Does Split Test For Elementor have any unpatched vulnerabilities?

Yes — Split Test For Elementor currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Split Test For Elementor compatible with WordPress 6.8.5?

According to WordPress.org data, Split Test For Elementor 1.8.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Split Test For Elementor updated?

Split Test For Elementor was last updated on May 13, 2025. Frequent updates are generally a positive security signal.

What is Split Test For Elementor's security score?

Split Test For Elementor has a WP-Safety security score of 77/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Split Test For Elementor Security & Risk Analysis

wordpress.org/plugins/split-test-for-elementor

Adds split testing functionality to elementor

4K active installs v1.8.4 PHP + WP 4.9+ Updated May 13, 2025

elementoronline-marketingsplit-testing

B · Generally Safe

CVEs total3

Unpatched1

Last CVEApr 4, 2025

Plugin page Download

Safety Verdict

Is Split Test For Elementor Safe to Use in 2026?

Mostly Safe

Score 77/100

Split Test For Elementor is generally safe to use. 3 past CVEs were resolved. Keep it updated.

3 known CVEs 1 unpatched Last CVE: Apr 4, 2025Updated 10mo ago

Risk Assessment

The "split-test-for-elementor" plugin v1.8.4 exhibits several significant security concerns, indicating a weak overall security posture. The static analysis reveals a substantial attack surface with 3 out of 3 REST API routes lacking permission callbacks, making them unprotected entry points. Furthermore, only 14% of output is properly escaped, suggesting a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. Taint analysis highlights 3 high-severity flows with unsanitized paths, which could be exploited for various attacks.

The plugin's vulnerability history is also troubling. With 3 known CVEs, and 2 of them currently unpatched, this indicates a recurring pattern of security flaws. The types of past vulnerabilities, including SQL Injection, XSS, and CSRF, align with some of the risks identified in the static analysis. While the plugin has some strengths, such as the absence of dangerous functions and file operations, the prevalent lack of authentication on entry points, poor output escaping, and unpatched historical vulnerabilities outweigh these positive aspects.

Key Concerns

Unpatched CVEs (2)
REST API routes without permission callbacks (3)
High severity taint flows (3)
Low percentage of properly escaped output (14%)
Medium severity CVEs (3)

Vulnerabilities

Split Test For Elementor Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-32204medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Split Test For Elementor <= 1.8.3 - Authenticated (Editor+) SQL Injection

Apr 4, 2025 Patched in 1.8.4 (348d)

CVE-2025-32135medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Split Test For Elementor <= 1.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Apr 4, 2025Unpatched

CVE-2023-51407medium · 4.3Cross-Site Request Forgery (CSRF)

Split Test For Elementor <= 1.6.9 - Cross-Site Request Forgery

Dec 27, 2023 Patched in 1.7.0 (27d)

Code Analysis

Analyzed Mar 16, 2026

Split Test For Elementor Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared18 total queries

Output Escaping

14% escaped58 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

8 flows5 with unsanitized paths

progressTestsForRedirect (Classes\Events\SendHeadersEvent.php:104)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Split Test For Elementor Attack Surface

Entry Points3

Unprotected3

REST API Routes 3

POST/wp-json/splitTestForElementor/v1/tests/plugin.php:144

GET/wp-json/splitTestForElementor/v1/tests/getVariationToDisplay/plugin.php:152

POST/wp-json/splitTestForElementor/v1/variations/plugin.php:160

WordPress Hooks 36

actionadmin_noticesClasses\Misc\ShowCacheWarningMessage.php:8

actionadmin_noticesClasses\Misc\ShowWPEngineMessage.php:8

filterquery_varsClasses\Services\CacheCheckService.php:71

actiontemplate_redirectClasses\Services\CacheCheckService.php:76

actionsend_headersClasses\Services\CacheCheckService.php:84

filterquery_varsClasses\Services\ExternalLinkTrackingService.php:36

actiontemplate_redirectClasses\Services\ExternalLinkTrackingService.php:43

actionsend_headersClasses\Services\ExternalLinkTrackingService.php:52

filterquery_varsClasses\Services\ExternalPageTrackingService.php:36

actiontemplate_redirectClasses\Services\ExternalPageTrackingService.php:42

actionsend_headersClasses\Services\ExternalPageTrackingService.php:51

actionadmin_initClasses\Services\SettingsPage.php:20

actionadmin_menuClasses\Services\SettingsPage.php:24

actionadmin_noticesClasses\Update\UpdateToVersion_1_1.php:8

actionadmin_noticesClasses\Update\UpdateToVersion_1_1_6.php:13

actionadmin_noticesClasses\Update\UpdateToVersion_1_3_0.php:8

actionadmin_noticesClasses\Update\UpdateToVersion_1_5_4.php:8

actionsend_headersplugin.php:92

actionwp_headplugin.php:94

actionelementor/frontend/section/before_renderplugin.php:97

actionelementor/widget/render_contentplugin.php:99

actionelementor/frontend/section/after_renderplugin.php:101

actionelementor/frontend/section/should_renderplugin.php:102

actionelementor/frontend/container/before_renderplugin.php:104

actionelementor/frontend/container/after_renderplugin.php:105

actionadmin_menuplugin.php:120

actionadmin_initplugin.php:123

actionelementor/editor/before_enqueue_scriptsplugin.php:132

actionrest_api_initplugin.php:143

actionrest_api_initplugin.php:151

actionrest_api_initplugin.php:159

actionelementor/element/after_section_endplugin.php:170

actionelementor/editor/after_saveplugin.php:173

actionplugins_loadedplugin.php:177

actionelementor_pro/forms/new_recordplugin.php:191

actionplugins_loadedplugin.php:194

Maintenance & Trust

Split Test For Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 13, 2025

PHP min version

Downloads126K

Community Trust

Rating88/100

Number of ratings22

Active installs4K

Alternatives

Split Test For Elementor Alternatives

Elementor Website Builder – More Than Just a Page Builder

elementor

The Elementor Website Builder has it all: drag and drop page builder, pixel perfect design, mobile responsive editing, and more. Get started now!

10.0M 46 CVEs

Starter Templates – AI-Powered Templates for Elementor & Gutenberg

astra-sites

The growing library of 300+ ready-to-use templates that work with all WordPress themes including Astra, Hello, OceanWP, GeneratePress and more

2.0M 7 CVEs

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 22 CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Ultimate Addons for Elementor

header-footer-elementor

Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa …

2.0M 12 CVEs

Developer Profile

Split Test For Elementor Developer Profile

rocketelements

1 plugin · 4K total installs

trust score

Avg Security Score

77/100

Avg Patch Time

188 days

View full developer profile

Detection Fingerprints

How We Detect Split Test For Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/split-test-for-elementor/Admin/assets/images/icon.png

Script Paths

/wp-content/plugins/split-test-for-elementor/Admin/assets/js/editor.min.js

Version Parameters

split-test-for-elementor/Admin/assets/js/editor.min.js?ver=

HTML / DOM Fingerprints

REST Endpoints

/splitTestForElementor/v1/tests//splitTestForElementor/v1/tests/getVariationToDisplay//splitTestForElementor/v1/variations/

FAQ