WP-Safety

News Kit Addons For Elementor Security & Risk Analysis

wordpress.org/plugins/news-kit-elementor-addons

All News focused elementor widgets that you are looking for in Elementor Page Builder. Currently, with 57 feature rich widgets and theme builder you c …

4K active installs v1.4.2 PHP 5.6+ WP 5.0+ Updated Dec 1, 2025
elementor-addonsnews-addontheme-builder
42
D · High Risk
CVEs total5
Unpatched3
Last CVEJan 28, 2026
Download
Safety Verdict

Is News Kit Addons For Elementor Safe to Use in 2026?

High Risk

Score 42/100

News Kit Addons For Elementor carries significant security risk with 5 known CVEs, 3 still unpatched. Consider switching to a maintained alternative.

5 known CVEs 3 unpatched Last CVE: Jan 28, 2026Updated 4mo ago
Risk Assessment

The "news-kit-elementor-addons" plugin v1.4.2 exhibits a concerning security posture despite some positive indicators. While the plugin demonstrates good practices with 100% of its SQL queries using prepared statements and a high percentage of properly escaped output, these strengths are overshadowed by critical weaknesses. The presence of one AJAX handler without any authentication checks presents a significant direct attack vector. Furthermore, the plugin's history of 5 known CVEs, with 3 currently unpatched and all being medium severity, points to a recurring pattern of security flaws. These historical vulnerabilities, particularly those related to Missing Authorization and Cross-site Scripting, align with the potential risks identified in the static analysis, suggesting a need for more robust security development and patching practices. The taint analysis indicates one flow with unsanitized paths, which, while not classified as critical or high, could still lead to vulnerabilities if exploited. The bundled Select2 library also raises minor concerns if it's an older, unpatched version.

Overall, the plugin has a mixed security profile. The static analysis reveals an unprotected entry point and a potentially unsanitized data flow, while the vulnerability history strongly suggests a recurring struggle with implementing adequate security controls. The significant number of unpatched vulnerabilities is a major red flag. While the use of prepared statements for SQL and good output escaping are commendable, they do not fully mitigate the risks posed by missing authorization checks and past security incidents. This plugin requires careful attention to address the identified vulnerabilities and improve its overall security resilience.

Key Concerns

  • Unprotected AJAX handler detected
  • Unpatched CVEs detected (3)
  • Flow with unsanitized path
  • Bundled library (Select2) detected
Vulnerabilities
5

News Kit Addons For Elementor Security Vulnerabilities

CVEs by Year

2 CVEs in 2024 · unpatched
2024
2 CVEs in 2025 · unpatched
2025
1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
5

5 total CVEs

CVE-2026-25416medium · 4.3Missing Authorization

News Kit Addons For Elementor <= 1.4.2 - Missing Authorization

Jan 28, 2026Unpatched
CVE-2025-54037medium · 4.3Missing Authorization

News Kit Elementor Addons <= 1.3.4 - Missing Authorization

Jul 16, 2025 Patched in 1.3.5 (6d)
CVE-2025-32196medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

News Kit Elementor Addons <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 4, 2025Unpatched
CVE-2024-54260medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

News Kit Elementor Addons <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 5, 2024Unpatched
CVE-2024-9541medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

News Kit Elementor Addons <= 1.2.1 - Authenticated (Contributor+) Sensitive Information Exposure via Canvas Menu Elementor Template

Oct 21, 2024 Patched in 1.2.2 (1d)
Code Analysis
Analyzed Mar 16, 2026

News Kit Addons For Elementor Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
6 prepared
Unescaped Output
245
2472 escaped
Nonce Checks
23
Capability Checks
9
File Operations
15
External Requests
3
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared6 total queries

Output Escaping

91% escaped2717 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

13 flows1 with unsanitized paths
admin_page_starter_sites_callback (admin\admin.php:484)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

News Kit Addons For Elementor Attack Surface

Entry Points28
Unprotected1

AJAX Handlers 28

authwp_ajax_nekit_render_mega_menu_modaladmin\admin.php:85
authwp_ajax_nekit_update_mega_menu_option_valadmin\admin.php:86
authwp_ajax_nekit_update_mega_menu_formadmin\admin.php:87
authwp_ajax_nekit_create_template_actionadmin\admin.php:88
authwp_ajax_nekit_update_templates_meta_actionadmin\admin.php:89
authwp_ajax_nekit_delete_template_actionadmin\admin.php:90
authwp_ajax_nekit_import_template_actionadmin\admin.php:91
authwp_ajax_nekit_install_importeradmin\admin.php:92
authwp_ajax_nekit_404_builder_activeadmin\admin.php:93
authwp_ajax_nekit_builder_activeadmin\admin.php:94
authwp_ajax_nekit_widgets_enable_disable_ajax_calladmin\admin.php:95
authwp_ajax_nekit_start_download_filesadmin\importer\importer.php:37
authwp_ajax_nekit_live_search_widget_posts_contentincludes\plugin.php:135
noprivwp_ajax_nekit_live_search_widget_posts_contentincludes\plugin.php:136
authwp_ajax_nekit_news_filter_tab_content_changeincludes\plugin.php:137
noprivwp_ajax_nekit_news_filter_tab_content_changeincludes\plugin.php:138
authwp_ajax_nekit_archive_posts_ajax_load_moreincludes\plugin.php:139
noprivwp_ajax_nekit_archive_posts_ajax_load_moreincludes\plugin.php:140
authwp_ajax_nekit_grid_widget_ajax_contentincludes\plugin.php:141
noprivwp_ajax_nekit_grid_widget_ajax_contentincludes\plugin.php:142
authwp_ajax_nekit_list_widget_ajax_contentincludes\plugin.php:143
noprivwp_ajax_nekit_list_widget_ajax_contentincludes\plugin.php:144
authwp_ajax_nekit_block_widget_ajax_contentincludes\plugin.php:145
noprivwp_ajax_nekit_block_widget_ajax_contentincludes\plugin.php:146
authwp_ajax_nekit_single_related_posts_widget_ajax_contentincludes\plugin.php:147
noprivwp_ajax_nekit_single_related_posts_widget_ajax_contentincludes\plugin.php:148
authwp_ajax_nekit_render_popup_modallibrary\library.php:58
authwp_ajax_nekit_import_widget_library_datalibrary\library.php:59
WordPress Hooks 66
actionadmin_menuadmin\admin.php:80
actionadmin_enqueue_scriptsadmin\admin.php:81
filteroption_elementor_cpt_supportadmin\admin.php:82
filterdefault_option_elementor_cpt_supportadmin\admin.php:83
actioninitadmin\admin.php:84
actionin_admin_headeradmin\admin.php:96
actiontemplate_includeadmin\admin.php:844
filterimport_post_meta_keyadmin\importer\class-wordpress-importer.php:179
filterhttp_request_timeoutadmin\importer\class-wordpress-importer.php:182
actionelementor/element/after_section_endcustom\custom-styles.php:12
actionelementor/element/parse_csscustom\custom-styles.php:13
actionelementor/element/section/section_background/after_section_endcustom\custom-styles.php:14
actionelementor/element/container/section_background/after_section_endcustom\custom-styles.php:15
actionelementor/element/container/section_background/after_section_endcustom\custom-styles.php:16
actionelementor/element/column/section_style/after_section_endcustom\custom-styles.php:17
actionshow_user_profilecustom\meta.php:138
actionedit_user_profilecustom\meta.php:139
actionpersonal_options_updatecustom\meta.php:221
actionedit_user_profile_updatecustom\meta.php:222
actionrest_api_initincludes\controls\select2-extend\select2-extend-api.php:35
actionelementor/initincludes\plugin.php:70
actionadmin_noticesincludes\plugin.php:85
actionadmin_noticesincludes\plugin.php:91
actionadmin_noticesincludes\plugin.php:97
actionelementor/frontend/after_enqueue_stylesincludes\plugin.php:129
actionelementor/frontend/after_register_scriptsincludes\plugin.php:130
actionelementor/preview/enqueue_scriptsincludes\plugin.php:131
actionelementor/preview/enqueue_stylesincludes\plugin.php:132
actionelementor/elements/categories_registeredincludes\plugin.php:133
filterelementor/editor/localize_settingsincludes\plugin.php:134
actionwpincludes\plugin.php:149
actionelementor/preview/initincludes\plugin.php:150
filteradmin_footer_textincludes\plugin.php:151
actionwp_footerincludes\plugin.php:158
filtertemplate_includeincludes\plugin.php:159
actionelementor/page_templates/canvas/nekit_print_contentincludes\plugin.php:160
actionget_headerincludes\plugin.php:294
actionelementor/page_templates/canvas/before_contentincludes\plugin.php:295
actionget_footerincludes\plugin.php:298
actionelementor/page_templates/canvas/after_contentincludes\plugin.php:299
actiontemplate_includeincludes\plugin.php:473
filternekit_posts_date_apply_url_filterincludes\vendors\filters.php:10
filternekit_posts_date_filterincludes\vendors\filters.php:13
filternekit_posts_comments_filterincludes\vendors\filters.php:16
filternekit_posts_author_apply_url_filterincludes\vendors\filters.php:19
filternekit_posts_author_filterincludes\vendors\filters.php:22
filternekit_posts_category_filterincludes\vendors\filters.php:26
filternekit_theme_builder_callback_value_filterincludes\vendors\filters.php:30
filternekit_array_pop_filterincludes\vendors\filters.php:42
filterbody_classincludes\vendors\filters.php:49
filternekit_radio_image_control_options_filterincludes\vendors\filters.php:54
filterget_the_archive_title_prefixincludes\widgets\archive\archive-title.php:204
filterget_the_archive_title_prefixincludes\widgets\archive\archive-title.php:211
filterwalker_nav_menu_start_elincludes\widgets\site-nav-mega-menu\site-nav-mega-menu.php:98
filterwalker_nav_menu_start_elincludes\widgets\site-nav-menu\site-nav-menu.php:98
actionelementor/widgets/registerincludes\widgets-manager.php:189
actionelementor/documents/registerincludes\widgets-manager.php:203
actionelementor/kit/register_tabsincludes\widgets-manager.php:219
actionelementor/controls/registerincludes\widgets-manager.php:239
actionelementor/editor/before_enqueue_styleslibrary\library.php:55
actionelementor/editor/after_enqueue_scriptslibrary\library.php:56
actionelementor/preview/enqueue_styleslibrary\library.php:57
actionplugins_loadednews-kit-elementor-addons.php:40
actionplugins_loadednews-kit-elementor-addons.php:52
actionwp_headnews-kit-elementor-addons.php:106
actionelementor/preview/initnews-kit-elementor-addons.php:159
Maintenance & Trust

News Kit Addons For Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 1, 2025
PHP min version5.6
Downloads58K

Community Trust

Rating66/100
Number of ratings4
Active installs4K
Alternatives

News Kit Addons For Elementor Alternatives

Sky Addons – Elementor Addons with Widgets & Templates

Sky Addons – Elementor Addons with Widgets & Templates

sky-elementor-addons

A
91

Sky Addons is a powerful and essential Elementor addon plugin with 105 widgets and 2,000+ ready Elementor templates and a complete Theme Builder.

2K 9 CVEs
Blog News Addons For Elementor (News, Magazine and Blog Addons)

Blog News Addons For Elementor (News, Magazine and Blog Addons)

blognews-for-elementor

A
100

Build news, magazine & blog sites with BlogNews for Elementor. 50+ widgets, 20+ templates, header/footer builder. No coding required!

300 No CVEs
PrimeKit Addons and Templates

PrimeKit Addons and Templates

primekit-addons

A
100

The Elementor Custom Widgets plugin by PrimeKit offers a Theme Builder, Pop-Ups, Forms, and WooCommerce tools to enhance your website’s look and feel.

80 No CVEs
Ansar Elements – News, Blog & Magazine Theme Builder for Elementor

Ansar Elements – News, Blog & Magazine Theme Builder for Elementor

ansar-elements

A
100

Lightweight Elementor addon for news, blog, and magazine websites with Post Query Loop Widget

20 No CVEs
Max Elements for Elementor – Advanced Widgets, Extensions & Theme Builder

Max Elements for Elementor – Advanced Widgets, Extensions & Theme Builder

max-elements

A
100

Unlock the full power of Elementor with Max Elements – advanced widgets, dynamic builders, WooCommerce support, popups, offcanvas, and more.

10 No CVEs
Developer Profile

News Kit Addons For Elementor Developer Profile

blazethemes

25 plugins · 36K total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
12 days
View full developer profile
Detection Fingerprints

How We Detect News Kit Addons For Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/news-kit-elementor-addons/assets/css/frontend.css/wp-content/plugins/news-kit-elementor-addons/assets/js/frontend.js
Script Paths
/wp-content/plugins/news-kit-elementor-addons/assets/js/frontend.js
Version Parameters
news-kit-elementor-addons/assets/css/frontend.css?ver=news-kit-elementor-addons/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
nekit-preloader-elmnekit-packmanpackman-wrapnekit-dot-loading-areanekit-dot-loadernekit-bar-loadernekit-bar-centernekit-bar-loading+11 more
Data Attributes
data-nekit-toggledata-nekit-targetdata-nekit-toggle-attrdata-nekit-animationdata-nekit-animation-delay
JS Globals
NekitFrontendNekitFrontendConfig
FAQ

Frequently Asked Questions about News Kit Addons For Elementor