WP-Safety

News Element Elementor Blog Magazine Security & Risk Analysis

wordpress.org/plugins/news-element

Create News, Magazine and Blogs with grid, slider, hero, header-footer etc.

400 active installs v1.0.9 PHP 7.0+ WP 5.0+ Updated Feb 25, 2026
elementorelementor-addonsmagazinepost-gridpost-list
46
D · High Risk
CVEs total3
Unpatched2
Last CVEFeb 18, 2026
Plugin page Download
Safety Verdict

Is News Element Elementor Blog Magazine Safe to Use in 2026?

High Risk

Score 46/100

News Element Elementor Blog Magazine carries significant security risk with 3 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

3 known CVEs 2 unpatched Last CVE: Feb 18, 2026Updated 1mo ago
Risk Assessment

The "news-element" v1.0.9 plugin exhibits a concerning security posture, primarily due to its significant attack surface composed of numerous AJAX handlers, a substantial portion of which lack proper authentication checks. While the plugin demonstrates some good practices, such as the majority of its SQL queries utilizing prepared statements and a reasonable number of nonce and capability checks, these are overshadowed by critical vulnerabilities and risky code patterns. The presence of the `unserialize` function without apparent sanitization is a significant red flag, especially considering the taint analysis revealed flows with unsanitized paths, although thankfully none reached a critical or high severity in the static analysis.

The plugin's vulnerability history is particularly alarming, with 3 known CVEs, 2 of which remain unpatched. The types of past vulnerabilities, including Missing Authorization, Cross-site Scripting, and PHP Remote File Inclusion, indicate a recurring pattern of weaknesses that attackers can exploit. The fact that a critical CVE exists and is unpatched suggests a high immediate risk to sites using this plugin. The last vulnerability being relatively recent, despite the version being 1.0.9, also raises questions about ongoing maintenance and responsiveness to security issues.

In conclusion, while the plugin shows some positive security implementations, the combination of a large, unprotected attack surface, the use of dangerous functions like `unserialize`, and a history of critical and unpatched vulnerabilities makes "news-element" v1.0.9 a high-risk plugin. Users should exercise extreme caution and prioritize updating or finding alternatives.

Key Concerns

  • Unpatched Critical CVE
  • Unpatched Medium CVE
  • Unpatched Medium CVE
  • Unprotected AJAX handlers
  • Dangerous function (unserialize)
  • Flows with unsanitized paths (taint analysis)
  • Output escaping below 70%
Vulnerabilities
3

News Element Elementor Blog Magazine Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025 · unpatched
2025
1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Critical
1
Medium
2

3 total CVEs

CVE-2026-2284medium · 5.4Missing Authorization

News Element Elementor Blog Magazine <= 1.0.8 - Missing Authorization to Authenticated (Subscriber+) Data Loss

Feb 18, 2026Unpatched
CVE-2025-32191medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

News Element Elementor Blog Magazine <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 4, 2025Unpatched
CVE-2024-6459critical · 9.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

News Element Elementor Blog Magazine <= 1.0.5 - Unauthenticated Local File Inlcusion

Jul 27, 2024 Patched in 1.0.6 (588d)
Code Analysis
Analyzed Mar 16, 2026

News Element Elementor Blog Magazine Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
4 prepared
Unescaped Output
400
701 escaped
Nonce Checks
8
Capability Checks
8
File Operations
6
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$fget = unserialize(file_get_contents("http://vimeo.com/api/v2/video/$video[1].php"));includes\helper.php:1725

SQL Query Safety

80% prepared5 total queries

Output Escaping

64% escaped1101 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

8 flows2 with unsanitized paths
render (includes\header-footer\includes\modules\dynamic-tags\tags\request-parameter.php:32)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

News Element Elementor Blog Magazine Attack Surface

Entry Points16
Unprotected7

AJAX Handlers 15

authwp_ajax_ne_import_dataadmin\inc\dash.php:271
authwp_ajax_ne_clean_dataadmin\inc\dash.php:272
authwp_ajax_ne_display_import_sitesadmin\inc\dash.php:274
authwp_ajax_newselement_load_templateincludes\ajax_posts.php:5
noprivwp_ajax_newselement_load_templateincludes\ajax_posts.php:6
authwp_ajax_ne_search_postincludes\ajax_posts.php:8
noprivwp_ajax_ne_search_postincludes\ajax_posts.php:9
authwp_ajax_ne_process_formincludes\ajax_posts.php:12
noprivwp_ajax_ne_process_formincludes\ajax_posts.php:13
noprivwp_ajax_lakit_ajaxincludes\header-footer\includes\modules\ajax\manager.php:81
authwp_ajax_lakit_ajaxincludes\header-footer\includes\modules\ajax\manager.php:82
noprivwp_ajax_khobish_filter_taxindex.php:88
authwp_ajax_khobish_filter_taxindex.php:89
noprivwp_ajax_xl_vid_playlistindex.php:92
authwp_ajax_xl_vid_playlistindex.php:93

Shortcodes 1

[year] includes\ajax_posts.php:15
WordPress Hooks 131
actionadmin_menuadmin\inc\dash.php:268
actionadmin_print_scriptsadmin\inc\dash.php:269
actionadmin_headadmin\inc\dash.php:270
actionadmin_noticesadmin\inc\dash.php:273
filterposts_whereincludes\ajax_posts.php:120
actionelementor/core/files/clear_cacheincludes\dynamic-styles.php:7
actionwp_enqueue_scriptsincludes\dynamic-styles.php:8
actionelementor/documents/register_controlsincludes\ext\document.php:13
actionelementor/frontend/after_enqueue_scriptsincludes\ext\document.php:15
filterbody_classincludes\ext\document.php:17
actionelementor/kit/register_tabsincludes\ext\global.php:121
actionbody_classincludes\ext\global.php:122
actionwp_footerincludes\ext\global.php:123
actionwp_enqueue_scriptsincludes\ext\global.php:124
actionelementor/element/container/section_layout_container/after_section_endincludes\ext\sticky.php:13
actionelementor/element/common/_section_style/after_section_endincludes\ext\sticky.php:15
filterposts_whereincludes\header-footer\includes\class-helper.php:116
filterthepack-kit/themecore/get_location_templates/template_idincludes\header-footer\includes\class-integration.php:41
filterthepack-kit/themecore/get_location_templates/template_idincludes\header-footer\includes\class-integration.php:46
actionwp_enqueue_scriptsincludes\header-footer\includes\class-integration.php:49
actionthepack-kit/ajax/register_actionsincludes\header-footer\includes\class-integration.php:51
actioninitincludes\header-footer\includes\class-term-meta.php:42
actionpre_get_postsincludes\header-footer\includes\extensions\elementor\classes\post-query.php:58
actionpre_get_postsincludes\header-footer\includes\extensions\elementor\classes\post-query.php:62
filterfound_postsincludes\header-footer\includes\extensions\elementor\classes\post-query.php:63
filterposts_whereincludes\header-footer\includes\extensions\elementor\classes\query-control.php:224
actionelementor/controls/controls_registeredincludes\header-footer\includes\extensions\elementor\module.php:23
actionelementor/editor/before_enqueue_scriptsincludes\header-footer\includes\extensions\elementor\module.php:24
actionelementor/ajax/register_actionsincludes\header-footer\includes\extensions\elementor\module.php:25
actionthepack_kit_ajax_do_ajaxincludes\header-footer\includes\modules\ajax\manager.php:83
actioninitincludes\header-footer\includes\modules\ajax\manager.php:85
actiontemplate_redirectincludes\header-footer\includes\modules\ajax\manager.php:86
actionthepack-kit/forms/pre_renderincludes\header-footer\includes\modules\popup\form-action.php:142
actionelementor/documents/registerincludes\header-footer\includes\modules\popup\module.php:21
actionelementor/theme/register_locationsincludes\header-footer\includes\modules\popup\module.php:22
actionelementor/dynamic_tags/registerincludes\header-footer\includes\modules\popup\module.php:23
actionelementor/ajax/register_actionsincludes\header-footer\includes\modules\popup\module.php:24
actionwp_footerincludes\header-footer\includes\modules\popup\module.php:26
actionadmin_menuincludes\header-footer\includes\modules\popup\module.php:29
filterelementor/finder/categoriesincludes\header-footer\includes\modules\popup\module.php:31
actionelementor/theme/after_do_popupincludes\header-footer\includes\modules\popup\module.php:32
actionelementor/frontend/after_register_stylesincludes\header-footer\includes\modules\popup\module.php:37
actionwp_loadedincludes\header-footer\includes\modules\theme-builder\classes\conditions-manager.php:33
actionwp_trash_postincludes\header-footer\includes\modules\theme-builder\classes\conditions-manager.php:34
actionuntrashed_postincludes\header-footer\includes\modules\theme-builder\classes\conditions-manager.php:35
actionelementor/ajax/register_actionsincludes\header-footer\includes\modules\theme-builder\classes\conditions-manager.php:36
filterthe_contentincludes\header-footer\includes\modules\theme-builder\classes\locations-manager.php:27
filtertemplate_includeincludes\header-footer\includes\modules\theme-builder\classes\locations-manager.php:29
actiontemplate_redirectincludes\header-footer\includes\modules\theme-builder\classes\locations-manager.php:30
filterelementor/admin/create_new_post/metaincludes\header-footer\includes\modules\theme-builder\classes\locations-manager.php:32
actionwp_enqueue_scriptsincludes\header-footer\includes\modules\theme-builder\classes\locations-manager.php:35
filterelementor/query/get_query_args/current_queryincludes\header-footer\includes\modules\theme-builder\classes\preview-manager.php:14
filterelementor/theme/posts_archive/query_posts/query_varsincludes\header-footer\includes\modules\theme-builder\classes\preview-manager.php:15
filterthepack-kit/dynamic_tags/post_terms/taxonomy_argsincludes\header-footer\includes\modules\theme-builder\classes\preview-manager.php:16
actionelementor/template-library/before_get_source_dataincludes\header-footer\includes\modules\theme-builder\classes\preview-manager.php:18
actionelementor/template-library/after_get_source_dataincludes\header-footer\includes\modules\theme-builder\classes\preview-manager.php:19
actionelementor/dynamic_tags/before_renderincludes\header-footer\includes\modules\theme-builder\classes\preview-manager.php:20
actionelementor/dynamic_tags/after_renderincludes\header-footer\includes\modules\theme-builder\classes\preview-manager.php:21
actionelementor/documents/registerincludes\header-footer\includes\modules\theme-builder\classes\templates-types-manager.php:14
actioninitincludes\header-footer\includes\modules\theme-builder\classes\theme-support.php:14
actionelementor/theme/register_locationsincludes\header-footer\includes\modules\theme-builder\classes\theme-support.php:26
actionget_headerincludes\header-footer\includes\modules\theme-builder\classes\theme-support.php:60
actionget_footerincludes\header-footer\includes\modules\theme-builder\classes\theme-support.php:61
filtershow_admin_barincludes\header-footer\includes\modules\theme-builder\classes\theme-support.php:62
actionwp_footerincludes\header-footer\includes\modules\theme-builder\documents\single-base.php:157
filterbody_classincludes\header-footer\includes\modules\theme-builder\documents\theme-page-document.php:130
actionelementor/controls/controls_registeredincludes\header-footer\includes\modules\theme-builder\module.php:399
actionelementor/editor/initincludes\header-footer\includes\modules\theme-builder\module.php:402
filterthepackkit/admin/localize_settingsincludes\header-footer\includes\modules\theme-builder\module.php:403
filterelementor/editor/localize_settingsincludes\header-footer\includes\modules\theme-builder\module.php:404
filterelementor/document/configincludes\header-footer\includes\modules\theme-builder\module.php:405
actionelementor/editor/before_enqueue_scriptsincludes\header-footer\includes\modules\theme-builder\module.php:406
actionadmin_headincludes\header-footer\includes\modules\theme-builder\module.php:409
actionadmin_menuincludes\header-footer\includes\modules\theme-builder\module.php:410
filteradd_menu_classesincludes\header-footer\includes\modules\theme-builder\module.php:411
actionelementor/template-library/create_new_dialog_fieldsincludes\header-footer\includes\modules\theme-builder\module.php:413
filterelementor/template-library/create_new_dialog_typesincludes\header-footer\includes\modules\theme-builder\module.php:415
filterelementor/finder/categoriesincludes\header-footer\includes\modules\theme-builder\module.php:419
actionelementor/theme/register_locationsincludes\header-footer\includes\modules\theme-builder\theme-support\safe-mode-theme-support.php:29
actionelementor/page_templates/canvas/before_contentincludes\header-footer\includes\modules\theme-builder\theme-support\safe-mode-theme-support.php:31
actionelementor/page_templates/canvas/after_contentincludes\header-footer\includes\modules\theme-builder\theme-support\safe-mode-theme-support.php:32
actionwp_enqueue_scriptsincludes\header-footer\includes\modules\woocommerce\documents\product-archive.php:122
actionwp_footerincludes\header-footer\includes\modules\woocommerce\documents\product.php:88
actionwp_enqueue_scriptsincludes\header-footer\includes\modules\woocommerce\documents\product.php:151
actionelementor/dynamic_tags/registerincludes\header-footer\includes\modules\woocommerce\module.php:102
actionelementor/documents/registerincludes\header-footer\includes\modules\woocommerce\module.php:103
actionelementor/theme/register_conditionsincludes\header-footer\includes\modules\woocommerce\module.php:104
filterelementor/theme/need_override_locationincludes\header-footer\includes\modules\woocommerce\module.php:105
actioninitincludes\header-footer\includes\modules\woocommerce\module.php:108
filterwoocommerce_product_loop_startincludes\header-footer\includes\modules\woocommerce\module.php:111
filterwoocommerce_product_loop_endincludes\header-footer\includes\modules\woocommerce\module.php:112
actionafter_setup_themeincludes\header-footer\index.php:87
actioninitincludes\header-footer\index.php:91
actionelementor/initincludes\header-footer\index.php:93
actionadmin_enqueue_scriptsincludes\header-footer\index.php:95
actionnewsmag_filter_tax_styleincludes\widget-control.php:13
actionnewsmag_pagination_styleincludes\widget-control.php:14
actionnewsmag_block_styleincludes\widget-control.php:15
actionnewsmag_read_more_styleincludes\widget-control.php:16
actionnewsmag_overlay_tax_styleincludes\widget-control.php:17
actionnewsmag_raised_contentincludes\widget-control.php:18
actionnewsmag_flex_listincludes\widget-control.php:19
actionnewsmag_swiper_controlincludes\widget-control.php:20
actionnewsmag_post_title_styleincludes\widget-control.php:21
actionnewsmag_post_meta_styleincludes\widget-control.php:22
actionnewsmag_post_excerpt_styleincludes\widget-control.php:23
actionnewsmag_post_cat_bg_styleincludes\widget-control.php:24
actionnewsmag_post_bg_styleincludes\widget-control.php:25
actionnewsmag_comm_styleincludes\widget-control.php:26
actionnewsmag_heading_styleincludes\widget-control.php:27
actionnewsmag_post_format_styleincludes\widget-control.php:28
actioninitindex.php:113
actionplugins_loadedindex.php:114
actionadmin_initindex.php:115
actionadmin_noticesindex.php:116
actionadmin_noticesindex.php:144
actionadmin_noticesindex.php:189
actionelementor/initnews-element.php:10
actionelementor/frontend/after_enqueue_scriptsnews-element.php:12
actionelementor/frontend/after_enqueue_stylesnews-element.php:14
actionelementor/controls/registernews-element.php:19
actionelementor/widgets/registernews-element.php:20
actionelementor/controls/controls_registerednews-element.php:22
actionelementor/widgets/widgets_registerednews-element.php:23
actionelementor/editor/after_enqueue_scriptsnews-element.php:28
actionelementor/editor/after_enqueue_scriptsnews-element.php:29
actiontemplate_redirectnews-element.php:30
actionwp_body_opennews-element.php:31
filterelementor/icons_manager/additional_tabsnews-element.php:32
filterthe_contentwidgets\block\post-content\view.php:84
filterthe_contentwidgets\block\post-content\view.php:103
Maintenance & Trust

News Element Elementor Blog Magazine Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 25, 2026
PHP min version7.0
Downloads8K

Community Trust

Rating100/100
Number of ratings5
Active installs400
Alternatives

News Element Elementor Blog Magazine Alternatives

Ultimate Post Kit Addons for Elementor

Ultimate Post Kit Addons for Elementor

ultimate-post-kit

A
98

Build your blogs and news sites with a feature-rich Elementor addon, offering 100+ elements for engaging layouts.

30K 2 CVEs
Post Grid Addon for Elementor

Post Grid Addon for Elementor

post-grid-elementor-addon

A
99

Addon for the Elementor page builder to display posts in a grid. Useful for generating post grid from your blog posts with multiple options.

20K 2 CVEs
EleSpare – News, Magazine and Blog Addons for Elementor

EleSpare – News, Magazine and Blog Addons for Elementor

elespare

A
99

EleSpare provides pre-designed templates, header/footer builders, and various post layouts for creating stunning news, magazine, and blog sites with E &hellip;

10K 2 CVEs
BlogLentor – Blog Designer Pack for Elementor

BlogLentor – Blog Designer Pack for Elementor

bloglentor-for-elementor

B
79

Design and modify your blog with creative layouts. You can easily design your blog posts with slider, Carousel and different skins with pagination.

5K 1 unpatched
Blog News Addons For Elementor (News, Magazine and Blog Addons)

Blog News Addons For Elementor (News, Magazine and Blog Addons)

blognews-for-elementor

A
100

Build news, magazine & blog sites with BlogNews for Elementor. 50+ widgets, 20+ templates, header/footer builder. No coding required!

300 No CVEs
Developer Profile

News Element Elementor Blog Magazine Developer Profile

webangon

5 plugins · 43K total installs

74
trust score
Avg Security Score
80/100
Avg Patch Time
55 days
View full developer profile
Detection Fingerprints

How We Detect News Element Elementor Blog Magazine

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/news-element/assets/js/main.js/wp-content/plugins/news-element/assets/css/main.css/wp-content/plugins/news-element/widgets/news-element-block.js/wp-content/plugins/news-element/widgets/news-element-carousel.js/wp-content/plugins/news-element/widgets/news-element-grid.js/wp-content/plugins/news-element/widgets/news-element-list.js/wp-content/plugins/news-element/widgets/news-element-slider.js/wp-content/plugins/news-element/widgets/news-element-tabs.js+1 more
Script Paths
/wp-content/plugins/news-element/assets/js/main.js/wp-content/plugins/news-element/widgets/news-element-block.js/wp-content/plugins/news-element/widgets/news-element-carousel.js/wp-content/plugins/news-element/widgets/news-element-grid.js/wp-content/plugins/news-element/widgets/news-element-list.js/wp-content/plugins/news-element/widgets/news-element-slider.js+2 more
Version Parameters
news-element/assets/js/main.js?ver=news-element/assets/css/main.css?ver=

HTML / DOM Fingerprints

CSS Classes
news-element-block-wrappernews-element-carousel-wrappernews-element-grid-wrappernews-element-list-wrappernews-element-slider-wrappernews-element-tabs-wrappernews-element-ticker-wrapper
Data Attributes
data-settings
JS Globals
NewsElementFrontend
FAQ

Frequently Asked Questions about News Element Elementor Blog Magazine