to_cart_textmodules\woocommerce\widgets\add-to-cart.php:2404
filteresc_htmlmodules\woocommerce\widgets\add-to-cart.php:2405
filterwoocommerce_coupons_enabledmodules\woocommerce\widgets\cart.php:2601
filtergettextmodules\woocommerce\widgets\cart.php:2630
actionwoocommerce_before_cartmodules\woocommerce\widgets\cart.php:2632
actionwoocommerce_after_cart_tablemodules\woocommerce\widgets\cart.php:2633
actionwoocommerce_before_cart_tablemodules\woocommerce\widgets\cart.php:2634
actionwoocommerce_before_cart_collateralsmodules\woocommerce\widgets\cart.php:2635
actionwoocommerce_after_cartmodules\woocommerce\widgets\cart.php:2636
actionwoocommerce_cart_contentsmodules\woocommerce\widgets\cart.php:2640
actionwoocommerce_after_cart_contentsmodules\woocommerce\widgets\cart.php:2641
filterwoocommerce_get_cart_urlmodules\woocommerce\widgets\cart.php:2642
actionwoocommerce_cart_collateralsmodules\woocommerce\widgets\cart.php:2672
actionwoocommerce_cart_is_emptymodules\woocommerce\widgets\cart.php:2675
filterwoocommerce_form_field_argsmodules\woocommerce\widgets\checkout.php:4376
filterwoocommerce_get_terms_and_conditions_checkbox_textmodules\woocommerce\widgets\checkout.php:4377
filtergettextmodules\woocommerce\widgets\checkout.php:4379
actionwoocommerce_checkout_before_customer_detailsmodules\woocommerce\widgets\checkout.php:4381
actionwoocommerce_checkout_after_customer_detailsmodules\woocommerce\widgets\checkout.php:4382
actionwoocommerce_checkout_before_order_review_headingmodules\woocommerce\widgets\checkout.php:4383
actionwoocommerce_checkout_before_order_review_headingmodules\woocommerce\widgets\checkout.php:4384
actionwoocommerce_checkout_order_reviewmodules\woocommerce\widgets\checkout.php:4385
actionwoocommerce_checkout_after_order_reviewmodules\woocommerce\widgets\checkout.php:4386
actionwoocommerce_before_add_to_cart_quantitymodules\woocommerce\widgets\product-add-to-cart.php:82
actionwoocommerce_before_add_to_cart_buttonmodules\woocommerce\widgets\product-add-to-cart.php:83
actionwoocommerce_after_add_to_cart_buttonmodules\woocommerce\widgets\product-add-to-cart.php:84
actionwp_footermodules\woocommerce\widgets\product-images.php:237
filterwoocommerce_thankyou_order_idmodules\woocommerce\widgets\purchase-summary.php:1618
filterwoocommerce_thankyou_order_keymodules\woocommerce\widgets\purchase-summary.php:1619
filtergettextmodules\woocommerce\widgets\purchase-summary.php:1633
filterwoocommerce_thankyou_order_received_textmodules\woocommerce\widgets\purchase-summary.php:1634
actionelementor/initplugin.php:266
actionelementor/frontend/before_register_scriptsplugin.php:268
actionelementor/preview/enqueue_scriptsplugin.php:269
actionelementor/frontend/before_enqueue_scriptsplugin.php:271
actionelementor/frontend/after_enqueue_stylesplugin.php:272
actionelementor/document/save_versionplugin.php:274
filterwp_kses_allowed_htmlplugin.php:275
filterelementor/core/responsive/get_stylesheet_templatesplugin.php:277
filterregister_post_type_job_listingplugin.php:279
actionadd_meta_boxesportfolio\includes\admin\class-mas-admin-meta-boxes.php:37
actionsave_postportfolio\includes\admin\class-mas-admin-meta-boxes.php:38
actionmas_process_jetpack-portfolio_metaportfolio\includes\admin\class-mas-admin-meta-boxes.php:40
actionadmin_noticesportfolio\includes\admin\class-mas-admin-meta-boxes.php:43
actionshutdownportfolio\includes\admin\class-mas-admin-meta-boxes.php:44
actioninitportfolio\includes\admin\class-mas-admin.php:23
actionadmin_initportfolio\includes\admin\class-mas-admin.php:24
actionadmin_enqueue_scriptsportfolio\includes\admin\class-mas-admin.php:25
actionadmin_enqueue_scriptsportfolio\includes\admin\class-mas-admin.php:26
filterupload_mimesportfolio\includes\functions.php:26
filterwp_handle_upload_prefilterportfolio\includes\functions.php:27
filtermas_single_post_show_content_titleportfolio\includes\functions.php:30
filtermas_load_min_cssportfolio\includes\functions.php:32
filtermas_load_min_jsportfolio\includes\functions.php:33
actionadmin_initportfolio\modules\classes\class-mas-jetpack-portfolio.php:47
actionafter_switch_themeportfolio\modules\classes\class-mas-jetpack-portfolio.php:50
actionimport_startportfolio\modules\classes\class-mas-jetpack-portfolio.php:53
filterrest_api_allowed_post_typesportfolio\modules\classes\class-mas-jetpack-portfolio.php:56
actionafter_switch_themeportfolio\modules\classes\class-mas-jetpack-portfolio.php:70
filterpost_updated_messagesportfolio\modules\classes\class-mas-jetpack-portfolio.php:73
actioncustomize_registerportfolio\modules\classes\class-mas-jetpack-portfolio.php:76
actionadmin_enqueue_scriptsportfolio\modules\classes\class-mas-jetpack-portfolio.php:87
filterinfinite_scroll_settingsportfolio\modules\classes\class-mas-jetpack-portfolio.php:94
filterinfinite_scroll_resultsportfolio\modules\classes\class-mas-jetpack-portfolio.php:95
filterwpcom_sitemap_post_typesportfolio\modules\classes\class-mas-jetpack-portfolio.php:99
filterjetpack_sitemap_post_typesportfolio\modules\classes\class-mas-jetpack-portfolio.php:102
filterpre_get_postsportfolio\modules\classes\class-mas-jetpack-portfolio.php:106
actionswitch_themeportfolio\modules\classes\class-mas-jetpack-portfolio.php:110
filterwordads_inpost_disableportfolio\modules\classes\class-mas-jetpack-portfolio.php:844
actioninitportfolio\modules\classes\class-mas-jetpack-portfolio.php:1032
actionjetpack_activate_module_custom-content-typesportfolio\modules\classes\class-mas-jetpack-portfolio.php:1038
actionelementor/preview/enqueue_stylestemplates\classes\assets.php:34
actionelementor/editor/after_enqueue_stylestemplates\classes\assets.php:36
actionelementor/editor/before_enqueue_scriptstemplates\classes\assets.php:38
actionelementor/editor/footertemplates\classes\assets.php:40
actionelementor/ajax/register_actionstemplates\classes\manager.php:41
filtermas_elementor_templates_editor_localizetemplates\classes\manager.php:48
actioninittemplates\templates.php:83
Maintenance & Trust

MAS Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 17, 2025
PHP min version7.4
Downloads17K

Community Trust

Rating0/100
Number of ratings0
Active installs1K
Alternatives

MAS Elementor Alternatives

WP Shortcodes Plugin — Shortcodes Ultimate

WP Shortcodes Plugin — Shortcodes Ultimate

shortcodes-ultimate

A
88

A comprehensive collection of visual components for your site

400K 35 CVEs
Post Grid

Post Grid

post-grid

F
20

Post Grid is a powerful WordPress plugin for creating customizable post grid layouts with advanced query options, allowing users to display posts dyna &hellip;

30K 2 unpatched
Ultimate Post Kit Addons for Elementor

Ultimate Post Kit Addons for Elementor

ultimate-post-kit

A
96

Build your blogs and news sites with a feature-rich Elementor addon, offering 100+ elements for engaging layouts.

30K 3 CVEs
AnWP Post Grid and Post Carousel Slider for Elementor

AnWP Post Grid and Post Carousel Slider for Elementor

anwp-post-grid-for-elementor

A
92

Easily create awesome post grids and post carousel sliders. Different widget types, powerful filters, "load more" button and many customizab &hellip;

20K No CVEs
Hide Posts

Hide Posts

whp-hide-posts

A
100

Allows you to hide any posts on the home page, category page, search page, tags page, authors page, RSS Feed, REST API, XML sitemaps, SEO integrations &hellip;

20K No CVEs
Developer Profile

MAS Elementor Developer Profile

MadrasThemes

7 plugins · 25K total installs

95
trust score
Avg Security Score
93/100
Avg Patch Time
2 days
View full developer profile
Detection Fingerprints

How We Detect MAS Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mas-addons-for-elementor/assets/css/mas-addons-elementor.css/wp-content/plugins/mas-addons-for-elementor/assets/js/mas-addons-elementor.js/wp-content/plugins/mas-addons-for-elementor/elementor/widgets/assets/css/widget-style.css/wp-content/plugins/mas-addons-for-elementor/elementor/widgets/assets/js/widget-script.js/wp-content/plugins/mas-addons-for-elementor/elementor/widgets/assets/js/frontend.js/wp-content/plugins/mas-addons-for-elementor/assets/css/custom.css/wp-content/plugins/mas-addons-for-elementor/assets/js/custom.js
Script Paths
/wp-content/plugins/mas-addons-for-elementor/assets/js/mas-addons-elementor.js/wp-content/plugins/mas-addons-for-elementor/elementor/widgets/assets/js/widget-script.js/wp-content/plugins/mas-addons-for-elementor/elementor/widgets/assets/js/frontend.js/wp-content/plugins/mas-addons-for-elementor/assets/js/custom.js
Version Parameters
mas-addons-for-elementor/assets/css/mas-addons-elementor.css?ver=mas-addons-for-elementor/assets/js/mas-addons-elementor.js?ver=mas-addons-for-elementor/elementor/widgets/assets/css/widget-style.css?ver=mas-addons-for-elementor/elementor/widgets/assets/js/widget-script.js?ver=mas-addons-for-elementor/elementor/widgets/assets/js/frontend.js?ver=mas-addons-for-elementor/assets/css/custom.css?ver=mas-addons-for-elementor/assets/js/custom.js?ver=

HTML / DOM Fingerprints

CSS Classes
mas-addons-for-elementormas-addons-elementormas-elementor-widgetmas-static-contentmas-elementor-elementmas-image-carouselmas-testimonial-slidermas-team-member+18 more
Data Attributes
data-mas-options
JS Globals
MASWidgetsmas_widgets_params
FAQ

Frequently Asked Questions about MAS Elementor