WP-Safety

Elements For Elementor Security & Risk Analysis

wordpress.org/plugins/nd-elements

The plugin adds some useful elements to the Elementor Page Builder Plugin. All components are full responsive and retina ready.

10K active installs v2.3 PHP + WP 4.5+ Updated Dec 4, 2024
componentselementorframeworkpost-gridshortcodes
90
A · Safe
CVEs total2
Unpatched0
Last CVEMay 31, 2024
Plugin page Download
Safety Verdict

Is Elements For Elementor Safe to Use in 2026?

Generally Safe

Score 90/100

Elements For Elementor has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: May 31, 2024Updated 1yr ago
Risk Assessment

The static analysis of nd-elements v2.3 reveals a generally strong security posture regarding its code implementation. The absence of exposed entry points like AJAX handlers, REST API routes, shortcodes, and cron events with inadequate authentication or permission checks is a significant positive. The code also demonstrates good practices in preventing SQL injection by exclusively using prepared statements and a high percentage of properly escaped output, minimizing the risk of cross-site scripting vulnerabilities stemming from direct code execution. Furthermore, the lack of file operations and external HTTP requests reduces the plugin's attack surface and potential for external exploitation.

However, a notable concern arises from the plugin's vulnerability history. The presence of two known CVEs, one high and one medium, with common types like Remote File Inclusion and Cross-site Scripting, indicates a past susceptibility to critical security flaws. While no currently unpatched vulnerabilities are listed, the historical pattern suggests a need for vigilance. The absence of any capability checks or nonce checks in the provided code signals, while not inherently problematic given the apparent lack of exposed entry points, could become a concern if the plugin's functionality expands or if the static analysis missed certain interactions. The past vulnerabilities, coupled with the lack of explicit capability checks in the analyzed code, warrant a careful approach to updates and deployment.

In conclusion, nd-elements v2.3 exhibits commendable code-level security practices, particularly in its limited attack surface and secure handling of database queries and output. Nevertheless, the historical presence of significant vulnerabilities dictates caution. The plugin's security is currently balanced between good internal coding standards and the lingering risk profile from its past. Users should ensure they are on the absolute latest version (if v2.3 is not the latest) and monitor for future updates closely.

Key Concerns

  • High and Medium known CVEs
  • No nonce checks detected
  • No capability checks detected
Vulnerabilities
2 published

Elements For Elementor Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2024-5348high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Elements For Elementor <= 2.1 - Authenticated (Contributor+) Local File Inclusion via Multiple Widget Attributes

May 31, 2024 Patched in 2.2 (1d)
WF-231dbf87-2e17-4b4b-9eac-34a8b4a791ba-nd-elementsmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Elements For Elementor <= 1.9 - Stored Cross-Site Scripting

May 25, 2022 Patched in 2.0 (608d)
Version History

Elements For Elementor Release Timeline

v2.3Current
v2.2
v2.11 CVE
CVE-2024-5348
v2.01 CVE
CVE-2024-5348
v1.92 CVEs
WF-231dbf87-2e17-4b4b-9eac-34a8b4a791ba-nd-elements CVE-2024-5348
v1.82 CVEs
WF-231dbf87-2e17-4b4b-9eac-34a8b4a791ba-nd-elements CVE-2024-5348
v1.72 CVEs
WF-231dbf87-2e17-4b4b-9eac-34a8b4a791ba-nd-elements CVE-2024-5348
v1.62 CVEs
WF-231dbf87-2e17-4b4b-9eac-34a8b4a791ba-nd-elements CVE-2024-5348
v1.52 CVEs
WF-231dbf87-2e17-4b4b-9eac-34a8b4a791ba-nd-elements CVE-2024-5348
v1.42 CVEs
WF-231dbf87-2e17-4b4b-9eac-34a8b4a791ba-nd-elements CVE-2024-5348
v1.32 CVEs
WF-231dbf87-2e17-4b4b-9eac-34a8b4a791ba-nd-elements CVE-2024-5348
v1.22 CVEs
WF-231dbf87-2e17-4b4b-9eac-34a8b4a791ba-nd-elements CVE-2024-5348
v1.12 CVEs
WF-231dbf87-2e17-4b4b-9eac-34a8b4a791ba-nd-elements CVE-2024-5348
v1.02 CVEs
WF-231dbf87-2e17-4b4b-9eac-34a8b4a791ba-nd-elements CVE-2024-5348
Code Analysis
Analyzed Mar 16, 2026

Elements For Elementor Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
44 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

94% escaped47 total outputs
Attack Surface

Elements For Elementor Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 9
actioninitnd-elements.php:41
actionplugins_loadednd-elements.php:42
actionadmin_noticesnd-elements.php:57
actionadmin_noticesnd-elements.php:63
actionadmin_noticesnd-elements.php:69
actionelementor/widgets/widgets_registerednd-elements.php:74
actionwp_enqueue_scriptsnd-elements.php:204
actionelementor/elements/categories_registerednd-elements.php:221
actionelementor/editor/footernd-elements.php:227
Maintenance & Trust

Elements For Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedDec 4, 2024
PHP min version
Downloads78K

Community Trust

Rating0/100
Number of ratings0
Active installs10K
Alternatives

Elements For Elementor Alternatives

ND Shortcodes

ND Shortcodes

nd-shortcodes

A
89

The plugin adds some useful components to your page builder ( Elementor or WP Bakery Page Builder ). All components are full responsive and retina rea &hellip;

20K 5 CVEs
Octagon Elements for Elementor

Octagon Elements for Elementor

octagon-elements-lite-for-elementor

A
85

Tons of unique shortcodes elements addon for Elementor Page Builder.

10 No CVEs
Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor)

Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor)

content-views-query-and-display-post-page

A
96

Easy to show posts, pages, custom posts in customizable grid, list, slider, accordion... Available as Widgets (for Elementor), Shortcode, and Blocks.

100K 4 CVEs
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid

the-post-grid

A
96

Display WordPress posts in beautiful grid, list, slider, and filter layouts. Works with Gutenberg, Elementor, Divi, and Shortcodes.

100K 11 CVEs
Ultimate Post Kit Addons for Elementor

Ultimate Post Kit Addons for Elementor

ultimate-post-kit

A
96

Build your blogs and news sites with a feature-rich Elementor addon, offering 100+ elements for engaging layouts.

30K 3 CVEs
Developer Profile

Elements For Elementor Developer Profile

nicdark

4 plugins · 34K total installs

64
trust score
Avg Security Score
79/100
Avg Patch Time
461 days
View full developer profile
Detection Fingerprints

How We Detect Elements For Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/nd-elements/css/style.css
Version Parameters
nd-elements/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
nd_elements_myt_preview_imgnd_elements_myt_preview_titlend_elements_myt_preview_btn_containernd_elements_myt_preview_btn_previewnd_elements_myt_preview_btn_insert_contentnd_elements_myt_preview_btn_insert
Data Attributes
id="tmpl-elementor-template-library-template-local"
JS Globals
nd_elements_myt_preview_imgnd_elements_myt_preview_titlend_elements_myt_preview_btn_containernd_elements_myt_preview_btn_previewnd_elements_myt_preview_btn_insert_contentnd_elements_myt_preview_btn_insert
FAQ

Frequently Asked Questions about Elements For Elementor