WP-Safety

Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor Security & Risk Analysis

wordpress.org/plugins/thim-elementor-kit

Thim Elementor Kit is a plugin which supports users to build theme, layout, page, post, product, Woocommerce, LearnPress, courses with Elementor.

20K active installs v1.3.8 PHP 7.4+ WP 6.0+ Updated Feb 23, 2026
elementorelementor-addonselementor-widgetslearnpresstemplate-kit
95
A · Safe
CVEs total6
Unpatched0
Last CVEMar 14, 2026
Plugin page Download
Safety Verdict

Is Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor Safe to Use in 2026?

Generally Safe

Score 95/100

Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Mar 14, 2026Updated 1mo ago
Risk Assessment

The "thim-elementor-kit" v1.3.8 plugin presents a mixed security posture. While it demonstrates good practices in some areas, such as using prepared statements for all SQL queries and a high percentage of output escaping, significant concerns remain. The most pressing issue is the presence of two AJAX handlers without authentication checks, creating a direct attack surface for unauthenticated users. This, combined with five flows with unsanitized paths identified in the taint analysis, suggests potential avenues for injection or manipulation vulnerabilities. The plugin's history of six known CVEs, primarily involving missing authorization and cross-site scripting, reinforces these concerns and indicates a recurring pattern of authorization and input sanitization weaknesses. Although there are currently no unpatched vulnerabilities, the past issues and identified code signals warrant caution. The plugin's strength lies in its adherence to secure SQL practices and good output escaping, but the unprotected entry points and taint analysis findings are critical weaknesses that require immediate attention.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • History of medium severity CVEs (6 total)
  • Missing nonce check on 2 AJAX handlers
Vulnerabilities
6

Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
3 CVEs in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
6

6 total CVEs

CVE-2026-1870medium · 5.3Missing Authorization

Thim Kit for Elementor <= 1.3.7 - Missing Authorization to Unauthenticated Private Course Disclosure

Mar 14, 2026 Patched in 1.3.8 (1d)
CVE-2025-67594medium · 4.3Authorization Bypass Through User-Controlled Key

Thim Elementor Kit <= 1.3.3 - Authenticated (Contributor+) Insecure Direct Object Reference

Dec 6, 2025 Patched in 1.3.4 (6d)
CVE-2025-24725medium · 4.3Missing Authorization

Thim Elementor Kit <= 1.2.8 - Missing Authorization

Jan 24, 2025 Patched in 1.2.9 (5d)
CVE-2025-22312medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Thim Elementor Kit <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 6, 2025 Patched in 1.2.9.1 (25d)
CVE-2024-4329medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Thim Elementor Kit <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

May 10, 2024 Patched in 1.1.9.1 (1d)
CVE-2024-34415medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Thim Elementor Kit <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 6, 2024 Patched in 1.1.9 (11d)
Code Analysis
Analyzed Mar 16, 2026

Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
119
964 escaped
Nonce Checks
2
Capability Checks
15
File Operations
0
External Requests
5
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

89% escaped1083 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths
render_form_login (inc\elementor\widgets\global\login-form.php:884)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_thim_load_contentinc\elementor\class-hooks.php:207
noprivwp_ajax_thim_load_contentinc\elementor\class-hooks.php:208
WordPress Hooks 124
actionadmin_menuinc\class-dashboard.php:11
actionadmin_enqueue_scriptsinc\class-dashboard.php:13
actionthim_ekit/rest_api/register_endpointsinc\class-dashboard.php:14
actionadmin_enqueue_scriptsinc\class-enqueue-scripts.php:19
actionelementor/frontend/after_enqueue_stylesinc\class-enqueue-scripts.php:20
filterelementor/icons_manager/additional_tabsinc\class-enqueue-scripts.php:21
actionelementor/editor/before_enqueue_scriptsinc\class-enqueue-scripts.php:22
actionelementor/frontend/after_enqueue_scriptsinc\class-enqueue-scripts.php:23
actioninitinc\class-post-type.php:25
actioncurrent_screeninc\class-post-type.php:27
actionadmin_initinc\class-post-type.php:30
actionparse_queryinc\class-post-type.php:31
filtersingle_templateinc\class-post-type.php:32
actionadmin_menuinc\class-post-type.php:33
actionadmin_menuinc\class-post-type.php:34
actionwp_trash_postinc\class-post-type.php:35
actionuntrashed_postinc\class-post-type.php:36
actionin_admin_headerinc\class-post-type.php:52
actionrest_api_initinc\class-rest-api.php:17
actionadmin_enqueue_scriptsinc\class-settings.php:17
actionadmin_menuinc\class-settings.php:18
actionthim_ekit/rest_api/register_endpointsinc\class-settings.php:19
actioninitinc\class-settings.php:20
actionthim_ekit/elementor/widgets/breadcrumbinc\class-structured-data.php:12
actionwp_footerinc\class-structured-data.php:15
actionelementor/controls/registerinc\elementor\class-elementor.php:25
actionelementor/documents/register_controlsinc\elementor\class-elementor.php:27
actionelementor/elements/categories_registeredinc\elementor\class-elementor.php:28
actionelementor/widgets/registerinc\elementor\class-elementor.php:29
filterlp/rest/ajax/allow_callbackinc\elementor\class-elementor.php:30
filterelementor/controls/animations/additional_animationsinc\elementor\class-elementor.php:32
actionelementor/element/section/section_advanced/after_section_endinc\elementor\class-elementor.php:34
actionelementor/element/common/_section_style/after_section_endinc\elementor\class-elementor.php:38
actionelementor/element/column/section_advanced/after_section_endinc\elementor\class-elementor.php:42
actionelementor/element/container/section_layout/after_section_endinc\elementor\class-elementor.php:46
actionwp_headinc\elementor\class-hooks.php:18
actionwp_headinc\elementor\class-hooks.php:19
filterlearn-press/course/html-section-item/class-section-toggleinc\elementor\class-hooks.php:22
actionupgrader_process_completeinc\elementor\class-hooks.php:34
filterlogin_redirectinc\elementor\class-hooks.php:55
filterauthenticateinc\elementor\class-hooks.php:58
actionregister_postinc\elementor\class-hooks.php:63
actionuser_registerinc\elementor\class-hooks.php:66
actionregistration_errorsinc\elementor\class-hooks.php:69
actionregister_new_userinc\elementor\class-hooks.php:72
filterwp_new_user_notification_emailinc\elementor\class-hooks.php:74
actionlostpassword_postinc\elementor\class-hooks.php:79
filterlogin_form_rpinc\elementor\class-hooks.php:80
filterlogin_form_resetpassinc\elementor\class-hooks.php:81
filterpassword_change_emailinc\elementor\class-hooks.php:84
filterthim_ekit/cache/thim_ekits_option_conditionsinc\elementor\class-hooks.php:86
actionelementor/element/after_section_endinc\elementor\custom-css\class-custom-css.php:22
actionelementor/element/parse_cssinc\elementor\custom-css\class-custom-css.php:23
actionelementor/css-file/post/parseinc\elementor\custom-css\class-custom-css.php:24
actionelementor/editor/after_enqueue_scriptsinc\elementor\custom-css\class-custom-css.php:25
actionelementor/initinc\elementor\dynamic-tags\class-init.php:12
actionelementor/dynamic_tags/registerinc\elementor\dynamic-tags\class-init.php:13
actionelementor/editor/after_enqueue_scriptsinc\elementor\library\class-init.php:13
actionrest_api_initinc\elementor\library\class-rest-api.php:13
actionelementor/element/after_section_endinc\elementor\motion-effects\class-init.php:15
filterget_the_archive_title_prefixinc\elementor\widgets\global\page-title.php:14
filterlearn-press/user/course/html-button-continueinc\elementor\widgets\single-course\course-buttons.php:233
filterlearn-press/course/html-button-externalinc\elementor\widgets\single-course\course-buttons.php:297
filterdeprecated_file_trigger_errorinc\elementor\widgets\single-course-item\course-item-comments.php:34
filterwoocommerce_product_tabsinc\elementor\widgets\single-product\product-tabs.php:500
filterwoocommerce_product_tabsinc\elementor\widgets\single-product\product-tabs.php:507
filterwoocommerce_product_tabsinc\elementor\widgets\single-product\product-tabs.php:514
filterthim_ekit/cache/thim_ekits_option_conditionsinc\external-plugin\class-thim-ekit-wpml.php:16
actionpre_get_postsinc\modules\archive-course\class-init.php:18
actionwp_enqueue_scriptsinc\modules\archive-course\class-init.php:53
actionrest_api_initinc\modules\archive-course\class-rest-api.php:17
filterthim_ekit/elementor/archive_post/query_posts/query_varsinc\modules\archive-post\class-init.php:18
filterthim_ekit/post_type/register_tabsinc\modules\class-modules.php:18
filterthim_ekit/admin/enqueue/localizeinc\modules\class-modules.php:19
filterthim_ekit/post_type/single_template/overrideinc\modules\class-modules.php:20
actionadd_meta_boxesinc\modules\class-modules.php:21
actionsave_postinc\modules\class-modules.php:22
filtertemplate_includeinc\modules\class-modules.php:23
filterbody_classinc\modules\class-modules.php:24
actionelementor/dynamic_tags/before_renderinc\modules\class-modules.php:26
actionelementor/dynamic_tags/after_renderinc\modules\class-modules.php:27
actionelementor/frontend/before_register_scriptsinc\modules\class-modules.php:28
actionelementor/widget/before_render_contentinc\modules\class-modules.php:29
filterelementor/widget/render_contentinc\modules\class-modules.php:37
actionelementor/editor/before_enqueue_scriptsinc\modules\class-woocommerce.php:11
actionwp_enqueue_scriptsinc\modules\class-woocommerce.php:12
filterwoocommerce_add_to_cart_fragmentsinc\modules\class-woocommerce.php:18
actionwp_footerinc\modules\class-woocommerce.php:68
actiontemplate_redirectinc\modules\header-footer\class-frontend.php:17
actionthim_ekit/modules/header_footer/template/headerinc\modules\header-footer\class-frontend.php:19
actionthim_ekit/modules/header_footer/template/footerinc\modules\header-footer\class-frontend.php:20
actionthim_ekit/modules/header_footer/template/attributesinc\modules\header-footer\class-frontend.php:21
actionget_headerinc\modules\header-footer\class-frontend.php:99
actionget_footerinc\modules\header-footer\class-frontend.php:105
actionthim_ekit/rest_api/create_template/beforeinc\modules\loop-item\class-init.php:17
actionthim_ekit/rest_api/create_template/afterinc\modules\loop-item\class-init.php:18
filterelementor/document/wrapper_attributesinc\modules\loop-item\class-init.php:21
actionelementor/documents/register_controlsinc\modules\loop-item\class-init.php:22
actionelementor/preview/enqueue_scriptsinc\modules\loop-item\class-init.php:24
filterbody_classinc\modules\loop-item\class-init.php:25
filterthim_ekit/elementor/documents/preview_iteminc\modules\loop-item\class-init.php:26
filterelementor/css-file/dynamic/should_enqueueinc\modules\loop-item\class-init.php:28
actionthim_ekit/admin/enqueueinc\modules\mega-menu\class-init.php:16
actionbefore_delete_postinc\modules\mega-menu\class-init.php:17
filtersingle_templateinc\modules\mega-menu\class-init.php:18
actionwp_nav_menu_item_custom_fieldsinc\modules\mega-menu\class-init.php:19
actionadmin_head-nav-menus.phpinc\modules\mega-menu\class-init.php:20
filterwp_nav_menu_argsinc\modules\mega-menu\class-init.php:21
actionthim_ekit/rest_api/register_endpointsinc\modules\mega-menu\class-rest-api.php:44
actionwp_enqueue_scriptsinc\modules\single-course\class-init.php:19
actionwp_enqueue_scriptsinc\modules\single-course-item\class-init.php:20
actionthim_ekit/rest_api/create_template/beforeinc\modules\single-course-item\class-init.php:21
actionthim_ekit/rest_api/create_template/afterinc\modules\single-course-item\class-init.php:22
actionelementor/frontend/before_get_builder_contentinc\modules\single-product\class-init.php:19
actionelementor/frontend/get_builder_contentinc\modules\single-product\class-init.php:20
actionrestrict_manage_postsinc\modules\slider\class-post-type.php:17
filterparse_queryinc\modules\slider\class-post-type.php:18
actioninitinc\upgrade\class-init.php:22
filterelementor/frontend/builder_content/before_print_cssinc\utilities\class-elementor.php:63
filterlogin_errorsinc\utilities\login-register-trait.php:278
actionadmin_noticesthim-elementor-kit.php:43
actionadmin_noticesthim-elementor-kit.php:49
actioninitthim-elementor-kit.php:55
filterelementor/editor/after_savethim-elementor-kit.php:58
Maintenance & Trust

Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 23, 2026
PHP min version7.4
Downloads351K

Community Trust

Rating84/100
Number of ratings5
Active installs20K
Alternatives

Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor Alternatives

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

A
89

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 21 CVEs
Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs
Ultimate Addons for Elementor

Ultimate Addons for Elementor

header-footer-elementor

A
96

Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa &hellip;

2.0M 12 CVEs
Premium Addons for Elementor – Powerful Elementor Templates & Widgets

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

A
95

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 35 CVEs
Royal Addons for Elementor – Addons and Templates Kit for Elementor

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

C
50

Elementor templates, Header footer builder, Elementor Post Grid, Woocommerce Grid builder, Slider, Forms, Gallery, Nav menu addons, Elementor widgets.

600K 1 unpatched
Developer Profile

Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor Developer Profile

ThimPress

21 plugins · 209K total installs

70
trust score
Avg Security Score
87/100
Avg Patch Time
265 days
View full developer profile
Detection Fingerprints

How We Detect Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/thim-elementor-kit/assets/css/thim-elementor-kit.css/wp-content/plugins/thim-elementor-kit/assets/js/thim-elementor-kit.js/wp-content/plugins/thim-elementor-kit/assets/css/frontend.css/wp-content/plugins/thim-elementor-kit/assets/js/frontend.js
Script Paths
/wp-content/plugins/thim-elementor-kit/assets/js/thim-elementor-kit.js/wp-content/plugins/thim-elementor-kit/assets/js/frontend.js
Version Parameters
thim-elementor-kit/assets/css/thim-elementor-kit.css?ver=thim-elementor-kit/assets/js/thim-elementor-kit.js?ver=thim-elementor-kit/assets/css/frontend.css?ver=thim-elementor-kit/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
thim-ekit-widgetthim-ekit-content
Data Attributes
data-thim-ekit-widget-id
JS Globals
Thim_EKitthim_elementor_kit_params
REST Endpoints
/wp-json/thim-ekit/v1/get_settings/wp-json/thim-ekit/v1/save_settings/wp-json/thim-ekit/v1/get_post_types/wp-json/thim-ekit/v1/get_taxonomies
FAQ

Frequently Asked Questions about Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor