WP-Safety

ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution Security & Risk Analysis

wordpress.org/plugins/shopengine

WooCommerce builder for Elementor and Gutenberg. It offers product templates, product sliders, shopping cart, quick view, Woo wishlist, product filter …

90K active installs v4.8.8 PHP 7.4+ WP + Updated Feb 16, 2026
cross-sellelementor-woocommerceshopping-cartwoocommerce-add-onwoocommerce-builder
96
A · Safe
CVEs total4
Unpatched0
Last CVEDec 2, 2025
Plugin page Download
Safety Verdict

Is ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution Safe to Use in 2026?

Generally Safe

Score 96/100

ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Dec 2, 2025Updated 1mo ago
Risk Assessment

ShopEngine v4.8.8 presents a mixed security posture. While the plugin demonstrates good practices in areas like prepared SQL statements and output escaping, significant concerns arise from its unprotected entry points and past vulnerability history. The presence of two unprotected entry points, one AJAX handler and one REST API route, directly exposes the application to potential unauthorized actions if not properly secured by the surrounding WordPress environment. The historical vulnerability data, particularly the prevalence of Incorrect/Missing Authorization and CSRF, suggests a recurring pattern of authorization weaknesses. Although there are no currently unpatched CVEs, the past occurrence of medium and low severity vulnerabilities indicates a potential for future issues if authorization logic is not rigorously implemented and reviewed.

While the plugin boasts a high percentage of properly escaped outputs and a moderate number of nonce checks, these strengths are overshadowed by the identified unprotected entry points and the historical trend of authorization flaws. The use of `unserialize` is a red flag, though its context isn't provided, and the taint analysis showing flows with unsanitized paths warrants further investigation to ensure these do not lead to exploitable vulnerabilities. The overall risk is moderate, primarily due to the readily accessible unprotected endpoints and the historical tendency towards authorization vulnerabilities. It is crucial for users to ensure strong WordPress security practices are in place, and for the developers to prioritize a thorough review of all entry points for authorization and sanitization.

Key Concerns

  • Unprotected AJAX handler
  • Unprotected REST API route
  • Dangerous function unserialize found
  • Flows with unsanitized paths detected
  • History of missing/incorrect authorization
  • History of CSRF vulnerabilities
Vulnerabilities
4

ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2
Low
2

4 total CVEs

CVE-2025-12358medium · 4.3Cross-Site Request Forgery (CSRF)

ShopEngine <= 4.8.5 - Cross-Site Request Forgery to Wishlist Manipulation

Dec 2, 2025 Patched in 4.8.6 (1d)
CVE-2025-11888low · 2.7Incorrect Authorization

ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update

Oct 24, 2025 Patched in 4.8.5 (1d)
CVE-2025-10173low · 2.7Missing Authorization

ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.3 - Insufficient Authorization to Authenticated (Editor+) Settings Update

Sep 25, 2025 Patched in 4.8.4 (1d)
CVE-2022-45371medium · 5.4Cross-Site Request Forgery (CSRF)

ShopEngine <= 4.1.1 - Cross-Site Request Forgery via get_product

Apr 19, 2023 Patched in 4.1.2 (279d)
Code Analysis
Analyzed Mar 16, 2026

ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution Code Analysis

Dangerous Functions
1
Raw SQL Queries
4
19 prepared
Unescaped Output
68
755 escaped
Nonce Checks
18
Capability Checks
11
File Operations
2
External Requests
5
Bundled Libraries
1

Dangerous Functions Found

unserialize$strings = unserialize( $strings );core\multi-language\language.php:41

Bundled Libraries

Select2

SQL Query Safety

83% prepared23 total queries

Output Escaping

92% escaped823 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

11 flows6 with unsanitized paths
rum_importer (core\export-import\import.php:12)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution Attack Surface

Entry Points7
Unprotected2

AJAX Handlers 6

authwp_ajax_shopengine_add_new_attributemodules\swatches\admin-product.php:17
authwp_ajax_shopengine_swatch_image_on_loop_productsmodules\swatches\frontend.php:29
noprivwp_ajax_shopengine_swatch_image_on_loop_productsmodules\swatches\frontend.php:30
authwp_ajax_shopengine_admin_actionplugin.php:37
authwp_ajax_wpmet-noticesutils\notice\notice.php:366
authwp_ajax_shopengine-noticesutils\notice.php:21

REST API Routes 1

GET/wp-json/shopengine/v1advanced-searchwidgets\advanced-search\advanced-search-config.php:37
WordPress Hooks 173
actionrest_api_initbase\api.php:24
actioninitbase\cpt.php:32
actionelementor/element/before_section_startcompatibility\conflicts\manifest.php:11
actionelementor/element/before_section_startcompatibility\conflicts\manifest.php:12
actionwoocommerce_after_order_notescompatibility\conflicts\manifest.php:47
actionwpcompatibility\conflicts\manifest.php:54
actionwoocommerce_before_main_contentcompatibility\conflicts\theme-hooks.php:85
actionwoocommerce_after_main_contentcompatibility\conflicts\theme-hooks.php:89
actionwoocommerce_sidebarcompatibility\conflicts\theme-hooks.php:93
actionwoocommerce_shop_loop_item_titlecompatibility\conflicts\theme-hooks.php:97
actionwoocommerce_after_shop_loop_item_titlecompatibility\conflicts\theme-hooks.php:101
actionwoocommerce_before_shop_loop_item_titlecompatibility\conflicts\theme-hooks.php:105
actionwoocommerce_after_shop_loop_itemcompatibility\conflicts\theme-hooks.php:125
actionwoocommerce_before_shop_loop_item_titlecompatibility\conflicts\theme-hooks.php:170
actionwoocommerce_before_shop_loop_itemcompatibility\conflicts\theme-hooks.php:174
actionwoocommerce_after_shop_loop_itemcompatibility\conflicts\theme-hooks.php:178
actionwoocommerce_after_shop_loop_itemcompatibility\conflicts\theme-hooks.php:182
actionwoocommerce_shop_loop_item_titlecompatibility\conflicts\theme-hooks.php:186
actionwoocommerce_after_shop_loop_item_titlecompatibility\conflicts\theme-hooks.php:191
actionwoocommerce_before_shop_loop_item_titlecompatibility\conflicts\theme-hooks.php:307
actionwoocommerce_after_shop_loop_itemcompatibility\conflicts\theme-hooks.php:481
actionwoocommerce_after_shop_loop_item_titlecompatibility\conflicts\theme-hooks.php:486
actionwoocommerce_shop_loop_item_titlecompatibility\conflicts\theme-hooks.php:491
actionwoocommerce_after_shop_loop_item_titlecompatibility\conflicts\theme-hooks.php:496
actionwoocommerce_before_shop_loop_item_titlecompatibility\conflicts\theme-hooks.php:501
actionwoocommerce_before_shop_loop_item_titlecompatibility\conflicts\theme-hooks.php:619
filterwoocommerce_cart_product_cannot_be_purchased_messagecompatibility\conflicts\theme-hooks.php:828
filterelementor/files/allow_unfiltered_uploadcore\builders\action.php:157
filterelementor/document/urls/wp_previewcore\builders\base.php:49
actionwpcore\builders\base.php:52
filterwoocommerce_checkout_fieldscore\builders\base.php:54
actionadmin_initcore\builders\hooks.php:27
actionrestrict_manage_postscore\builders\hooks.php:32
filterparse_querycore\builders\hooks.php:34
actionelementor/editor/initcore\builders\hooks.php:36
filterwoocommerce_locate_templatecore\builders\hooks.php:39
actionelementor/controls/controls_registeredcore\elementor-controls\init.php:22
actionelementor/controls/controls_registeredcore\elementor-controls\init.php:23
actionrss2_headcore\export-import\export.php:12
actionimport_startcore\export-import\import.php:9
filtershopengine_language_codecore\multi-language\language.php:27
filtershopengine_multi_languagecore\multi-language\language.php:32
actionshopengine/core/settings/on_savecore\multi-language\language.php:34
actionwp_enqueue_scriptscore\page-templates\hooks\archive.php:16
filterwoocommerce_enqueue_stylescore\page-templates\hooks\archive.php:17
filterthe_contentcore\page-templates\hooks\base-content.php:51
filterbody_classcore\page-templates\hooks\base.php:44
filtertemplate_includecore\page-templates\hooks\base.php:73
actionwp_enqueue_scriptscore\page-templates\hooks\base.php:75
actionshopengine/templates/elementor/content/beforecore\page-templates\hooks\base.php:77
actionshopengine/builder/gutenberg/before-contentcore\page-templates\hooks\base.php:78
actionwp_headcore\page-templates\hooks\base.php:118
filterwoocommerce_locate_templatecore\page-templates\hooks\base.php:142
actionshopengine/builder/gutenberg/simplecore\page-templates\hooks\base.php:163
actionwoocommerce_shipping_initcore\page-templates\hooks\cart.php:17
actiontemplate_redirectcore\page-templates\hooks\cart.php:21
actionwp_enqueue_scriptscore\page-templates\hooks\cart.php:31
actionwoocommerce_cart_collateralscore\page-templates\hooks\cart.php:62
filterwc_get_templatecore\page-templates\hooks\checkout.php:18
actionwp_enqueue_scriptscore\page-templates\hooks\checkout.php:56
actionwp_enqueue_scriptscore\page-templates\hooks\single.php:16
filterelementor/document/urls/editcore\page-templates\page-templates.php:19
actionpre_get_postscore\query-modifier.php:18
actionwp_loadedcore\service-providers\theme-support-provider.php:13
actionadmin_menucore\settings\base.php:31
actionadmin_menucore\settings\base.php:32
actionadmin_enqueue_scriptscore\settings\base.php:35
actionbefore_delete_postcore\settings\base.php:46
actionadmin_headcore\settings\base.php:52
actionadmin_enqueue_scriptscore\settings\base.php:53
actionadmin_footercore\settings\base.php:54
actioninitcore\template-cpt.php:20
actionadmin_menucore\template-cpt.php:21
filterpost_row_actionscore\template-cpt.php:23
actioncustomize_registercore\wc-customizer\register-settings.php:28
actionwoocommerce_after_add_to_cart_buttonmodules\comparison\comparison.php:33
actionwoocommerce_before_add_to_cart_buttonmodules\comparison\comparison.php:37
filterwoocommerce_loop_add_to_cart_linkmodules\comparison\comparison.php:47
actionwp_enqueue_scriptsmodules\comparison\comparison.php:51
actionwp_footermodules\comparison\comparison.php:54
actionwoocommerce_admin_process_product_objectmodules\comparison\comparison.php:57
actioninitmodules\manifest.php:13
filtershopengine/page_templatesmodules\quick-view\quick-view.php:28
actionwp_enqueue_scriptsmodules\quick-view\quick-view.php:36
filterwoocommerce_loop_add_to_cart_linkmodules\quick-view\quick-view.php:55
actionwp_footermodules\quick-view\quick-view.php:58
actionwoocommerce_product_option_termsmodules\swatches\admin-product.php:15
actionadmin_footermodules\swatches\admin-product.php:19
actioncreated_termmodules\swatches\attribute-hooks.php:44
actionedit_termmodules\swatches\attribute-hooks.php:45
actionshopengine_attribute_field_chainmodules\swatches\attribute-hooks.php:46
actionwp_enqueue_scriptsmodules\swatches\frontend.php:20
filterwoocommerce_dropdown_variation_attribute_options_htmlmodules\swatches\frontend.php:21
filtershopengine_filter_html_swatch_hookmodules\swatches\frontend.php:22
actionwoocommerce_after_shop_loop_itemmodules\swatches\frontend.php:25
actionwp_enqueue_scriptsmodules\swatches\loop-product-support\shopengine-swatches.php:20
actionshopengine_swatches_anywheremodules\swatches\loop-product-support\shopengine-swatches.php:21
filterproduct_attributes_type_selectormodules\swatches\swatches.php:49
actionadmin_initmodules\swatches\swatches.php:53
actionadmin_print_scriptsmodules\swatches\swatches.php:54
actionadmin_initmodules\swatches\swatches.php:55
actioninitmodules\swatches\swatches.php:61
actionwoocommerce_after_add_to_cart_buttonmodules\wishlist\wishlist.php:33
actionwoocommerce_before_add_to_cart_buttonmodules\wishlist\wishlist.php:37
filterwoocommerce_loop_add_to_cart_linkmodules\wishlist\wishlist.php:47
actionwp_enqueue_scriptsmodules\wishlist\wishlist.php:50
actioninitmodules\wishlist\wishlist.php:74
filterwoocommerce_account_menu_itemsmodules\wishlist\wishlist.php:78
actionwoocommerce_account_wishlist_endpointmodules\wishlist\wishlist.php:79
actionadmin_noticesplugin.php:59
actionadmin_noticesplugin.php:71
actionadmin_noticesplugin.php:80
filterplugin_action_links_shopengine/shopengine.phpplugin.php:89
actionadmin_initplugin.php:137
actionwp_loadedplugin.php:145
actionelementor/editor/after_enqueue_stylesplugin.php:169
actionelementor/widgets/registerplugin.php:174
actionwp_enqueue_scriptsplugin.php:183
actioninitplugin.php:234
actionget_headerplugin.php:343
filterscript_loader_tagplugin.php:363
actionplugins_loadedshopengine.php:277
actionbefore_woocommerce_initshopengine.php:286
actionadmin_headutils\banner\banner.php:34
actionadmin_headutils\emailkit\emailkit.php:52
actionadmin_headutils\metform-promo-banner\metform-promo-banner.php:75
actionadmin_noticesutils\notice\notice.php:276
actionadmin_headutils\notice\notice.php:367
actionadmin_footerutils\notice.php:20
actionadmin_headutils\plugins\plugins.php:61
actionadmin_menuutils\plugins\plugins.php:227
filterplugin_row_metautils\pro-awareness\pro-awareness.php:475
actionadmin_headutils\pro-awareness\pro-awareness.php:484
actionadmin_menuutils\pro-awareness\pro-awareness.php:488
actionwp_dashboard_setuputils\stories\stories.php:52
actionwoocommerce_before_add_to_cart_quantitywidgets\add-to-cart\screens\default.php:37
actionwoocommerce_after_add_to_cart_quantitywidgets\add-to-cart\screens\default.php:59
actionrest_api_initwidgets\advanced-search\advanced-search-config.php:35
filterwoocommerce_before_shop_loop_item_titlewidgets\archive-products\archive-products.php:2538
filterwoocommerce_before_shop_loop_item_titlewidgets\archive-products\archive-products.php:2546
filterwoocommerce_product_get_rating_htmlwidgets\archive-products\archive-products.php:2552
actionwoocommerce_after_shop_loop_itemwidgets\archive-products\archive-products.php:2568
actionwoocommerce_shop_loop_item_titlewidgets\archive-products\screens\default.php:86
actionwoocommerce_after_shop_loop_item_titlewidgets\archive-products\screens\default.php:101
filterwoocommerce_pagination_argswidgets\archive-products\screens\default.php:144
filterwoocommerce_cart_crosssell_idswidgets\cross-sells\screens\default.php:23
actionwp_enqueue_scriptswidgets\init\enqueue-scripts.php:12
actionwp_enqueue_scriptswidgets\init\enqueue-scripts.php:13
actionelementor/editor/before_enqueue_scriptswidgets\init\enqueue-scripts.php:14
actionelementor/frontend/before_enqueue_scriptswidgets\init\enqueue-scripts.php:15
actionelementor/editor/after_enqueue_styleswidgets\init\enqueue-scripts.php:16
actionelementor/elements/categories_registeredwidgets\manifest.php:23
actionelementor/widgets/registerwidgets\manifest.php:24
filterelementor/editor/localize_settingswidgets\manifest.php:25
filterwoocommerce_default_address_fieldswidgets\manifest.php:26
actionelementor/editor/initwidgets\manifest.php:38
actioninitwidgets\manifest.php:71
filterwoocommerce_single_product_carousel_optionswidgets\product-image\product-image-config.php:11
filterpre_get_avatar_datawidgets\product-review\product-review.php:855
filterwoocommerce_reviews_titlewidgets\product-tabs\product-tabs.php:2041
filterwoocommerce_product_tabswidgets\product-tabs\screens\default.php:3
filterthe_contentwidgets\product-tabs\screens\default.php:33
filterwoocommerce_attributewidgets\product-tabs\screens\default.php:121
filterwoocommerce_related_productswidgets\related\related.php:1828
actionpre_get_postswidgets\shop.php:67
actionpre_get_postswidgets\shop.php:82
actionwoocommerce_product_is_visiblewidgets\shop.php:283
filterwc_get_templatewidgets\widget-helper.php:14
filterwc_get_template_partwidgets\widget-helper.php:38
filterwc_get_template_partwidgets\widget-helper.php:51
filterwc_get_templatewidgets\widget-helper.php:106
filterwoocommerce_breadcrumb_defaultswidgets\widget-helper.php:236
filtercomments_templatewidgets\widget-helper.php:248
Maintenance & Trust

ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 16, 2026
PHP min version7.4
Downloads1.5M

Community Trust

Rating92/100
Number of ratings208
Active installs90K
Alternatives

ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution Alternatives

ShopBuilder – WooCommerce Builder For Elementor

ShopBuilder – WooCommerce Builder For Elementor

shopbuilder

A
95

WooCommerce builder for Elementor includes 80+ widgets, WooCommerce templates, quick view, compare, wishlist, shop & archive page builder and more.

9K 3 CVEs
CoDesigner – All in One Elementor WooCommerce Builder

CoDesigner – All in One Elementor WooCommerce Builder

woolementor

D
47

Design stunning WooCommerce sites that sell with 94+ Widgets, 14+ Modules, & 150+ Templates of CoDesigner Elementor WooCommerce addon.

6K 2 unpatched
Magical Shop Builder – WooCommerce Template Builder for Elementor | Shop, Cart, Checkout & Product Page Builder

Magical Shop Builder – WooCommerce Template Builder for Elementor | Shop, Cart, Checkout & Product Page Builder

magical-products-display

A
99

The complete WooCommerce Shop Builder for Elementor. Build custom single product pages, cart, checkout, my account & shop archives with 60+ widgets.

3K 1 CVE
ShopMaker – Elementor WooCommerce Builder, Widgets & Templates

ShopMaker – Elementor WooCommerce Builder, Widgets & Templates

shopmaker

A
100

Create fully custom WooCommerce pages with Elementor: 50+ dedicated WooCommerce widgets and beautiful pre-designed templates.

90 No CVEs
UnikForce Elementor WooCommerce Builder

UnikForce Elementor WooCommerce Builder

unikforce-elementor-woocommerce

A
100

Enhance your Elementor page building experience with elementor dynamic woocommerce builder. Add power to your woocommerce builder using our easy-to-us &hellip;

0 No CVEs
Developer Profile

ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution Developer Profile

Roxnor

15 plugins · 3.0M total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
118 days
View full developer profile
Detection Fingerprints

How We Detect ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/shopengine/assets/css/frontend.css/wp-content/plugins/shopengine/assets/css/frontend-editor.css/wp-content/plugins/shopengine/assets/js/frontend.js/wp-content/plugins/shopengine/assets/js/frontend-editor.js/wp-content/plugins/shopengine/assets/js/widgets/shopengine-addons-editor.js/wp-content/plugins/shopengine/widgets/products/assets/css/style.css/wp-content/plugins/shopengine/widgets/products/assets/js/script.js/wp-content/plugins/shopengine/modules/shopengine-bundle/assets/css/style.css+1 more
Script Paths
/wp-content/plugins/shopengine/assets/js/frontend.js/wp-content/plugins/shopengine/assets/js/frontend-editor.js/wp-content/plugins/shopengine/assets/js/widgets/shopengine-addons-editor.js/wp-content/plugins/shopengine/widgets/products/assets/js/script.js/wp-content/plugins/shopengine/modules/shopengine-bundle/assets/js/script.js
Version Parameters
shopengine/assets/css/frontend.css?ver=shopengine/assets/css/frontend-editor.css?ver=shopengine/assets/js/frontend.js?ver=shopengine/assets/js/frontend-editor.js?ver=shopengine/assets/js/widgets/shopengine-addons-editor.js?ver=shopengine/widgets/products/assets/css/style.css?ver=shopengine/widgets/products/assets/js/script.js?ver=shopengine/modules/shopengine-bundle/assets/css/style.css?ver=shopengine/modules/shopengine-bundle/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
shopengine-elementor-addonsshopengine-product-widgetsshopengine-bundle-widgetsshopengine-active-builder
Data Attributes
data-shopengine-template-iddata-shopengine-builder-template-iddata-shopengine-elementor-template-id
JS Globals
shopengine_paramsShopEngineFrontendShopEngineEditor
FAQ

Frequently Asked Questions about ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution