WP-Safety

Octagon Elements for Elementor Security & Risk Analysis

wordpress.org/plugins/octagon-elements-lite-for-elementor

Tons of unique shortcodes elements addon for Elementor Page Builder.

10 active installs v1.4 PHP 7.0+ WP 5.0+ Updated Unknown
custom-iconselementorframeworkshortcodestoolkit
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Octagon Elements for Elementor Safe to Use in 2026?

Generally Safe

Score 100/100

Octagon Elements for Elementor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The plugin "octagon-elements-lite-for-elementor" v1.4 exhibits a concerning security posture primarily due to a vast attack surface consisting of 47 unprotected AJAX handlers. While the static analysis reveals no critical or high-severity taint flows and a relatively low percentage of SQL queries not using prepared statements, the sheer number of unprotected entry points is a significant risk. The lack of capability checks on all identified AJAX handlers means that any user, regardless of their role or permissions, could potentially interact with these endpoints, opening the door for various attacks if the handlers themselves are vulnerable to input manipulation.

The absence of any recorded CVEs suggests a history of responsible development or a lack of public discovery of vulnerabilities. However, this should not be a substitute for robust security practices within the code itself. The plugin has a good rate of output escaping (82%), which mitigates some risks related to cross-site scripting (XSS), but the 18% of unescaped outputs, combined with the unprotected AJAX handlers, could still lead to XSS if malicious input is processed by those handlers.

In conclusion, while the plugin demonstrates some good practices like a high rate of proper output escaping and a clean vulnerability history, the massive unprotected attack surface from AJAX handlers is a major weakness. This drastically increases the potential impact of any future vulnerabilities discovered or introduced. The plugin needs to implement proper authentication and authorization checks on all its AJAX endpoints to significantly improve its security.

Key Concerns

  • All AJAX handlers lack authentication checks
  • Large attack surface without authentication
  • 18% of output is not properly escaped
  • Half of SQL queries do not use prepared statements
  • 8 flows with unsanitized paths
Vulnerabilities
None known

Octagon Elements for Elementor Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Octagon Elements for Elementor Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
1 prepared
Unescaped Output
172
791 escaped
Nonce Checks
7
Capability Checks
0
File Operations
3
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

50% prepared2 total queries

Output Escaping

82% escaped963 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

18 flows8 with unsanitized paths
octagon_get_media_preview_ajax (core\helper-functions.php:1087)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
47 unprotected

Octagon Elements for Elementor Attack Surface

Entry Points47
Unprotected47

AJAX Handlers 47

authwp_ajax_add_custom_sidebarcore\class-sidebar.php:20
noprivwp_ajax_add_custom_sidebarcore\class-sidebar.php:21
authwp_ajax_remove_custom_sidebarcore\class-sidebar.php:23
noprivwp_ajax_remove_custom_sidebarcore\class-sidebar.php:24
authwp_ajax_octagon_get_media_preview_ajaxcore\helper-functions.php:1075
noprivwp_ajax_octagon_get_media_preview_ajaxcore\helper-functions.php:1076
authwp_ajax_icon_managercore\icon-manager\class-icon-manager.php:36
noprivwp_ajax_icon_managercore\icon-manager\class-icon-manager.php:37
authwp_ajax_regenerate_iconcore\icon-manager\class-icon-manager.php:39
authwp_ajax_delete_iconcore\icon-manager\class-icon-manager.php:40
authwp_ajax_render_available_iconscore\icon-manager\class-icon-manager.php:41
authwp_ajax_all_singular_postscore\select2-data.php:19
noprivwp_ajax_all_singular_postscore\select2-data.php:20
authwp_ajax_oee_select2_datascore\select2-data.php:22
noprivwp_ajax_oee_select2_datascore\select2-data.php:23
authwp_ajax_octagon_post_likesincludes\class-ajax-calls.php:28
noprivwp_ajax_octagon_post_likesincludes\class-ajax-calls.php:29
authwp_ajax_octagon_content_type_loadmoreincludes\class-ajax-calls.php:33
noprivwp_ajax_octagon_content_type_loadmoreincludes\class-ajax-calls.php:34
authwp_ajax_octagon_content_type_list_loadmoreincludes\class-ajax-calls.php:38
noprivwp_ajax_octagon_content_type_list_loadmoreincludes\class-ajax-calls.php:39
authwp_ajax_octagon_portfolio_loadmoreincludes\class-ajax-calls.php:43
noprivwp_ajax_octagon_portfolio_loadmoreincludes\class-ajax-calls.php:44
authwp_ajax_octagon_products_loadmoreincludes\class-ajax-calls.php:48
noprivwp_ajax_octagon_products_loadmoreincludes\class-ajax-calls.php:49
authwp_ajax_octagon_loginincludes\class-ajax-calls.php:53
noprivwp_ajax_octagon_loginincludes\class-ajax-calls.php:54
authwp_ajax_octagon_lost_passwordincludes\class-ajax-calls.php:58
noprivwp_ajax_octagon_lost_passwordincludes\class-ajax-calls.php:59
authwp_ajax_octagon_reset_passwordincludes\class-ajax-calls.php:65
noprivwp_ajax_octagon_reset_passwordincludes\class-ajax-calls.php:66
authwp_ajax_octagon_registerincludes\class-ajax-calls.php:70
noprivwp_ajax_octagon_registerincludes\class-ajax-calls.php:71
authwp_ajax_octagon_update_profileincludes\class-ajax-calls.php:75
noprivwp_ajax_octagon_update_profileincludes\class-ajax-calls.php:76
authwp_ajax_octagon_products_searchincludes\class-ajax-calls.php:80
noprivwp_ajax_octagon_products_searchincludes\class-ajax-calls.php:81
authwp_ajax_octagon_add_compare_productsincludes\class-ajax-calls.php:86
noprivwp_ajax_octagon_add_compare_productsincludes\class-ajax-calls.php:87
authwp_ajax_octagon_remove_compare_productsincludes\class-ajax-calls.php:92
noprivwp_ajax_octagon_remove_compare_productsincludes\class-ajax-calls.php:93
authwp_ajax_octagon_wishlistincludes\class-ajax-calls.php:98
noprivwp_ajax_octagon_wishlistincludes\class-ajax-calls.php:99
authwp_ajax_octagon_remove_wishlistincludes\class-ajax-calls.php:104
noprivwp_ajax_octagon_remove_wishlistincludes\class-ajax-calls.php:105
authwp_ajax_octagon_quick_viewincludes\class-ajax-calls.php:110
noprivwp_ajax_octagon_quick_viewincludes\class-ajax-calls.php:111
WordPress Hooks 67
actionelementor/elements/categories_registeredbuilder\class-builder.php:20
actionelementor/editor/before_enqueue_scriptsbuilder\class-builder.php:21
actionelementor/element/section/section_layout/before_section_endbuilder\class-builder.php:70
actionadmin_menucore\class-admin-page.php:23
actionwp_enqueue_scriptscore\class-custom-css.php:32
actioncustomize_save_aftercore\class-custom-css.php:33
actionwp_headcore\class-custom-css.php:109
actionwp_enqueue_scriptscore\class-enqueue-fonts.php:18
actionwp_enqueue_scriptscore\class-enqueue-scripts.php:18
actionadmin_enqueue_scriptscore\class-enqueue-scripts.php:19
actionadd_meta_boxescore\class-metabox.php:20
actionsave_postcore\class-metabox.php:21
filterpost_row_actionscore\class-post-row-actions.php:18
filterpage_row_actionscore\class-post-row-actions.php:19
actionadmin_action_duplicate_postcore\class-post-row-actions.php:20
actionedit_form_after_titlecore\class-post-row-actions.php:21
actioninitcore\class-post-type.php:20
actionwidgets_initcore\class-sidebar.php:18
actionafter_setup_themecore\class-taxonomy-image.php:17
actionadmin_menucore\icon-manager\class-icon-manager.php:30
filterupload_mimescore\icon-manager\class-icon-manager.php:32
actionadmin_enqueue_scriptscore\icon-manager\class-icon-manager.php:34
actionwp_setup_nav_menu_itemcore\megamenu\class-megamenu.php:20
actionwp_update_nav_menu_itemcore\megamenu\class-megamenu.php:21
filterwp_edit_nav_menu_walkercore\megamenu\class-megamenu.php:22
actionadmin_initcore\template-builder\class-template-builder.php:33
actioninitcore\template-builder\class-template-builder.php:35
actionsave_postcore\template-builder\class-template-builder.php:37
actionwpcore\template-builder\class-template-builder.php:38
filtersingle_templatecore\template-builder\class-template-builder.php:40
actionget_headercore\template-builder\class-template-builder.php:207
actionget_footercore\template-builder\class-template-builder.php:208
actionwp_footercore\theme-hooks.php:13
actioncurrent_screenincludes\class-admin-list-table.php:22
actioncheck_ajax_refererincludes\class-admin-list-table.php:23
filterplugin_row_metaincludes\class-admin-page.php:20
actionadmin_menuincludes\class-admin-page.php:21
filterretrieve_password_messageincludes\class-ajax-calls.php:61
filteroctagon_enqueue_fonts_listincludes\class-enqueue-fonts.php:17
actionwp_enqueue_scriptsincludes\class-enqueue-scripts.php:18
actionwp_enqueue_scriptsincludes\class-enqueue-scripts.php:19
actionelementor/frontend/before_enqueue_scriptsincludes\class-enqueue-scripts.php:20
filterelementor/icons_manager/additional_tabsincludes\class-icon-manager.php:17
filteroctagon_duplicate_post_redirectincludes\class-post-row-actions.php:17
filteruse_block_editor_for_post_typeincludes\helper-functions.php:12
actioninitincludes\init-meta-fields.php:16
filterdisable_months_dropdownincludes\list-tables\class-admin-list-table-member.php:23
actionrestrict_manage_postsincludes\list-tables\class-admin-list-table-member.php:26
filterdisable_months_dropdownincludes\list-tables\class-admin-list-table-portfolio.php:23
actionrestrict_manage_postsincludes\list-tables\class-admin-list-table-portfolio.php:26
actionadmin_action_feature_postincludes\list-tables\class-admin-list-table-post.php:26
filterdisable_months_dropdownincludes\list-tables\class-admin-list-table-templates.php:23
actionrestrict_manage_postsincludes\list-tables\class-admin-list-table-templates.php:26
filterparse_queryincludes\list-tables\class-admin-list-table-templates.php:27
actionadmin_action_ajax_stateincludes\list-tables\class-admin-list-table-templates.php:29
filterdisable_months_dropdownincludes\list-tables\class-admin-list-table-testimonial.php:23
actionrestrict_manage_postsincludes\list-tables\class-admin-list-table-testimonial.php:26
filterparse_queryincludes\list-tables\class-admin-list-table-testimonial.php:27
actionelementor/widgets/widgets_registeredmodules\initialize-elements.php:39
actioninitoctagon-elements-lite-for-elementor.php:187
actioninitoctagon-elements-lite-for-elementor.php:188
actionplugins_loadedoctagon-elements-lite-for-elementor.php:189
actionplugins_loadedoctagon-elements-lite-for-elementor.php:190
actionbody_classoctagon-elements-lite-for-elementor.php:192
actionadmin_noticesoctagon-elements-lite-for-elementor.php:300
actionadmin_noticesoctagon-elements-lite-for-elementor.php:306
actionadmin_noticesoctagon-elements-lite-for-elementor.php:312
Maintenance & Trust

Octagon Elements for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedUnknown
PHP min version7.0
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Octagon Elements for Elementor Alternatives

Elements For Elementor

Elements For Elementor

nd-elements

A
90

The plugin adds some useful elements to the Elementor Page Builder Plugin. All components are full responsive and retina ready.

10K 2 CVEs
Premium Addons for KingComposer

Premium Addons for KingComposer

premium-addons-for-kingcomposer

C
61

Tons of unique shortcodes elements addon for KingComposer Page Builder.

70 1 unpatched
Kirki Customizer Framework

Kirki Customizer Framework

kirki

A
100

The Ultimate Customizer Framework for WordPress Theme Developers

500K No CVEs
Skyboot Custom Icons for Elementor

Skyboot Custom Icons for Elementor

skyboot-custom-icons-for-elementor

A
100

Skyboot Custom Icons for Elementor expands your Elementor icon library with 14,300+ icons from 15 packs, fully customizable in Elementor's editor.

200K No CVEs
Apollo13 Framework Extensions

Apollo13 Framework Extensions

apollo13-framework-extensions

A
95

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs
Developer Profile

Octagon Elements for Elementor Developer Profile

octagonwebstudio

2 plugins · 80 total installs

81
trust score
Avg Security Score
81/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Octagon Elements for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/octagon-elements-lite-for-elementor/core/octagon-core.php/wp-content/plugins/octagon-elements-lite-for-elementor/includes/helper-functions.php/wp-content/plugins/octagon-elements-lite-for-elementor/includes/class-ajax-calls.php/wp-content/plugins/octagon-elements-lite-for-elementor/includes/init-content-types.php/wp-content/plugins/octagon-elements-lite-for-elementor/includes/init-meta-fields.php/wp-content/plugins/octagon-elements-lite-for-elementor/includes/class-enqueue-fonts.php/wp-content/plugins/octagon-elements-lite-for-elementor/includes/class-enqueue-scripts.php/wp-content/plugins/octagon-elements-lite-for-elementor/includes/class-icon-manager.php+8 more
Script Paths
/wp-content/plugins/octagon-elements-lite-for-elementor/assets/js/frontend.min.js
Version Parameters
/wp-content/plugins/octagon-elements-lite-for-elementor/assets/js/frontend.min.js?ver=/wp-content/plugins/octagon-elements-lite-for-elementor/assets/css/frontend.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
oee-advance-buttonoee-advance-counteroee-gradient-textoee-image-boxoee-icon-boxoee-image-maskoee-info-iconsoee-cards+23 more
JS Globals
oee_frontend_ajax_object
REST Endpoints
/wp-json/oee/v1/ajax
FAQ

Frequently Asked Questions about Octagon Elements for Elementor