WP-Safety

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Security & Risk Analysis

wordpress.org/plugins/powerpack-lite-for-elementor

Elevate your Elementor experience with PowerPack, a comprehensive collection of free Elementor addons & widgets designed to supercharge your website.

80K active installs v2.9.11 PHP 7.4+ WP 6.3+ Updated Apr 1, 2026
elementorelementor-addonelementor-addonselementor-templateselementor-widgets
95
A · Safe
CVEs total13
Unpatched0
Last CVEMar 1, 2026
Plugin page Download
Safety Verdict

Is PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Safe to Use in 2026?

Generally Safe

Score 95/100

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

13 known CVEsLast CVE: Mar 1, 2026Updated 1mo ago
Risk Assessment

The powerpack-lite-for-elementor plugin v2.9.10 exhibits a generally strong security posture based on the static analysis, with a significant number of proper output escaping, nonces, and capability checks in place. The absence of unsanitized paths in taint analysis and the complete use of prepared statements for SQL queries are positive indicators. However, the presence of the `unserialize` function is a potential concern as it can lead to remote code execution vulnerabilities if user-supplied data is not strictly controlled and validated before being passed to it.

The vulnerability history reveals a substantial number of past medium-severity CVEs, with common types including Authorization Bypass, Cross-Site Scripting, and Cross-Site Request Forgery. While there are currently no unpatched vulnerabilities, the volume and nature of past issues suggest that the plugin has historically been a target and has had exploitable weaknesses. The fact that the last vulnerability was reported in September 2025 (which is in the future) may indicate a data error or a placeholder for a future event; if it represents a real historical vulnerability, it would be a significant concern.

Overall, the plugin demonstrates good security practices in its current code analysis, but the past vulnerability trend and the presence of `unserialize` warrant careful monitoring and diligent updates. The lack of currently unpatched vulnerabilities is reassuring, but the historical context suggests a need for ongoing vigilance.

Key Concerns

  • Presence of unserialize function
  • High number of past medium CVEs
Vulnerabilities
13 published

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Security Vulnerabilities

CVEs by Year

2 CVEs in 2021
2021
8 CVEs in 2024
2024
2 CVEs in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
13

13 total CVEs

CVE-2026-32430medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PowerPack Addons for Elementor <= 2.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 1, 2026 Patched in 2.9.10 (46d)
CVE-2025-8388medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PowerPack Lite for Elementor <= 2.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Via 'cursor_url'

Sep 9, 2025 Patched in 2.9.5 (1d)
CVE-2025-1512medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PowerPack Elementor Addons (Free Widgets, Extensions and Templates) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 31, 2025 Patched in 2.9.1 (1d)
CVE-2024-10692medium · 4.3Authorization Bypass Through User-Controlled Key

PowerPack Elementor Addons (Free Widgets, Extensions and Templates) <= 2.8.1 - Authenticated (Contributor+) Post Disclosure

Dec 5, 2024 Patched in 2.8.2 (1d)
CVE-2024-5787medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Effects Widget

Jun 12, 2024 Patched in 2.7.21 (1d)
CVE-2024-5327medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

May 29, 2024 Patched in 2.7.20 (1d)
CVE-2024-2492medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PowerPack Addons for Elementor <= 2.7.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Tweet Widget

Mar 29, 2024 Patched in 2.7.19 (12d)
CVE-2024-2491medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PowerPack Addons for Elementor <= 2.7.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via *_html_tag*

Mar 29, 2024 Patched in 2.7.18 (1d)
CVE-2024-1411medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PowerPack Addons for Elementor <= 2.7.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Buttons Widget

Feb 15, 2024 Patched in 2.7.16 (6d)
CVE-2024-1055medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 6, 2024 Patched in 2.7.15 (1d)
CVE-2023-6984medium · 5.3Cross-Site Request Forgery (CSRF)

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.13 - Cross-Site Request Forgery

Jan 2, 2024 Patched in 2.7.14 (210d)
CVE-2021-25027medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PowerPack Addons for Elementor <= 2.6.1 - Reflected Cross-Site Scripting

Dec 6, 2021 Patched in 2.6.2 (778d)
CVE-2021-24263medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PowerPack Addons for Elementor <= 2.3.1 - Contributor+ Stored Cross-Site Scripting

Apr 13, 2021 Patched in 2.3.2 (1015d)
Version History

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Release Timeline

v2.9.11Current
v2.9.10
v2.9.91 CVE
CVE-2026-32430
v2.9.81 CVE
CVE-2026-32430
v2.9.71 CVE
CVE-2026-32430
v2.9.61 CVE
CVE-2026-32430
v2.9.51 CVE
CVE-2026-32430
v2.9.42 CVEs
CVE-2025-8388 CVE-2026-32430
v2.9.32 CVEs
CVE-2025-8388 CVE-2026-32430
v2.9.22 CVEs
CVE-2025-8388 CVE-2026-32430
v2.9.12 CVEs
CVE-2025-8388 CVE-2026-32430
v2.9.03 CVEs
CVE-2025-8388 CVE-2025-1512 CVE-2026-32430
v2.8.43 CVEs
CVE-2025-8388 CVE-2025-1512 CVE-2026-32430
v2.8.33 CVEs
CVE-2025-8388 CVE-2025-1512 CVE-2026-32430
v2.8.23 CVEs
CVE-2025-8388 CVE-2025-1512 CVE-2026-32430
v2.8.14 CVEs
CVE-2025-8388 CVE-2025-1512 CVE-2026-32430 +1 more
v2.8.04 CVEs
CVE-2025-8388 CVE-2025-1512 CVE-2026-32430 +1 more
v2.7.284 CVEs
CVE-2025-8388 CVE-2025-1512 CVE-2026-32430 +1 more
v2.7.274 CVEs
CVE-2025-8388 CVE-2025-1512 CVE-2026-32430 +1 more
v2.7.264 CVEs
CVE-2025-8388 CVE-2025-1512 CVE-2026-32430 +1 more
Code Analysis
Analyzed Mar 16, 2026

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
4 prepared
Unescaped Output
45
983 escaped
Nonce Checks
9
Capability Checks
15
File Operations
0
External Requests
6
Bundled Libraries
1

Dangerous Functions Found

unserialize$field_settings = unserialize( $post->post_content );modules\query-control\types\acf.php:62
unserialize$field_settings = unserialize( $post->post_content );modules\query-control\types\acf.php:103

Bundled Libraries

jQuery

SQL Query Safety

100% prepared4 total queries

Output Escaping

96% escaped1028 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

3 flows
save_extensions (classes\class-pp-admin-settings.php:517)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 3

authwp_ajax_pp_dismiss_admin_noticeincludes\admin\feedback\class-pp-tracking.php:85
authwp_ajax_pp_get_postmodules\posts\module.php:26
noprivwp_ajax_pp_get_postmodules\posts\module.php:27
WordPress Hooks 128
actionelementor/frontend/after_enqueue_scriptsbase\extension-base.php:65
actionelementor/frontend/after_enqueue_stylesbase\extension-base.php:68
actionelementor/widgets/registerbase\module-base.php:83
filterupgrade_powerpack_titlebase\powerpack-widget.php:39
filterupgrade_powerpack_messagebase\powerpack-widget.php:40
actionplugins_loadedclasses\class-pp-admin-settings.php:34
actionadmin_menuclasses\class-pp-admin-settings.php:50
actionadmin_initclasses\class-pp-admin-settings.php:66
actionelementor/initclasses\class-pp-templates-lib.php:54
actionelementor/editor/after_enqueue_scriptsclasses\class-pp-templates-lib.php:55
actionelementor/ajax/register_actionsclasses\class-pp-templates-lib.php:56
actionelementor/editor/footerclasses\class-pp-templates-lib.php:57
filterwpml_elementor_widgets_to_translateclasses\class-pp-wpml.php:10
actionelementor/element/section/section_background/after_section_endextensions\animated-gradient-background.php:126
actionelementor/element/container/section_background/after_section_endextensions\animated-gradient-background.php:136
actionelementor/element/section/section_powerpack_elements_background_effects/before_section_endextensions\animated-gradient-background.php:254
actionelementor/element/container/section_powerpack_elements_background_effects/before_section_endextensions\animated-gradient-background.php:264
actionelementor/frontend/section/before_renderextensions\animated-gradient-background.php:273
actionelementor/frontend/container/before_renderextensions\animated-gradient-background.php:274
actionelementor/section/print_templateextensions\animated-gradient-background.php:276
actionelementor/container/print_templateextensions\animated-gradient-background.php:277
actionelementor/element/section/section_advanced/after_section_endextensions\custom-cursor.php:97
actionelementor/element/column/section_advanced/after_section_endextensions\custom-cursor.php:104
actionelementor/element/common/_section_style/after_section_endextensions\custom-cursor.php:111
actionelementor/element/container/section_layout/after_section_endextensions\custom-cursor.php:118
actionelementor/element/section/section_powerpack_elements_advanced/before_section_endextensions\custom-cursor.php:378
actionelementor/element/column/section_powerpack_elements_advanced/before_section_endextensions\custom-cursor.php:383
actionelementor/element/common/section_powerpack_elements_advanced/before_section_endextensions\custom-cursor.php:388
actionelementor/element/container/section_powerpack_elements_advanced/before_section_endextensions\custom-cursor.php:393
actionelementor/frontend/before_renderextensions\custom-cursor.php:398
actionelementor/element/common/_section_style/after_section_endextensions\display-conditions.php:85
actionelementor/element/column/section_advanced/after_section_endextensions\display-conditions.php:92
actionelementor/element/section/section_advanced/after_section_endextensions\display-conditions.php:99
actionelementor/element/container/section_layout/after_section_endextensions\display-conditions.php:106
actionelementor/element/section/section_advanced/after_section_endextensions\wrapper-link.php:94
actionelementor/element/column/section_advanced/after_section_endextensions\wrapper-link.php:101
actionelementor/element/common/_section_style/after_section_endextensions\wrapper-link.php:108
actionelementor/element/container/section_layout/after_section_endextensions\wrapper-link.php:115
actionelementor/element/section/section_powerpack_elements_advanced/before_section_endextensions\wrapper-link.php:176
actionelementor/element/column/section_powerpack_elements_advanced/before_section_endextensions\wrapper-link.php:181
actionelementor/element/common/section_powerpack_elements_advanced/before_section_endextensions\wrapper-link.php:186
actionelementor/element/container/section_powerpack_elements_advanced/before_section_endextensions\wrapper-link.php:191
actionelementor/frontend/before_renderextensions\wrapper-link.php:196
actionadmin_initincludes\admin\feedback\class-pp-tracking.php:78
actionadmin_enqueue_scriptsincludes\admin\feedback\class-pp-tracking.php:79
actionadmin_footerincludes\admin\feedback\class-pp-tracking.php:80
actionadmin_footer-plugins.phpincludes\admin\feedback\class-pp-tracking.php:81
actionadmin_noticesincludes\admin\feedback\class-pp-tracking.php:182
actionadmin_noticesincludes\admin\feedback\class-pp-tracking.php:183
actionelementor/frontend/after_register_stylesmodules\advanced-accordion\module.php:13
actionelementor/frontend/after_register_stylesmodules\business-hours\module.php:13
actionelementor/frontend/after_register_stylesmodules\buttons\module.php:13
actionelementor/frontend/after_register_stylesmodules\contact-form-seven\module.php:13
actionelementor/frontend/after_register_stylesmodules\content-reveal\module.php:15
actionelementor/frontend/after_register_stylesmodules\content-ticker\module.php:13
actionelementor/frontend/after_register_stylesmodules\counter\module.php:15
actionelementor/element/common/section_powerpack_elements_advanced/before_section_endmodules\display-conditions\module.php:253
actionelementor/element/column/section_powerpack_elements_advanced/before_section_endmodules\display-conditions\module.php:258
actionelementor/element/section/section_powerpack_elements_advanced/before_section_endmodules\display-conditions\module.php:263
actionelementor/element/container/section_powerpack_elements_advanced/before_section_endmodules\display-conditions\module.php:268
filterelementor/frontend/widget/should_rendermodules\display-conditions\module.php:273
actionelementor/frontend/widget/before_rendermodules\display-conditions\module.php:274
filterelementor/frontend/column/should_rendermodules\display-conditions\module.php:277
actionelementor/frontend/column/before_rendermodules\display-conditions\module.php:278
filterelementor/frontend/section/should_rendermodules\display-conditions\module.php:281
actionelementor/frontend/section/before_rendermodules\display-conditions\module.php:282
filterelementor/frontend/container/should_rendermodules\display-conditions\module.php:285
actionelementor/frontend/container/before_rendermodules\display-conditions\module.php:286
actionelementor/frontend/after_register_stylesmodules\divider\module.php:15
actionelementor/frontend/after_register_stylesmodules\flipbox\module.php:15
actionelementor/frontend/after_register_stylesmodules\fluent-forms\module.php:15
actionelementor/frontend/after_register_stylesmodules\formidable-forms\module.php:15
actionelementor/frontend/after_register_stylesmodules\gravity-forms\module.php:15
actionelementor/frontend/after_register_stylesmodules\headings\module.php:15
actionelementor/frontend/after_register_stylesmodules\hotspots\module.php:15
actionelementor/frontend/after_register_stylesmodules\icon-list\module.php:15
actionelementor/frontend/after_register_stylesmodules\image-accordion\module.php:15
actionelementor/frontend/after_register_stylesmodules\image-comparison\module.php:15
actionelementor/frontend/after_register_stylesmodules\info-box\module.php:15
actionelementor/frontend/after_register_stylesmodules\info-list\module.php:15
actionelementor/frontend/after_register_stylesmodules\info-table\module.php:15
actionelementor/frontend/after_register_stylesmodules\instafeed\module.php:15
actionelementor/frontend/after_register_stylesmodules\interactive-circle\module.php:15
actionelementor/frontend/after_register_stylesmodules\link-effects\module.php:15
actionelementor/frontend/after_register_stylesmodules\logos\module.php:15
actionelementor/frontend/after_register_stylesmodules\ninja-forms\module.php:15
actionpre_get_postsmodules\posts\module.php:23
filterfound_postsmodules\posts\module.php:24
actionelementor/frontend/after_register_stylesmodules\posts\module.php:29
actionelementor/element/pp-posts/section_skin_field/before_section_endmodules\posts\skins\skin-base.php:37
actionelementor/element/pp-posts/section_query/after_section_endmodules\posts\skins\skin-base.php:38
actionelementor/element/pp-posts/section_query/after_section_endmodules\posts\skins\skin-base.php:39
filterexcerpt_lengthmodules\posts\skins\skin-base.php:4848
filterexcerpt_moremodules\posts\skins\skin-base.php:4849
actionpre_get_postsmodules\posts\widgets\posts-base.php:1013
actionpre_get_postsmodules\posts\widgets\posts-base.php:1021
filterfound_postsmodules\posts\widgets\posts-base.php:1022
actionpre_get_postsmodules\posts\widgets\posts-base.php:1039
actionelementor/frontend/after_register_stylesmodules\pricing\module.php:15
actionelementor/frontend/after_register_stylesmodules\progress-bar\module.php:15
actionelementor/frontend/after_register_stylesmodules\promo-box\module.php:15
actionelementor/ajax/register_actionsmodules\query-control\module.php:79
filterposts_wheremodules\query-control\types\acf.php:56
filterposts_wheremodules\query-control\types\pods.php:56
actionelementor/frontend/after_register_stylesmodules\random-image\module.php:15
actionelementor/frontend/after_register_stylesmodules\scroll-image\module.php:15
actionelementor/frontend/after_register_stylesmodules\team-member\module.php:15
actionelementor/frontend/after_register_stylesmodules\wpforms\module.php:13
actionelementor/initplugin.php:648
actionelementor/elements/categories_registeredplugin.php:649
actionelementor/controls/registerplugin.php:651
actionelementor/controls/registerplugin.php:652
actionwp_enqueue_scriptsplugin.php:654
actionelementor/editor/before_enqueue_scriptsplugin.php:655
actionelementor/frontend/before_enqueue_scriptsplugin.php:656
actionelementor/editor/after_enqueue_scriptsplugin.php:658
actionelementor/editor/after_enqueue_stylesplugin.php:659
actionelementor/preview/enqueue_stylesplugin.php:661
actionelementor/frontend/after_register_scriptsplugin.php:663
actionelementor/frontend/after_enqueue_stylesplugin.php:664
filterelementor/editor/localize_settingsplugin.php:666
actionplugins_loadedpowerpack-lite-elementor.php:157
actionadmin_noticespowerpack-lite-elementor.php:162
actionadmin_noticespowerpack-lite-elementor.php:168
actionadmin_initpowerpack-lite-elementor.php:169
actionadmin_noticespowerpack-lite-elementor.php:175
actionadmin_initpowerpack-lite-elementor.php:176
filterplugin_row_metapowerpack-lite-elementor.php:248
Maintenance & Trust

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 1, 2026
PHP min version7.4
Downloads3.4M

Community Trust

Rating96/100
Number of ratings361
Active installs80K
Alternatives

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Alternatives

Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 59 CVEs
Premium Addons for Elementor – Powerful Elementor Templates & Widgets

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

A
95

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 36 CVEs
Royal Addons for Elementor – Addons and Templates Kit for Elementor

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

B
82

Elementor templates, Header footer builder, Elementor Post Grid, Woocommerce Grid builder, Slider, Forms, Gallery, Nav menu addons, Elementor widgets.

600K 76 CVEs
Unlimited Elements For Elementor

Unlimited Elements For Elementor

unlimited-elements-for-elementor

B
76

Elementor all-in-one addons pack with the best widgets for Elementor, offering 100+ free widgets, templates, and tools to create stunning websites!

300K 31 CVEs
Element Pack – Widgets, Templates & Addons for Elementor

Element Pack – Widgets, Templates & Addons for Elementor

bdthemes-element-pack-lite

A
89

Elementor addons with 300+ widgets, templates, WooCommerce widgets, mega menu, header footer builder, and powerful design extensions.

100K 38 CVEs
Developer Profile

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Developer Profile

IdeaBox Creations

8 plugins · 112K total installs

71
trust score
Avg Security Score
88/100
Avg Patch Time
193 days
View full developer profile
Detection Fingerprints

How We Detect PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/powerpack-lite-for-elementor/assets/css/powerpack-lite-editor.css/wp-content/plugins/powerpack-lite-for-elementor/assets/css/powerpack-lite-frontend.css/wp-content/plugins/powerpack-lite-for-elementor/assets/js/powerpack-lite-editor.js/wp-content/plugins/powerpack-lite-for-elementor/assets/js/powerpack-lite-frontend.js
Version Parameters
powerpack-lite-for-elementor/assets/css/powerpack-lite-editor.css?ver=powerpack-lite-for-elementor/assets/css/powerpack-lite-frontend.css?ver=powerpack-lite-for-elementor/assets/js/powerpack-lite-editor.js?ver=powerpack-lite-for-elementor/assets/js/powerpack-lite-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
pp-widget-wrappp-advanced-heading-titlepp-buttons-wrappp-content-switcher-tabs-listpp-dual-button-wrappp-feature-list-wrappp-flip-box-wrappp-icon-box-wrap+23 more
HTML Comments
<!-- Start PowerPack Lite for Elementor --><!-- End PowerPack Lite for Elementor --><!-- pp-heading-wrap --><!-- /pp-heading-wrap -->+228 more
Data Attributes
data-pp-iddata-pp-tooltip-contentdata-pp-aligndata-pp-animationdata-pp-animation-delaydata-pp-animation-duration+287 more
JS Globals
PowerPackElementsLite
FAQ

Frequently Asked Questions about PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)