WP-Safety

Sticky Header Effects for Elementor Security & Risk Analysis

wordpress.org/plugins/sticky-header-effects-for-elementor

Create advanced Sticky Headers in Elementor Free or Pro with scroll effects, blur, shrink, hide on scroll & full responsive controls.

300K active installs v2.1.8 PHP 7.0+ WP 5.3+ Updated Mar 3, 2026
add-onselementorelementor-page-builderheadersticky-header
99
A · Safe
CVEs total1
Unpatched0
Last CVESep 22, 2025
Plugin page Download
Safety Verdict

Is Sticky Header Effects for Elementor Safe to Use in 2026?

Generally Safe

Score 99/100

Sticky Header Effects for Elementor has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 22, 2025Updated 1mo ago
Risk Assessment

The "sticky-header-effects-for-elementor" plugin v2.1.8 presents a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a high percentage of output escaping, significant concerns remain. The presence of two AJAX handlers without authentication checks exposes potential entry points for unauthorized actions. Furthermore, the use of the `unserialize` function is a notable risk, as it can lead to object injection vulnerabilities if used with untrusted input. Although there are no currently unpatched CVEs and the vulnerability history shows a medium severity issue in the past, the pattern of "Missing Authorization" vulnerabilities is concerning and highlights a recurring weakness. The single critical taint flow with unsanitized paths, despite its severity being marked as zero, warrants attention due to the potential for exploitation.

Overall, the plugin has some strengths in its secure handling of database interactions and output. However, the unauthenticated AJAX endpoints and the reliance on potentially dangerous functions like `unserialize` create notable attack surfaces. The past vulnerability history, particularly related to authorization, suggests that these are areas that require ongoing vigilance and improvement. The plugin is not without its flaws, and users should be aware of the potential risks associated with the identified vulnerabilities, especially those related to input validation and access control.

Key Concerns

  • Unprotected AJAX handlers
  • Use of unserialize function
  • Flow with unsanitized paths (Taint Analysis)
  • Medium severity historical CVE
Vulnerabilities
1

Sticky Header Effects for Elementor Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-58251medium · 5.4Missing Authorization

Sticky Header Effects for Elementor <= 2.1.3 - Missing Authorization

Sep 22, 2025 Patched in 2.1.3 (39d)
Code Analysis
Analyzed Mar 16, 2026

Sticky Header Effects for Elementor Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
0 prepared
Unescaped Output
35
55 escaped
Nonce Checks
6
Capability Checks
14
File Operations
0
External Requests
8
Bundled Libraries
0

Dangerous Functions Found

unserialize$plugin_info = unserialize( wp_remote_retrieve_body( $response ) );includes\dashboard\class-she-dashboard-ajax.php:493
unserialize$theme_info = unserialize( $response['body'] );includes\dashboard\class-she-dashboard-ajax.php:585
unserialize$plugin_info = unserialize( wp_remote_retrieve_body( $response ) );includes\preset\class-she-preset.php:193

Output Escaping

61% escaped90 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
she_api_call (includes\dashboard\class-she-dashboard-ajax.php:622)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Sticky Header Effects for Elementor Attack Surface

Entry Points9
Unprotected2

AJAX Handlers 9

authwp_ajax_she_dashboard_ajax_callincludes\dashboard\class-she-dashboard-ajax.php:64
authwp_ajax_she_dashboard_ajax_callincludes\dashboard\class-she-dashboard-ajax.php:455
authwp_ajax_wb_dismiss_noticeincludes\notices\class-she-banner-notice.php:71
authwp_ajax_she_deactivate_rateus_noticeincludes\notices\class-she-deactivate-feedback.php:75
authwp_ajax_she_nexter_extension_dismiss_promoincludes\notices\class-she-nexter-extension-promo.php:83
authwp_ajax_she_dismiss_noticeincludes\notices\class-she-plugin-page.php:69
authwp_ajax_check_plugin_statusincludes\preset\class-she-preset.php:73
authwp_ajax_she_install_wdkitincludes\preset\class-she-preset.php:74
authwp_ajax_she_insert_entryincludes\preset\class-she-preset.php:76
WordPress Hooks 25
actionelementor/widgets/widgets_registeredbase\module-base.php:79
actionadmin_footerincludes\class-she-loader.php:71
actionelementor/controls/controls_registeredincludes\class-she-loader.php:78
actionadmin_menuincludes\dashboard\class-she-wp-menu.php:56
actionadmin_enqueue_scriptsincludes\dashboard\class-she-wp-menu.php:57
actionadmin_menuincludes\dashboard\class-she-wp-menu.php:74
filterplugin_row_metaincludes\meta\class-she-meta.php:56
actionadmin_noticesincludes\notices\class-she-banner-notice.php:70
actioncurrent_screenincludes\notices\class-she-deactivate-feedback.php:107
actionadmin_enqueue_scriptsincludes\notices\class-she-deactivate-feedback.php:115
actionadmin_footerincludes\notices\class-she-deactivate-feedback.php:129
actionadmin_noticesincludes\notices\class-she-nexter-extension-promo.php:82
actionafter_plugin_rowincludes\notices\class-she-plugin-page.php:68
actionelementor/editor/before_enqueue_scriptsincludes\preset\class-she-preset.php:69
actionelementor/editor/before_enqueue_scriptsincludes\preset\class-she-preset.php:70
actionelementor/editor/footerincludes\preset\class-she-preset.php:78
actionelementor/element/section/section_effects/after_section_endmodules\transparent\module.php:1513
actionelementor/frontend/after_enqueue_stylesmodules\transparent\module.php:1516
actionwp_enqueue_scriptsmodules\transparent\module.php:1519
actionelementor/element/container/section_effects/after_section_endmodules\transparent\module.php:1524
actionelementor/initplugin.php:143
actionadmin_noticessticky-header-effects-for-elementor.php:47
actionadmin_noticessticky-header-effects-for-elementor.php:53
actionadmin_noticessticky-header-effects-for-elementor.php:59
actionplugins_loadedsticky-header-effects-for-elementor.php:65
Maintenance & Trust

Sticky Header Effects for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 3, 2026
PHP min version7.0
Downloads5.0M

Community Trust

Rating90/100
Number of ratings68
Active installs300K
Alternatives

Sticky Header Effects for Elementor Alternatives

JetSticky For Elementor

JetSticky For Elementor

jetsticky-for-elementor

A
85

JetSticky is the plugin which allows to make the sections and columns built with Elementor sticky!

30K No CVEs
Xpro Theme Builder For Elementor – FREE

Xpro Theme Builder For Elementor – FREE

xpro-theme-builder

A
98

Try FREE Theme Builder for Elementor with 50+ FREE widgets. Create a custom header, footer, singular, and archive layout in no time.

10K 2 CVEs
Sticky Elementor – Sticky Header, Menu Color After Sticky, Logo Swap & Back to Top Button

Sticky Elementor – Sticky Header, Menu Color After Sticky, Logo Swap & Back to Top Button

sticky-elementor

A
100

Free Sticky Header for Elementor. Features Logo Swap, Shrink Effect, Mobile Sticky Menu, Scroll Blur, and Zero Layout Shift. No Pro Required!

200 No CVEs
Header Builder for Elementor by WPDaddy

Header Builder for Elementor by WPDaddy

wpdaddy-header-builder

A
85

WPDaddy header builder was developed for Elementor page builder.

200 No CVEs
Floaty Header – Sticky Header, Floating Bar & Announcement Bar

Floaty Header – Sticky Header, Floating Bar & Announcement Bar

floatyheader-sticky-header

A
100

Easily create sticky headers, menus & announcement bars for Elementor or any theme. Simple, lightweight & fast.

100 No CVEs
Developer Profile

Sticky Header Effects for Elementor Developer Profile

POSIMYTH

8 plugins · 460K total installs

85
trust score
Avg Security Score
96/100
Avg Patch Time
72 days
View full developer profile
Detection Fingerprints

How We Detect Sticky Header Effects for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sticky-header-effects-for-elementor/assets/css/admin.css/wp-content/plugins/sticky-header-effects-for-elementor/assets/css/she-header.css/wp-content/plugins/sticky-header-effects-for-elementor/assets/js/she-header-editor.js/wp-content/plugins/sticky-header-effects-for-elementor/assets/js/she-header-frontend.js
Script Paths
she-header-editor.jsshe-header-frontend.js
Version Parameters
sticky-header-effects-for-elementor/assets/css/admin.css?ver=sticky-header-effects-for-elementor/assets/css/she-header.css?ver=sticky-header-effects-for-elementor/assets/js/she-header-editor.js?ver=sticky-header-effects-for-elementor/assets/js/she-header-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
she-header-sticky-wrappershe-header-sticky-inner
Data Attributes
data-she-effectdata-she-animationdata-she-sticky-show-on-scrolldata-she-sticky-hide-on-scrolldata-she-transparentdata-she-transparent-color+9 more
JS Globals
she_header_editor_paramsshe_header_frontend_params
FAQ

Frequently Asked Questions about Sticky Header Effects for Elementor