Does Premium Addons for KingComposer have any unpatched vulnerabilities?

Yes — Premium Addons for KingComposer currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Premium Addons for KingComposer compatible with WordPress 5.2.24?

According to WordPress.org data, Premium Addons for KingComposer 1.1.1 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is Premium Addons for KingComposer compatible with PHP 5.6+?

Premium Addons for KingComposer requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Premium Addons for KingComposer updated?

Premium Addons for KingComposer was last updated on Aug 8, 2019. Frequent updates are generally a positive security signal.

What is Premium Addons for KingComposer's security score?

Premium Addons for KingComposer has a WP-Safety security score of 61/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Premium Addons for KingComposer Security & Risk Analysis

wordpress.org/plugins/premium-addons-for-kingcomposer

Tons of unique shortcodes elements addon for KingComposer Page Builder.

70 active installs v1.1.1 PHP 5.6+ WP 4.7+ Updated Aug 8, 2019

frameworkkingcomposershortcodestoolkit

C · Use Caution

CVEs total1

Unpatched1

Last CVEAug 11, 2025

Plugin page Download

Safety Verdict

Is Premium Addons for KingComposer Safe to Use in 2026?

Use With Caution

Score 61/100

Premium Addons for KingComposer has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Aug 11, 2025Updated 6yr ago

Risk Assessment

The plugin 'premium-addons-for-kingcomposer' v1.1.1 exhibits a mixed security posture. While it demonstrates good practices in output escaping and avoids dangerous functions, file operations, and external HTTP requests, significant concerns arise from its attack surface and vulnerability history. A substantial number of AJAX handlers (26) lack authentication checks, presenting a considerable risk for unauthorized actions. The taint analysis also reveals a high number of flows with unsanitized paths, indicating potential weaknesses that could be exploited to manipulate data or application behavior, even without critical or high severity findings in this specific analysis.

The vulnerability history is a major red flag, with one known and currently unpatched high-severity CVE related to 'Improper Control of Filename for Include/Require Statement'. This pattern suggests a recurring weakness in how the plugin handles file inclusion, which is a critical vulnerability type. The presence of an unpatched high-severity CVE is a strong indicator of immediate risk that needs to be addressed. The plugin has a relatively small number of nonce checks for its attack surface, which further exacerbates the risk of the unprotected AJAX handlers.

In conclusion, while the plugin has some positive security attributes, the large number of unprotected AJAX endpoints, the concerning taint analysis results, and especially the unpatched high-severity RFI vulnerability create a significant risk profile. This plugin should be treated with caution, and users should be strongly advised to update to a patched version if available or to disable it until the identified vulnerabilities are resolved.

Key Concerns

Unpatched High Severity CVE
AJAX handlers without auth checks
Flows with unsanitized paths
SQL queries not using prepared statements
Missing nonce checks on AJAX handlers

Vulnerabilities

Premium Addons for KingComposer Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2025-49036high · 8.1Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Premium Addons for KingComposer <= 1.1.1 - Unauthenticated Local File Inclusion

Aug 11, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Premium Addons for KingComposer Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

976 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared2 total queries

Output Escaping

92% escaped1058 total outputs

Data Flows

12 unsanitized

Data Flow Analysis

14 flows12 with unsanitized paths

print_icons (core\class-icon-manager.php:99)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

26 unprotected

Premium Addons for KingComposer Attack Surface

Entry Points54

Unprotected26

AJAX Handlers 26

authwp_ajax_icon_managercore\class-icon-manager.php:30

noprivwp_ajax_icon_managercore\class-icon-manager.php:31

authwp_ajax_add_custom_sidebarcore\class-sidebar.php:22

noprivwp_ajax_add_custom_sidebarcore\class-sidebar.php:23

authwp_ajax_remove_custom_sidebarcore\class-sidebar.php:25

noprivwp_ajax_remove_custom_sidebarcore\class-sidebar.php:26

authwp_ajax_octagon_get_media_preview_ajaxcore\helper-functions.php:899

noprivwp_ajax_octagon_get_media_preview_ajaxcore\helper-functions.php:900

authwp_ajax_octagon_add_compare_products_ajaxincludes\class-woo-hooks.php:22

noprivwp_ajax_octagon_add_compare_products_ajaxincludes\class-woo-hooks.php:23

authwp_ajax_octagon_remove_compare_products_ajaxincludes\class-woo-hooks.php:28

noprivwp_ajax_octagon_remove_compare_products_ajaxincludes\class-woo-hooks.php:29

authwp_ajax_octagon_wishlist_ajaxincludes\class-woo-hooks.php:34

noprivwp_ajax_octagon_wishlist_ajaxincludes\class-woo-hooks.php:35

authwp_ajax_octagon_remove_wishlist_ajaxincludes\class-woo-hooks.php:40

noprivwp_ajax_octagon_remove_wishlist_ajaxincludes\class-woo-hooks.php:41

authwp_ajax_octagon_quick_view_ajaxincludes\class-woo-hooks.php:46

noprivwp_ajax_octagon_quick_view_ajaxincludes\class-woo-hooks.php:47

authwp_ajax_octagon_kc_elements_content_type_list_loadmoremodules\content-type-list.php:26

noprivwp_ajax_octagon_kc_elements_content_type_list_loadmoremodules\content-type-list.php:27

authwp_ajax_octagon_kc_elements_content_type_loadmoremodules\content-type.php:28

noprivwp_ajax_octagon_kc_elements_content_type_loadmoremodules\content-type.php:29

authwp_ajax_octagon_kc_elements_portfolio_loadmoremodules\portfolio.php:26

noprivwp_ajax_octagon_kc_elements_portfolio_loadmoremodules\portfolio.php:27

authwp_ajax_octagon_kc_elements_products_loadmoremodules\products.php:26

noprivwp_ajax_octagon_kc_elements_products_loadmoremodules\products.php:27

Shortcodes 28

[octagon_kc_elements_advance_button] modules\advance-button.php:20

[octagon_kc_elements_advance_counter] modules\advance-counter.php:20

[octagon_kc_elements_compare_products] modules\compare-products.php:20

[octagon_kc_elements_content_type_list] modules\content-type-list.php:24

[octagon_kc_elements_content_type_slider] modules\content-type-slider.php:26

[octagon_kc_elements_content_type] modules\content-type.php:26

[octagon_kc_elements_google_map] modules\google-map.php:20

[octagon_kc_elements_gradient_text] modules\gradient-text.php:20

[octagon_kc_elements_icon_box] modules\icon-box.php:20

[octagon_kc_elements_image_box] modules\image-box.php:20

[octagon_kc_elements_image_mask] modules\image-mask.php:20

[octagon_kc_elements_info_icons] modules\info-icons.php:20

[octagon_kc_elements_portfolio_extend_slider] modules\portfolio-extend-slider.php:24

[octagon_kc_elements_portfolio_slider] modules\portfolio-slider.php:24

[octagon_kc_elements_portfolio] modules\portfolio.php:24

[octagon_kc_elements_products_list] modules\products-list.php:24

[octagon_products_slider] modules\products-slider.php:24

[octagon_products] modules\products.php:24

[octagon_kc_elements_slick_gallery] modules\slick-gallery.php:20

[octagon_kc_elements_slide_all] modules\slide-all.php:20

[octagon_kc_elements_slider_revolution] modules\slider-revolution.php:20

[octagon_kc_elements_table] modules\table.php:20

[octagon_kc_elements_team_slider] modules\team-slider.php:22

[octagon_kc_elements_team] modules\team.php:22

[octagon_kc_elements_testimonial_slider] modules\testimonial-slider.php:20

[octagon_kc_elements_timeline] modules\timeline.php:20

[octagon_kc_elements_video_popup] modules\video-popup.php:20

[octagon_kc_elements_wishlist] modules\wishlist.php:20

WordPress Hooks 65

actioninitbuilder\class-builder.php:28

filterkc_enqueue_stylesbuilder\class-builder.php:29

filteroctagon-el-classbuilder\class-builder.php:30

actionadmin_menucore\class-admin-page.php:25

actionwp_enqueue_scriptscore\class-custom-css.php:34

actioncustomize_save_aftercore\class-custom-css.php:35

actionwp_headcore\class-custom-css.php:105

filterpost_row_actionscore\class-duplicate-post.php:20

filterpage_row_actionscore\class-duplicate-post.php:21

actionadmin_action_duplicate_postcore\class-duplicate-post.php:22

actionedit_form_after_titlecore\class-duplicate-post.php:23

actionwp_enqueue_scriptscore\class-enqueue-fonts.php:20

actionwp_enqueue_scriptscore\class-enqueue-scripts.php:20

actionadmin_enqueue_scriptscore\class-enqueue-scripts.php:21

actioninitcore\class-icon-manager.php:24

actionadmin_menucore\class-icon-manager.php:25

actionadmin_enqueue_scriptscore\class-icon-manager.php:27

actionwp_enqueue_scriptscore\class-icon-manager.php:28

actionadd_meta_boxescore\class-metabox.php:22

actionsave_postcore\class-metabox.php:23

actionafter_setup_themecore\class-post-columns.php:22

actionadmin_action_feature_postcore\class-post-columns.php:23

actioninitcore\class-post-type.php:22

actionwidgets_initcore\class-sidebar.php:20

actionafter_setup_themecore\class-taxonomy-image.php:20

actioninitcore\customize-options.php:28

actionwp_footercore\theme-hooks.php:16

filterplugin_row_metaincludes\class-admin-page.php:19

actionadmin_menuincludes\class-admin-page.php:20

filteroctagon_enqueue_fonts_listincludes\class-enqueue-fonts.php:19

actionwp_enqueue_scriptsincludes\class-enqueue-scripts.php:20

actioninitincludes\customize-options.php:28

filteruse_block_editor_for_post_typeincludes\helper-functions.php:14

actioninitincludes\init-meta-fields.php:18

actioninitmodules\advance-button.php:19

actioninitmodules\advance-counter.php:19

actioninitmodules\compare-products.php:19

actioninitmodules\content-type-list.php:23

actioninitmodules\content-type-slider.php:25

actioninitmodules\content-type.php:25

actioninitmodules\google-map.php:19

actioninitmodules\gradient-text.php:19

actioninitmodules\icon-box.php:19

actioninitmodules\image-box.php:19

actioninitmodules\image-mask.php:19

actioninitmodules\info-icons.php:19

actioninitmodules\portfolio-extend-slider.php:23

actioninitmodules\portfolio-slider.php:23

actioninitmodules\portfolio.php:23

actioninitmodules\products-list.php:23

actioninitmodules\products-slider.php:23

actioninitmodules\products.php:23

actioninitmodules\slick-gallery.php:19

actioninitmodules\slide-all.php:19

actioninitmodules\slider-revolution.php:19

actioninitmodules\table.php:19

actioninitmodules\team-slider.php:21

actioninitmodules\team.php:21

actioninitmodules\testimonial-slider.php:19

actioninitmodules\timeline.php:19

actioninitmodules\video-popup.php:19

actioninitmodules\wishlist.php:19

actionplugins_loadedoctagon-kc-elements.php:161

actionadmin_noticesoctagon-kc-elements.php:195

actionplugins_loadedoctagon-kc-elements.php:204

Maintenance & Trust

Premium Addons for KingComposer Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedAug 8, 2019

PHP min version5.6

Downloads2K

Community Trust

Rating30/100

Number of ratings2

Active installs70

Alternatives

Premium Addons for KingComposer Alternatives

Octagon Elements for Elementor

octagon-elements-lite-for-elementor

100

Tons of unique shortcodes elements addon for Elementor Page Builder.

10 No CVEs

Kirki Customizer Framework

kirki

100

The Ultimate Customizer Framework for WordPress Theme Developers

500K No CVEs

Elements For Elementor

nd-elements

The plugin adds some useful elements to the Elementor Page Builder Plugin. All components are full responsive and retina ready.

10K 2 CVEs

Woo Framework Shortcodes

woo-framework-shortcodes

WooThemes uses WooFramework which comes with loads of shortcodes, if you have used the theme for a while you may have used the

80 No CVEs

scbFramework

scb-framework

A set of useful classes for faster plugin development.

10 No CVEs

Developer Profile

Premium Addons for KingComposer Developer Profile

octagonwebstudio

2 plugins · 80 total installs

trust score

Avg Security Score

81/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Premium Addons for KingComposer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/premium-addons-for-kingcomposer/assets/css/shortcodes.css/wp-content/plugins/premium-addons-for-kingcomposer/assets/js/shortcodes.js/wp-content/plugins/premium-addons-for-kingcomposer/assets/css/custom-styles.css/wp-content/plugins/premium-addons-for-kingcomposer/assets/js/frontend.js/wp-content/plugins/premium-addons-for-kingcomposer/core/js/octagon-core.js

Script Paths

/wp-content/plugins/premium-addons-for-kingcomposer/assets/js/shortcodes.js/wp-content/plugins/premium-addons-for-kingcomposer/assets/js/frontend.js/wp-content/plugins/premium-addons-for-kingcomposer/core/js/octagon-core.js

Version Parameters

premium-addons-for-kingcomposer/assets/css/shortcodes.css?ver=premium-addons-for-kingcomposer/assets/js/shortcodes.js?ver=premium-addons-for-kingcomposer/assets/css/custom-styles.css?ver=premium-addons-for-kingcomposer/assets/js/frontend.js?ver=premium-addons-for-kingcomposer/core/js/octagon-core.js?ver=

HTML / DOM Fingerprints

CSS Classes

octagon-elements

HTML Comments

/**
 * Do not touch this file! This file created by PHP
 * Last modified time:

Do not touch this file! This file created by PHPLast modified time:

Data Attributes

data-elementor-setting-key

JS Globals

octagon_minify

Shortcode Output

[octagon_icon_box[octagon_gallery[octagon_skills[octagon_tab

FAQ