Does Stax Addons for Elementor have any unpatched vulnerabilities?

Yes — Stax Addons for Elementor currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Stax Addons for Elementor compatible with WordPress 6.9.4?

According to WordPress.org data, Stax Addons for Elementor 1.5.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Stax Addons for Elementor compatible with PHP 7.4+?

Stax Addons for Elementor requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Stax Addons for Elementor updated?

Stax Addons for Elementor was last updated on Mar 10, 2026. Frequent updates are generally a positive security signal.

What is Stax Addons for Elementor's security score?

Stax Addons for Elementor has a WP-Safety security score of 76/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Stax Addons for Elementor Security & Risk Analysis

wordpress.org/plugins/stax-addons-for-elementor

20+ lightweight widgets and enhancements for Elementor. Modular, fast, and zero bloat — assets load only when used.

600 active installs v1.5.1 PHP 7.4+ WP 5.8+ Updated Mar 10, 2026

accordion-widgetelementor-widgetspage-builder-addonsslider-widgettestimonials

B · Generally Safe

CVEs total4

Unpatched1

Last CVEApr 4, 2024

Plugin page Download

Safety Verdict

Is Stax Addons for Elementor Safe to Use in 2026?

Mostly Safe

Score 76/100

Stax Addons for Elementor is generally safe to use. 4 past CVEs were resolved. Keep it updated.

4 known CVEs 1 unpatched Last CVE: Apr 4, 2024Updated 24d ago

Risk Assessment

The "stax-addons-for-elementor" v1.5.1 plugin exhibits a mixed security posture. While the static analysis shows a lack of direct entry points like AJAX handlers, REST API routes, or shortcodes, and a good percentage of output is properly escaped, several concerning signals exist. The presence of a single nonce check and a single capability check is positive, but the fact that 25% of outputs are not properly escaped presents a potential Cross-Site Scripting (XSS) risk, especially since this has been a historical vulnerability type. The plugin's history of four known CVEs, with one still unpatched and all being medium severity, is a significant concern. The prevalence of XSS, CSRF, and Missing Authorization vulnerabilities in the past suggests a recurring pattern of insecure coding practices that require careful attention. Although the taint analysis found no specific unsanitized paths in this version, the historical pattern and the unescaped output suggest that the plugin's development may not consistently prioritize robust security measures, leaving it susceptible to known attack vectors if not diligently maintained and updated.

Key Concerns

Unpatched CVE
Medium severity historical CVEs (4 total)
Unescaped output (25% of outputs)
Historical vulnerability types (XSS, CSRF, Missing Auth)

Vulnerabilities

Stax Addons for Elementor Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

2 CVEs in 2023

2023

1 CVE in 2024 · unpatched

2024

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2024-3064medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Elementor Addons, Widgets and Enhancements – Stax <= 1.4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 4, 2024Unpatched

CVE-2023-2189medium · 4.3Missing Authorization

Elementor Addons, Widgets and Enhancements – Stax <= 1.4.3 - Missing Authorization in toggle_widget

Jun 8, 2023 Patched in 1.4.4 (229d)

CVE-2023-1807medium · 4.3Cross-Site Request Forgery (CSRF)

Elementor Addons, Widgets and Enhancements – Stax <= 1.4.3 - Cross-Site Request Forgery via toggle_widget

Jun 8, 2023 Patched in 1.4.4 (229d)

WF-84003388-c47c-41db-8d2d-4643aa375a89-stax-addons-for-elementormedium · 4.3Missing Authorization

Appsero <= 1.2.1 - Missing Authorization

Dec 16, 2022 Patched in 1.4.4 (699d)

Code Analysis

Analyzed Mar 16, 2026

Stax Addons for Elementor Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

200 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

75% escaped268 total outputs

Attack Surface

Stax Addons for Elementor Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 14

actionadmin_post_stax_widget_activationcore\admin\pages\Widgets.php:28

actionadmin_menucore\admin\Settings.php:41

actionadmin_menucore\admin\Settings.php:42

filteradmin_body_classcore\admin\Settings.php:43

actionadmin_enqueue_scriptscore\admin\Settings.php:44

actionelementor/elements/categories_registeredcore\StaxWidgets.php:39

actionelementor/widgets/registercore\StaxWidgets.php:40

actionelementor/editor/after_enqueue_stylescore\StaxWidgets.php:41

actionelementor/element/accordion/section_title_style/before_section_endenhancements\Accordion.php:36

actionelementor/element/counter/section_title/after_section_endenhancements\Counter.php:34

actionelementor/element/text-editor/section_editor/before_section_endenhancements\TextEditor.php:34

actionelementor/element/common/_section_style/after_section_endextra\Rotate.php:35

actioninitloader.php:63

filterbbp_get_breadcrumbwidgets\breadcrumbs\core\Trail.php:45

Maintenance & Trust

Stax Addons for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 10, 2026

PHP min version7.4

Downloads14K

Community Trust

Rating0/100

Number of ratings0

Active installs600

Alternatives

Stax Addons for Elementor Alternatives

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 21 CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Ultimate Addons for Elementor

header-footer-elementor

Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa …

2.0M 12 CVEs

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 35 CVEs

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

Elementor templates, Header footer builder, Elementor Post Grid, Woocommerce Grid builder, Slider, Forms, Gallery, Nav menu addons, Elementor widgets.

600K 1 unpatched

Developer Profile

Stax Addons for Elementor Developer Profile

StaxWP

5 plugins · 32K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

351 days

View full developer profile

Detection Fingerprints

How We Detect Stax Addons for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/stax-addons-for-elementor/core/admin/layout.php/wp-content/plugins/stax-addons-for-elementor/core/admin/actions.php/wp-content/plugins/stax-addons-for-elementor/widgets/class-stax-el-woo-products.php

Script Paths

/wp-content/plugins/stax-addons-for-elementor/assets/js/admin.min.js

Version Parameters

stax-addons-for-elementor/assets/css/admin.css?ver=stax-addons-for-elementor/assets/js/admin.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

stax-addons-elementor-admin-page

Data Attributes

data-elementor-iddata-elementor-type

JS Globals

window.elementorFrontendConfigwindow.stax_el_params

Shortcode Output

[stax_el_breadcrumbs][stax_el_woo_products]

FAQ