WP-Safety

PDF for Elementor Forms + Drag And Drop Template Builder Security & Risk Analysis

wordpress.org/plugins/pdf-for-elementor-forms

Automatically generate, email, and download professional PDFs from Elementor Form submissions with a powerful, visual Drag & Drop Template Builder.

1K active installs v7.0.0 PHP 5.6+ WP 2.0+ Updated Apr 4, 2026
elementor-form-pdfelementor-forms-pdfelementor-pdfpdf-elementor
95
A · Safe
CVEs total3
Unpatched0
Last CVEFeb 11, 2026
Plugin page Download
Safety Verdict

Is PDF for Elementor Forms + Drag And Drop Template Builder Safe to Use in 2026?

Generally Safe

Score 95/100

PDF for Elementor Forms + Drag And Drop Template Builder has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Feb 11, 2026Updated 1mo ago
Risk Assessment

The 'pdf-for-elementor-forms' plugin v6.5.1 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices with a high percentage of SQL queries using prepared statements and a vast majority of output being properly escaped. The presence of nonce and capability checks on most entry points further contributes to its security. However, there are notable concerns that warrant attention. The analysis reveals one AJAX handler without authentication checks, presenting a potential entry point for unauthorized actions. The taint analysis flagged two flows with unsanitized paths, both classified as high severity, indicating potential risks related to how user-supplied data is processed. The plugin's history of three known CVEs, including one high and two medium severity vulnerabilities, despite none being currently unpatched, suggests a pattern of past security weaknesses. The common vulnerability types (Missing Authorization, XSS, Deserialization) align with the identified taint flow issues and the unprotected AJAX handler. While the plugin has made efforts to secure its code, the combination of an unprotected AJAX endpoint, high-severity taint flows, and a history of diverse vulnerabilities indicates a moderate to high-risk profile for this version.

Key Concerns

  • Unprotected AJAX handler found
  • High severity unsanitized path taint flows (2)
  • Previous high severity CVEs (1)
  • Previous medium severity CVEs (2)
Vulnerabilities
3 published

PDF for Elementor Forms + Drag And Drop Template Builder Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2026-22350medium · 4.3Missing Authorization

PDF for Elementor Forms + Drag And Drop Template Builder <= 6.3.1 - Missing Authorization

Feb 11, 2026 Patched in 6.5.0 (6d)
CVE-2025-58208medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PDF for Elementor Forms + Drag And Drop Template Builder <= 6.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 27, 2025 Patched in 6.3.0 (8d)
CVE-2025-60084high · 7.5Deserialization of Untrusted Data

PDF for Elementor Forms + Drag And Drop Template Builder <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection

Aug 22, 2025 Patched in 6.5.1 (162d)
Version History

PDF for Elementor Forms + Drag And Drop Template Builder Release Timeline

v7.0.0Current
v6.5.2
v6.5.1
v6.3.12 CVEs
CVE-2026-22350 CVE-2025-60084
v6.3.02 CVEs
CVE-2026-22350 CVE-2025-60084
v5.5.03 CVEs
CVE-2026-22350 CVE-2025-60084 CVE-2025-58208
v2.3.33 CVEs
CVE-2026-22350 CVE-2025-60084 CVE-2025-58208
v2.3.0.03 CVEs
CVE-2026-22350 CVE-2025-60084 CVE-2025-58208
v2.2.9.23 CVEs
CVE-2026-22350 CVE-2025-60084 CVE-2025-58208
Code Analysis
Analyzed Mar 16, 2026

PDF for Elementor Forms + Drag And Drop Template Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
10 prepared
Unescaped Output
13
273 escaped
Nonce Checks
10
Capability Checks
5
File Operations
4
External Requests
6
Bundled Libraries
2

Bundled Libraries

TinyMCETCPDF

SQL Query Safety

83% prepared12 total queries

Output Escaping

95% escaped286 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths
yeepdf_import_template (backend\ajax.php:15)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

PDF for Elementor Forms + Drag And Drop Template Builder Attack Surface

Entry Points13
Unprotected1

AJAX Handlers 8

authwp_ajax_yeepdf_builder_textbackend\ajax.php:8
authwp_ajax_yeepdf_builder_export_htmlbackend\ajax.php:9
authwp_ajax_pdf_reset_templatebackend\ajax.php:10
authwp_ajax_yeepdf_import_templatebackend\ajax.php:11
authwp_ajax_yeepdf_remove_fontbackend\settings.php:10
authwp_ajax_yeepdf_dropbox_client_id_validatebackend\settings.php:13
authwp_ajax_yeepdf_el_get_entrieselementor\index.php:21
authwp_ajax_yeekit_dismiss_notyyeekit\document.php:13

Shortcodes 5

[yeepdf_barcode] backend\shortcode.php:5
[yeepdf_barcode_new] backend\shortcode.php:6
[yeepdf_qrcode] backend\shortcode.php:7
[yeepdf_qrcode_new] backend\shortcode.php:8
[pdf_download] backend\shortcode.php:9
WordPress Hooks 99
actionadmin_initbackend\ajax.php:12
actionadd_meta_boxesbackend\ajax.php:13
actionbuilder_yeepdfsbackend\demo\templates_demo.php:5
actionyeepdf_builder_block_formsbackend\forms\checkbox.php:5
filteryeepdf_builder_block_htmlbackend\forms\checkbox.php:6
actionyeepdf_builder_tab_block_addonsbackend\forms\index.php:5
actionyeepdf_builder_block_formsbackend\forms\index.php:6
filteryeepdf_builder_block_htmlbackend\forms\index.php:7
actionyeepdf_builder_tab__editor_beforebackend\forms\index.php:8
actionyeepdf_builder_block_formsbackend\forms\radio.php:5
filteryeepdf_builder_block_htmlbackend\forms\radio.php:6
actionyeepdf_builder_block_formsbackend\forms\select.php:5
filteryeepdf_builder_block_htmlbackend\forms\select.php:6
actionyeepdf_builder_block_formsbackend\forms\textarea.php:5
filteryeepdf_builder_block_htmlbackend\forms\textarea.php:6
actionadmin_enqueue_scriptsbackend\index.php:8
actionadmin_headbackend\index.php:9
actioninitbackend\index.php:10
actionadd_meta_boxesbackend\index.php:11
filterget_sample_permalink_htmlbackend\index.php:12
actionsave_post_yeepdfbackend\index.php:13
filteradmin_body_classbackend\index.php:14
actionadmin_footerbackend\index.php:15
filterpost_row_actionsbackend\index.php:16
actionyeepdf_builder_tab__editor_beforebackend\index.php:17
actionyeepdf_header_settingsbackend\index.php:18
actionyeepdf_footer_settingsbackend\index.php:19
actionyeepdf_watermark_text_settingsbackend\index.php:20
actionyeepdf_watermark_img_settingsbackend\index.php:21
actionadmin_menubackend\settings.php:9
actionyeepdf_custom_sizesbackend\settings.php:11
actionadmin_initbackend\settings.php:12
actionyeepdf_after_settingsbackend\settings.php:14
filterupload_mimesbackend\settings.php:15
actionadmin_noticesbackend\settings.php:152
actionadmin_initbackend\settings.php:296
actionadmin_footerbackend\setup.php:5
filteryeepdf_builder_shortcodebackend\shortcode.php:24
filteryeepdf_builder_block_htmlbackend\templates\barcode_qrcode.php:6
actionyeepdf_builder_blockbackend\templates\barcode_qrcode.php:7
actionyeepdf_builder_tab_block_addonsbackend\templates\block_templates.php:3
actionyeepdf_builder_blockbackend\templates\breakpoint.php:3
filteryeepdf_builder_block_htmlbackend\templates\breakpoint.php:14
filteryeepdf_builder_block_htmlbackend\templates\button.php:14
actionyeepdf_builder_blockbackend\templates\divider.php:3
filteryeepdf_builder_block_htmlbackend\templates\divider.php:14
actionyeepdf_builder_tab__editorbackend\templates\editor.php:6
actionyeepdf_condition_settingsbackend\templates\editor.php:7
actionyeepdf_builder_tab_block_templatebackend\templates\image-box.php:3
filteryeepdf_builder_block_htmlbackend\templates\image-box.php:14
actionyeepdf_builder_tab_block_templatebackend\templates\image-list.php:3
filteryeepdf_builder_block_htmlbackend\templates\image-list.php:14
actionyeepdf_builder_blockbackend\templates\image.php:3
actionyeepdf_builder_block_htmlbackend\templates\image.php:14
actionyeepdf_builder_block_htmlbackend\templates\index.php:3
actionyeepdf_builder_blockbackend\templates\rotate-text.php:3
filteryeepdf_builder_block_htmlbackend\templates\rotate-text.php:14
actionyeepdf_builder_tab_block_rowbackend\templates\row.php:4
filteryeepdf_builder_block_htmlbackend\templates\row.php:68
actionyeepdf_builder_blockbackend\templates\signature.php:3
actionyeepdf_builder_block_htmlbackend\templates\signature.php:14
actionyeepdf_builder_blockbackend\templates\spacer.php:3
filteryeepdf_builder_block_htmlbackend\templates\spacer.php:14
actionyeepdf_builder_blockbackend\templates\table.php:6
filteryeepdf_builder_block_htmlbackend\templates\table.php:7
actionyeepdf_builder_tab__editor_beforebackend\templates\table.php:8
actionyeepdf_builder_tab_block_templatebackend\templates\text-list.php:3
filteryeepdf_builder_block_htmlbackend\templates\text-list.php:14
actionyeepdf_builder_blockbackend\templates\text.php:3
filteryeepdf_builder_block_htmlbackend\templates\text.php:14
actionyeepdf_builder_tab_block_templatebackend\templates\title.php:3
filteryeepdf_builder_block_htmlbackend\templates\title.php:14
filteryeepdf_shortcodeselementor\index.php:14
actionyeepdf_head_settingselementor\index.php:15
actionsave_post_yeepdfelementor\index.php:16
actionelementor_pro/forms/processelementor\index.php:17
actionelementor_pro/forms/new_recordelementor\index.php:18
actionadmin_enqueue_scriptselementor\index.php:19
filteryeepdf_builder_shortcodeelementor\index.php:22
filteryeepdf_output_htmlelementor\index.php:23
filteryeepdf_setup_idelementor\index.php:25
filteryeepdf_setup_typeelementor\index.php:26
filteryeepdf_setup_formselementor\index.php:27
filterwp_mailelementor\index.php:417
actionelementor_pro/forms/new_recordelementor\index.php:418
filterwp_mail_content_typefrontend\index.php:22
filterupload_mimesfrontend\index.php:23
actioninitfrontend\index.php:24
filterpdf_before_render_datasfrontend\index.php:25
filtertemplate_includefrontend\index.php:74
actionelementor_pro/forms/actions/registerpdf-for-elementor-forms.php:48
actionadmin_menuyeekit\document.php:10
actionadmin_enqueue_scriptsyeekit\document.php:11
filterfluentform_global_addonsyeekit\document.php:12
actionadmin_noticesyeekit\document.php:14
actionelementor/element/form/section_form_options/after_section_endyeekit\document.php:15
actionadmin_inityeekit\document.php:17
actionelementor/editor/after_enqueue_stylesyeekit\document.php:19
filterhttp_responseyeekit\document.php:208
Maintenance & Trust

PDF for Elementor Forms + Drag And Drop Template Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 4, 2026
PHP min version5.6
Downloads22K

Community Trust

Rating78/100
Number of ratings11
Active installs1K
Alternatives

PDF for Elementor Forms + Drag And Drop Template Builder Alternatives

PDF Generator for WordPress Elementor

PDF Generator for WordPress Elementor

pdf-generator-addon-for-elementor-page-builder

A
93

The ultimate WordPress PDF generator for Elementor. Easily export to PDF, add a download button, and convert WooCommerce products to PDF.

1K 4 CVEs
Developer Profile

PDF for Elementor Forms + Drag And Drop Template Builder Developer Profile

add-ons.org

59 plugins · 26K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
48 days
View full developer profile
Detection Fingerprints

How We Detect PDF for Elementor Forms + Drag And Drop Template Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pdf-for-elementor-forms/elementor/action-download.css/wp-content/plugins/pdf-for-elementor-forms/elementor/action-pdf.css/wp-content/plugins/pdf-for-elementor-forms/yeekit/document.css/wp-content/plugins/pdf-for-elementor-forms/elementor/widgets/pdf-form-widget.css/wp-content/plugins/pdf-for-elementor-forms/elementor/widgets/pdf-form-widget.js/wp-content/plugins/pdf-for-elementor-forms/yeekit/document.js/wp-content/plugins/pdf-for-elementor-forms/libs/js/pdfmake.min.js/wp-content/plugins/pdf-for-elementor-forms/libs/js/vfs_fonts.js
Script Paths
/wp-content/plugins/pdf-for-elementor-forms/elementor/action-download.js/wp-content/plugins/pdf-for-elementor-forms/elementor/action-pdf.js/wp-content/plugins/pdf-for-elementor-forms/yeekit/document.js/wp-content/plugins/pdf-for-elementor-forms/elementor/widgets/pdf-form-widget.js
Version Parameters
pdf-for-elementor-forms/elementor/action-download.css?ver=pdf-for-elementor-forms/elementor/action-pdf.css?ver=pdf-for-elementor-forms/yeekit/document.css?ver=pdf-for-elementor-forms/elementor/widgets/pdf-form-widget.css?ver=pdf-for-elementor-forms/elementor/widgets/pdf-form-widget.js?ver=pdf-for-elementor-forms/yeekit/document.js?ver=pdf-for-elementor-forms/libs/js/pdfmake.min.js?ver=pdf-for-elementor-forms/libs/js/vfs_fonts.js?ver=

HTML / DOM Fingerprints

CSS Classes
yeepdf-pdf-form-widgetpro_disablepro_disable_fff
HTML Comments
<!-- Upgrade to pro version --><!-- START: PDF Form Widget --><!-- END: PDF Form Widget -->
Data Attributes
data-elementor-device-modedata-elementor-iddata-elementor-typedata-yeepdf-custom-sizes
JS Globals
yeepdf_creator_builder_pathyeepdf_creator_builder_urlYeepdf_Creator_Form_Widget_BuilderYeepdf_Settings_Builder_PDF_Backendyeepdf_settings_backend_main
REST Endpoints
/wp-json/yeepdf/v1/get_template/wp-json/yeepdf/v1/save_template
Shortcode Output
[yeepdf_form_generator]
FAQ

Frequently Asked Questions about PDF for Elementor Forms + Drag And Drop Template Builder