WP-Safety

Sales Page Addon – Elementor & Beaver Builder Security & Risk Analysis

wordpress.org/plugins/sales-page-addon

Create beautiful Sales and Landing pages from easy to use templates.

40 active installs v1.4.5 PHP 7.4+ WP 6.3+ Updated Jan 28, 2025
builderelementorfunnellandingsales
71
B · Generally Safe
CVEs total1
Unpatched1
Last CVEOct 31, 2024
Plugin page Download
Safety Verdict

Is Sales Page Addon – Elementor & Beaver Builder Safe to Use in 2026?

Mostly Safe

Score 71/100

Sales Page Addon – Elementor & Beaver Builder is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Oct 31, 2024Updated 1yr ago
Risk Assessment

The sales-page-addon plugin exhibits a concerning security posture, primarily due to a significant number of unprotected AJAX handlers. While the plugin demonstrates good practices in its handling of SQL queries, utilizing prepared statements exclusively, and a relatively high percentage of properly escaped output, these strengths are overshadowed by critical weaknesses in access control. The presence of 8 AJAX handlers that lack authentication checks exposes a large attack surface to unauthorized users, potentially allowing them to trigger plugin functionalities without proper validation. Furthermore, the taint analysis reveals 3 flows with unsanitized paths, indicating potential vulnerabilities, although they are not currently classified as critical or high severity. The plugin's vulnerability history, including a medium severity Cross-Site Scripting (XSS) vulnerability discovered recently and remaining unpatched, further amplifies the risk. This suggests a pattern of introducing vulnerabilities and a lack of timely patching, which is a significant red flag for ongoing security. The combination of a broad, unprotected entry point and a history of unpatched vulnerabilities indicates a need for immediate attention to address these security gaps.

Key Concerns

  • Unprotected AJAX handlers
  • Unpatched CVE
  • Taint flows with unsanitized paths
  • Missing nonce checks on AJAX
  • Missing capability checks
Vulnerabilities
1

Sales Page Addon – Elementor & Beaver Builder Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-51585medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Sales Page Addon – Elementor & Beaver Builder <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 31, 2024Unpatched
Code Analysis
Analyzed Mar 16, 2026

Sales Page Addon – Elementor & Beaver Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
76
330 escaped
Nonce Checks
0
Capability Checks
0
File Operations
5
External Requests
1
Bundled Libraries
2

Bundled Libraries

jQueryFreemius1.0

Output Escaping

81% escaped406 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
sales_addon_info_grabber_cb (admin\partials\ajax.php:5)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Sales Page Addon – Elementor & Beaver Builder Attack Surface

Entry Points8
Unprotected8

AJAX Handlers 8

authwp_ajax_sales_addon_info_grabberadmin\partials\ajax.php:30
noprivwp_ajax_sales_addon_info_grabberadmin\partials\ajax.php:31
authwp_ajax_sales_addon_filteradmin\partials\ajax.php:73
noprivwp_ajax_sales_addon_filteradmin\partials\ajax.php:74
authwp_ajax_sales_addon_searchadmin\partials\ajax.php:101
noprivwp_ajax_sales_addon_searchadmin\partials\ajax.php:102
authwp_ajax_sales_addon_builder_changeadmin\partials\ajax.php:119
noprivwp_ajax_sales_addon_builder_changeadmin\partials\ajax.php:120
WordPress Hooks 37
actionadmin_menuadmin\partials\admin-menu.php:20
actionadmin_enqueue_scriptsadmin\partials\enqueue.php:19
filterelementor/icons_manager/additional_tabsadmin\partials\hook.php:37
filterfl_builder_icon_setsadmin\partials\hook.php:77
actionadmin_initadmin\partials\hook.php:107
filterupload_mimesadmin\partials\hook.php:121
actionplugins_loadedbeaver\bv-setup.php:12
actioninitbeaver\bv-setup.php:20
filterpage_attributes_dropdown_pages_argsbeaver\bv-setup.php:56
filtertheme_page_templatesbeaver\bv-setup.php:58
filterwp_insert_post_databeaver\bv-setup.php:60
filtertemplate_includebeaver\bv-setup.php:61
actionplugins_loadedbeaver\bv-setup.php:112
actionplugins_loadedelementor\em-setup.php:32
actionadmin_noticeselementor\em-setup.php:51
actionadmin_noticeselementor\em-setup.php:56
actionelementor/elements/categories_registeredelementor\em-setup.php:62
actionelementor/widgets/widgets_registeredelementor\em-setup.php:64
actionafter_switch_themeelementor\em-setup.php:161
actionpt-ocdi/after_content_import_executionelementor\em-setup.php:169
filterexcerpt_lengthelementor\em-setup.php:186
filterexcerpt_moreelementor\em-setup.php:217
filterconnect_urlsales-page-addon.php:108
filterafter_skip_urlsales-page-addon.php:109
filterafter_connect_urlsales-page-addon.php:110
filterafter_pending_connect_urlsales-page-addon.php:111
actionadmin_enqueue_scriptssales-page-addon.php:121
actionadmin_initsales-page-addon.php:130
actionadmin_initsales-page-addon.php:131
actionadmin_menusales-page-addon.php:133
actioninitsales-page-addon.php:199
actionadmin_noticessales-page-addon.php:222
actionadmin_noticessales-page-addon.php:226
actionadmin_noticessales-page-addon.php:252
actionelementor/editor/before_enqueue_scriptssales-page-addon.php:259
actionelementor/frontend/after_enqueue_scriptssales-page-addon.php:274
actionwp_enqueue_scriptssales-page-addon.php:318
Maintenance & Trust

Sales Page Addon – Elementor & Beaver Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJan 28, 2025
PHP min version7.4
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs40
Alternatives

Sales Page Addon – Elementor & Beaver Builder Alternatives

fluXtore Funnel Builder

fluXtore Funnel Builder

fluxtore

A
99

Easily create highly converting sales funnels!

100 1 CVE
EZFunnels

EZFunnels

ezfunnels

A
85

Connect your EZFunnels pages to your WordPress blog. Create custom URLs for your pages or set a funnelstep as homepage on your blog.

10 No CVEs
WP Funnel Manager

WP Funnel Manager

wp-funnel-manager

B
76

Organises content into multi-step funnels.

10 1 unpatched
Elementor Website Builder – More Than Just a Page Builder

Elementor Website Builder – More Than Just a Page Builder

elementor

A
88

The Elementor Website Builder has it all: drag and drop page builder, pixel perfect design, mobile responsive editing, and more. Get started now!

10.0M 46 CVEs
FunnelKit – Funnel Builder for WooCommerce Checkout

FunnelKit – Funnel Builder for WooCommerce Checkout

funnel-builder

B
82

Create high-converting WooCommerce checkout pages, WooCommerce thank you pages & sales funnels with the highest-rated WordPress funnel builder.

40K 12 CVEs
Developer Profile

Sales Page Addon – Elementor & Beaver Builder Developer Profile

nicheaddons

7 plugins · 19K total installs

75
trust score
Avg Security Score
82/100
Avg Patch Time
74 days
View full developer profile
Detection Fingerprints

How We Detect Sales Page Addon – Elementor & Beaver Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sales-page-addon/assets/css/admin-styles.css
Version Parameters
sales-page-addon/assets/css/admin-styles.css?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Sales Page Addon – Elementor & Beaver Builder