Does Selection Lite have any unpatched vulnerabilities?

No. All known vulnerabilities in Selection Lite have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Selection Lite compatible with WordPress 6.7.5?

According to WordPress.org data, Selection Lite 1.15 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Selection Lite compatible with PHP 7.4+?

Selection Lite requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Selection Lite updated?

Selection Lite was last updated on Dec 18, 2024. Frequent updates are generally a positive security signal.

What is Selection Lite's security score?

Selection Lite has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Selection Lite Security & Risk Analysis

wordpress.org/plugins/selection-lite

The Selection Lite Elementor widgets pack of items! This is just the initial version of a huge product we're excited to bring to the world.

10K active installs v1.15 PHP 7.4+ WP 5.0+ Updated Dec 18, 2024

elementorheader-and-footerpackselectiontemplates

A · Safe

CVEs total2

Unpatched0

Last CVEOct 24, 2024

Plugin page Download

Safety Verdict

Is Selection Lite Safe to Use in 2026?

Generally Safe

Score 91/100

Selection Lite has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Oct 24, 2024Updated 1yr ago

Risk Assessment

The "selection-lite" plugin v1.15 exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and performing proper output escaping on almost all outputs. The presence of nonce and capability checks, albeit limited, is also a positive sign. However, a significant concern arises from the presence of an unprotected REST API route, which represents a direct entry point into the application that is not subject to any authorization or permission checks. This is a critical oversight that could lead to unauthorized actions or data exposure if that route is accessible and handles sensitive operations.

The static analysis did not reveal any critical or high-severity taint flows, which is reassuring. The absence of dangerous function usage and shortcodes further limits the potential attack vectors. However, the plugin's vulnerability history is a red flag. It has two known medium-severity CVEs, both related to Cross-Site Scripting (XSS). The fact that these vulnerabilities exist, even if currently patched, suggests a recurring weakness in how user-supplied input is handled, despite the otherwise good output escaping statistics. The recent vulnerability discovery date also indicates that these issues have been present relatively recently.

In conclusion, while "selection-lite" v1.15 shows strengths in areas like SQL security and output sanitization, the unprotected REST API route is a major security flaw that needs immediate attention. The history of XSS vulnerabilities, even if medium severity and currently patched, indicates a potential for insecure input handling that warrants careful review. Developers should prioritize addressing the unprotected REST API and rigorously audit input sanitization processes to prevent future XSS or similar injection attacks.

Key Concerns

Unprotected REST API route
Two medium severity XSS vulnerabilities in history

Vulnerabilities

Selection Lite Security Vulnerabilities

CVEs by Year

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-50445medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Selection Lite <= 1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 24, 2024 Patched in 1.14 (7d)

CVE-2024-43147medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Selection Lite <= 1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 7, 2024 Patched in 1.12 (8d)

Code Analysis

Analyzed Mar 16, 2026

Selection Lite Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

478 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

99% escaped484 total outputs

Attack Surface

1 unprotected

Selection Lite Attack Surface

Entry Points1

Unprotected1

REST API Routes 1

GET/wp-json/template-kit/v1/idsrc\Merkulove\SelectionLite\TemplateKitStyles.php:66

WordPress Hooks 31

actioninitselection-lite.php:77

actioninitselection-lite.php:94

actionplugins_loadedselection-lite.php:178

actionwp_enqueue_scriptssrc\Merkulove\SelectionLite\Caster.php:110

actionelementor/elements/categories_registeredsrc\Merkulove\SelectionLite\Caster.php:129

actioncurrent_screensrc\Merkulove\SelectionLite\Caster.php:132

actioncurrent_screensrc\Merkulove\SelectionLite\Caster.php:135

actionadmin_noticessrc\Merkulove\SelectionLite\Caster.php:138

actionadmin_footersrc\Merkulove\SelectionLite\Caster.php:139

actionadmin_body_classsrc\Merkulove\SelectionLite\Caster.php:425

actionelementor/editor/before_enqueue_stylessrc\Merkulove\SelectionLite\Elementor.php:70

actionelementor/widgets/widgets_registeredsrc\Merkulove\SelectionLite\Elementor.php:96

actionelementor/element/section/section_advanced/after_section_endsrc\Merkulove\SelectionLite\StickyEffect.php:44

actionelementor/element/column/section_advanced/after_section_endsrc\Merkulove\SelectionLite\StickyEffect.php:46

actionelementor/frontend/after_enqueue_scriptssrc\Merkulove\SelectionLite\StickyEffect.php:48

actionelementor/frontend/after_enqueue_stylessrc\Merkulove\SelectionLite\StickyEffect.php:50

actionadmin_enqueue_scriptssrc\Merkulove\SelectionLite\TabCustomCSS.php:35

actionrest_api_initsrc\Merkulove\SelectionLite\TemplateKitStyles.php:44

actionwp_after_insert_postsrc\Merkulove\SelectionLite\TemplateKitStyles.php:58

actionadmin_enqueue_scriptssrc\Merkulove\Unity\AdminScripts.php:45

actionadmin_enqueue_scriptssrc\Merkulove\Unity\AdminStyles.php:45

actionadmin_noticessrc\Merkulove\Unity\CheckCompatibility.php:140

actionelementor/widgets/widgets_registeredsrc\Merkulove\Unity\Elementor.php:55

actionin_admin_headersrc\Merkulove\Unity\PluginHelper.php:59

actionadmin_enqueue_scriptssrc\Merkulove\Unity\PluginHelper.php:62

actionadmin_enqueue_scriptssrc\Merkulove\Unity\PluginHelper.php:77

actionadmin_enqueue_scriptssrc\Merkulove\Unity\PluginHelper.php:80

filteradmin_footer_textsrc\Merkulove\Unity\PluginHelper.php:162

filterupdate_footersrc\Merkulove\Unity\PluginHelper.php:163

actionadmin_menusrc\Merkulove\Unity\Settings.php:207

actionadmin_initsrc\Merkulove\Unity\Settings.php:208

Maintenance & Trust

Selection Lite Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedDec 18, 2024

PHP min version7.4

Downloads77K

Community Trust

Rating0/100

Number of ratings0

Active installs10K

Alternatives

Selection Lite Alternatives

Header Footer Builder for Elementor

header-footer-builder-for-elementor

100

Header Footer Builder for Eelementor for WordPress & WooCommerce. Beginner-friendly, eCommerce-ready, optimized and fully compatible Plugin.

10K No CVEs

Starter Templates – AI-Powered Templates for Elementor & Gutenberg

astra-sites

The growing library of 300+ ready-to-use templates that work with all WordPress themes including Astra, Hello, OceanWP, GeneratePress and more

2.0M 7 CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 35 CVEs

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

Elementor templates, Header footer builder, Elementor Post Grid, Woocommerce Grid builder, Slider, Forms, Gallery, Nav menu addons, Elementor widgets.

600K 1 unpatched

Developer Profile

Selection Lite Developer Profile

merkulove

3 plugins · 10K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect Selection Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/selection-lite/assets/css/backend.min.css/wp-content/plugins/selection-lite/assets/css/frontend.min.css/wp-content/plugins/selection-lite/assets/js/backend.min.js/wp-content/plugins/selection-lite/assets/js/frontend.min.js

Script Paths

/wp-content/plugins/selection-lite/assets/js/backend.min.js/wp-content/plugins/selection-lite/assets/js/frontend.min.js

Version Parameters

/wp-content/plugins/selection-lite/assets/css/backend.min.css?ver=/wp-content/plugins/selection-lite/assets/css/frontend.min.css?ver=/wp-content/plugins/selection-lite/assets/js/backend.min.js?ver=/wp-content/plugins/selection-lite/assets/js/frontend.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

mdp-widgeter-elementor-title-icon

FAQ