Does Piotnet Addons For Elementor have any unpatched vulnerabilities?

Yes — Piotnet Addons For Elementor currently has 2 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is Piotnet Addons For Elementor compatible with WordPress 6.8.5?

According to WordPress.org data, Piotnet Addons For Elementor 2.4.36 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Piotnet Addons For Elementor compatible with PHP 5.4+?

Piotnet Addons For Elementor requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Piotnet Addons For Elementor updated?

Piotnet Addons For Elementor was last updated on Apr 23, 2025. Frequent updates are generally a positive security signal.

What is Piotnet Addons For Elementor's security score?

Piotnet Addons For Elementor has a WP-Safety security score of 54/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Piotnet Addons For Elementor Security & Risk Analysis

wordpress.org/plugins/piotnet-addons-for-elementor

Piotnet Addons For Elementor (PAFE) adds many new features for Elementor

30K active installs v2.4.36 PHP 5.4+ WP 4.7+ Updated Apr 23, 2025

elementor-addonsgradient-buttongradient-textimage-carousel-multiple-custom-urlspafe

C · Use Caution

CVEs total10

Unpatched2

Last CVEApr 17, 2025

Plugin page Download

Safety Verdict

Is Piotnet Addons For Elementor Safe to Use in 2026?

Use With Caution

Score 54/100

Piotnet Addons For Elementor has 2 unpatched vulnerabilities. Evaluate alternatives or apply available mitigations.

10 known CVEs 2 unpatched Last CVE: Apr 17, 2025Updated 11mo ago

Risk Assessment

The piotnet-addons-for-elementor plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query handling with 100% prepared statements and a high rate of output escaping (96%), significant concerns arise from its attack surface and lack of robust access controls. Four out of five identified entry points, specifically AJAX handlers, lack authentication checks, exposing them to unauthorized access and potential exploitation.

The static analysis also reveals the presence of dangerous functions like 'unserialize', which can be a vector for code injection if user-supplied data is not properly sanitized. Although taint analysis showed no immediate critical or high severity flows, the potential for 'unserialize' to be exploited remains. The plugin's vulnerability history is a major red flag, with a substantial number of known CVEs (10 total, 2 unpatched) and a recent vulnerability discovered in April 2025. The common vulnerability types, including XSS, Authorization Bypass, and Information Exposure, directly correlate with the identified weaknesses in the code analysis.

In conclusion, despite strengths in database interaction and output handling, the plugin's unauthenticated entry points and a history of significant vulnerabilities necessitate cautious use. The lack of nonce and capability checks on critical entry points, combined with the potential risks associated with 'unserialize' and the persistent unpatched vulnerabilities, present a considerable security risk that should be addressed by the developers.

Key Concerns

4 AJAX handlers without auth checks
2 unpatched CVEs
10 medium severity CVEs
Dangerous function: unserialize
0 Nonce checks
0 Capability checks

Vulnerabilities

Piotnet Addons For Elementor Security Vulnerabilities

CVEs by Year

6 CVEs in 2024

2024

4 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

10 total CVEs

CVE-2024-13650medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Piotnet Addons For Elementor <= 2.4.36 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 17, 2025Unpatched

CVE-2025-32197medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Piotnet Addons For Elementor <= 2.4.36 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 4, 2025Unpatched

CVE-2024-10775medium · 4.3Authorization Bypass Through User-Controlled Key

Piotnet Addons For Elementor <= 2.4.32 - Authenticated (Contributor+) Post Disclosure

Jan 14, 2025 Patched in 2.4.33 (1d)

CVE-2025-22333medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Piotnet Addons For Elementor <= 2.4.31 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 3, 2025 Patched in 2.4.32 (15d)

CVE-2024-5502medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Piotnet Addons For Elementor <= 2.4.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

Aug 22, 2024 Patched in 2.4.31 (1d)

CVE-2024-5614medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Piotnet Addons For Elementor <= 2.4.29 - Unauthenticated Sensitive Information Exposure

Jul 26, 2024 Patched in 2.4.30 (1d)

CVE-2024-4262medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Piotnet Addons For Elementor <= 2.4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Attributes

May 21, 2024 Patched in 2.4.29 (157d)

CVE-2024-4432medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Piotnet Addons For Elementor <= 2.4.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

May 17, 2024 Patched in 2.4.28 (1d)

CVE-2024-33630medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Piotnet Addons For Elementor <= 2.4.27 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 25, 2024 Patched in 2.4.28 (23d)

CVE-2024-29934medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Piotnet Addons For Elementor <= 2.4.25 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 25, 2024 Patched in 2.4.26 (17d)

Code Analysis

Analyzed Mar 16, 2026

Piotnet Addons For Elementor Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

266 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$hash = unserialize(file_get_contents("http://vimeo.com/api/v2/video/$video_id.php"));widgets\pafe-video-playlist.php:304

unserialize$hash = unserialize(file_get_contents("http://vimeo.com/api/v2/video/$video_id.php"));widgets\pafe-video-playlist.php:345

Output Escaping

96% escaped278 total outputs

Attack Surface

4 unprotected

Piotnet Addons For Elementor Attack Surface

Entry Points5

Unprotected4

AJAX Handlers 4

authwp_ajax_pafe_posts_listinc\ajax-posts-list.php:4

noprivwp_ajax_pafe_posts_listinc\ajax-posts-list.php:5

authwp_ajax_pafe_product_tabsinc\ajax-product-tab.php:4

noprivwp_ajax_pafe_product_tabsinc\ajax-product-tab.php:5

Shortcodes 1

[pafe-template] piotnet-addons-for-elementor.php:80

WordPress Hooks 47

filterelementor/initcontrols\controls-manager.php:20

filterelementor/controls/get_available_tabs_controlscontrols\controls-manager.php:22

actionelementor/element/common/_section_background/after_section_endcontrols\pafe-form-style.php:526

actionelementor/element/button/section_style/after_section_endcontrols\pafe-gradient-button.php:325

actionelementor/element/form/section_button_style/after_section_endcontrols\pafe-gradient-button.php:326

actionelementor/element/pafe-form-builder-submit/section_messages_style/after_section_endcontrols\pafe-gradient-button.php:327

actionelementor/element/heading/section_title_style/after_section_endcontrols\pafe-gradient-text.php:172

actionelementor/element/before_section_endcontrols\pafe-image-carousel-multiple-custom-urls.php:44

actionelementor/element/section/section_advanced/after_section_endcontrols\pafe-particles.php:263

actionelementor/element/container/section_layout/after_section_endcontrols\pafe-particles.php:264

actionelementor/frontend/section/before_rendercontrols\pafe-particles.php:265

actionelementor/frontend/container/before_rendercontrols\pafe-particles.php:266

actionelementor/element/section/section_advanced/after_section_endcontrols\pafe-tooltip.php:284

actionelementor/element/container/section_layout/after_section_endcontrols\pafe-tooltip.php:285

actionelementor/element/column/section_advanced/after_section_endcontrols\pafe-tooltip.php:286

actionelementor/element/common/_section_background/after_section_endcontrols\pafe-tooltip.php:287

actionelementor/frontend/section/before_rendercontrols\pafe-tooltip.php:288

actionelementor/frontend/column/before_rendercontrols\pafe-tooltip.php:289

actionelementor/frontend/container/before_rendercontrols\pafe-tooltip.php:290

actionelementor/frontend/widget/before_rendercontrols\pafe-tooltip.php:291

actioninitpiotnet-addons-for-elementor.php:40

actionwp_enqueue_scriptspiotnet-addons-for-elementor.php:61

actionelementor/frontend/after_register_scriptspiotnet-addons-for-elementor.php:65

actionelementor/frontend/after_enqueue_stylespiotnet-addons-for-elementor.php:66

actionplugins_loadedpiotnet-addons-for-elementor.php:69

actionadmin_initpiotnet-addons-for-elementor.php:71

actionelementor/elements/categories_registeredpiotnet-addons-for-elementor.php:72

filterelementor/initpiotnet-addons-for-elementor.php:74

filterelementor/controls/get_available_tabs_controlspiotnet-addons-for-elementor.php:75

filtermanage_elementor_library_posts_columnspiotnet-addons-for-elementor.php:83

actionmanage_elementor_library_posts_custom_columnpiotnet-addons-for-elementor.php:84

actioninitpiotnet-addons-for-elementor.php:92

filterdeprecated_function_trigger_errorpiotnet-addons-for-elementor.php:95

actionadmin_noticespiotnet-addons-for-elementor.php:130

actionadmin_noticespiotnet-addons-for-elementor.php:136

actionadmin_noticespiotnet-addons-for-elementor.php:142

actionelementor/widgets/widgets_registeredpiotnet-addons-for-elementor.php:148

actionelementor/widgets/registerpiotnet-addons-for-elementor.php:150

actionelementor/controls/controls_registeredpiotnet-addons-for-elementor.php:152

actionadmin_enqueue_scriptspiotnet-addons-for-elementor.php:153

filterplugin_row_metapiotnet-addons-for-elementor.php:155

actionadmin_menupiotnet-addons-for-elementor.php:156

actionwp_footerpiotnet-addons-for-elementor.php:157

actionadmin_initpiotnet-addons-for-elementor.php:289

filterwpml_elementor_widgets_to_translatewidgets\pafe-switch-content.php:640

filterwpml_elementor_widgets_to_translatewidgets\pafe-table.php:1139

filterwpml_elementor_widgets_to_translatewidgets\pafe-video-playlist.php:391

Maintenance & Trust

Piotnet Addons For Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 23, 2025

PHP min version5.4

Downloads699K

Community Trust

Rating64/100

Number of ratings57

Active installs30K

Alternatives

Piotnet Addons For Elementor Alternatives

Gradient Button for Elementor

gradient-button-for-elementor

100

Elementor Gradient Button is a simple gradient button addon for Elementor Page Builder.

2K No CVEs

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 21 CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Ultimate Addons for Elementor

header-footer-elementor

Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa …

2.0M 12 CVEs

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 35 CVEs

Developer Profile

Piotnet Addons For Elementor Developer Profile

piotnetdotcom

2 plugins · 32K total installs

trust score

Avg Security Score

35/100

Avg Patch Time

38 days

View full developer profile

Detection Fingerprints

How We Detect Piotnet Addons For Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/piotnet-addons-for-elementor/assets/css/minify/extension.min.css/wp-content/plugins/piotnet-addons-for-elementor/assets/js/minify/extension.min.js/wp-content/plugins/piotnet-addons-for-elementor/assets/css/minify/widget.min.css/wp-content/plugins/piotnet-addons-for-elementor/assets/js/minify/widget.min.js

Script Paths

assets/js/minify/extension.min.jsassets/js/minify/widget.min.js

Version Parameters

piotnet-addons-for-elementor/assets/css/minify/extension.min.css?ver=piotnet-addons-for-elementor/assets/js/minify/extension.min.js?ver=piotnet-addons-for-elementor/assets/css/minify/widget.min.css?ver=piotnet-addons-for-elementor/assets/js/minify/widget.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

elementor-shortcode-input

Data Attributes

data-pafe-ajax-url

Shortcode Output

[pafe-template id=

FAQ