WP-Safety

TopperPack – Complete Elementor Addons, Theme & CPT Builder Security & Risk Analysis

wordpress.org/plugins/topper-pack

100+ Elementor widgets & extensions for WordPress. Build stunning websites with WooCommerce tools, advanced UI elements, and regular updates.

400 active installs v1.2.1 PHP 7.4+ WP 5.0+ Updated Feb 1, 2026
cpt-builderelementor-extensionselementor-widgetsmega-menu-builderwoocommerce-widgets
75
B · Generally Safe
CVEs total1
Unpatched1
Last CVEFeb 4, 2026
Plugin page Download
Safety Verdict

Is TopperPack – Complete Elementor Addons, Theme & CPT Builder Safe to Use in 2026?

Mostly Safe

Score 75/100

TopperPack – Complete Elementor Addons, Theme & CPT Builder is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Feb 4, 2026Updated 2mo ago
Risk Assessment

The "topper-pack" plugin v1.2.1 exhibits a mixed security posture. On the positive side, static analysis reveals a robust implementation of security best practices, including comprehensive nonce and capability checks across its identified entry points. The extensive use of output escaping (92%) and prepared statements for SQL queries (52%) further suggests a conscientious development approach towards preventing common web vulnerabilities. The absence of critical or high severity taint flows and the reported low number of dangerous functions are also encouraging indicators.

However, the plugin's vulnerability history is a significant concern. It has one known, currently unpatched high-severity vulnerability categorized as Improper Control of Filename for Include/Require Statement, also known as Remote File Inclusion. The fact that this vulnerability was last identified in the future (2026-02-04) is unusual and warrants further investigation into the data's accuracy, but if accurate, it highlights a critical, ongoing security flaw. While the static analysis did not directly surface this specific flaw, the presence of extensive file operations (132) and external HTTP requests (13) in the code could potentially be related to how such a vulnerability might be exploited or introduced.

In conclusion, while "topper-pack" demonstrates a good foundation in secure coding practices like input validation and output sanitization, the presence of an unpatched high-severity vulnerability casts a significant shadow over its overall security. Users should be extremely cautious until this vulnerability is addressed. The unusual date for the last vulnerability also suggests a need for data validation.

Key Concerns

  • Unpatched high severity CVE
  • Flow with unsanitized paths
  • SQL queries not using prepared statements
  • Bundled outdated library: Freemius v1.0
  • Bundled outdated library: Select2
Vulnerabilities
1

TopperPack – Complete Elementor Addons, Theme & CPT Builder Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2025-68841high · 8.1Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

TopperPack – Complete Elementor Addons, Theme & CPT Builder <= 1.2.1 - Unauthenticated Local File Inclusion

Feb 4, 2026Unpatched
Code Analysis
Analyzed Mar 16, 2026

TopperPack – Complete Elementor Addons, Theme & CPT Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
10
11 prepared
Unescaped Output
377
4088 escaped
Nonce Checks
21
Capability Checks
28
File Operations
132
External Requests
13
Bundled Libraries
2

Bundled Libraries

Freemius1.0Select2

SQL Query Safety

52% prepared21 total queries

Output Escaping

92% escaped4465 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

6 flows1 with unsanitized paths
<class-ready-site-importer> (includes\import\class-ready-site-importer.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

TopperPack – Complete Elementor Addons, Theme & CPT Builder Attack Surface

Entry Points21
Unprotected0

AJAX Handlers 20

authwp_ajax_topppa_save_widget_settingsadmin\dashboard.php:1196
authwp_ajax_topppa_save_extension_settingsadmin\dashboard.php:1341
authwp_ajax_topppa_save_extra_settingsadmin\dashboard.php:1382
authwp_ajax_topppa_save_api_settingsadmin\dashboard.php:1409
authwp_ajax_topppa_reset_wizardadmin\dashboard.php:1461
authwp_ajax_topppa_fetch_ready_sitesincludes\import\class-ready-site-importer.php:18
authwp_ajax_topppa_fetch_categoriesincludes\import\class-ready-site-importer.php:19
authwp_ajax_topppa_import_ready_siteincludes\import\class-ready-site-importer.php:20
authwp_ajax_handle_live_editorincludes\mega-menu\init.php:24
authwp_ajax_get_topppa_menu_item_settingsincludes\mega-menu\init.php:26
authwp_ajax_save_topppa_menu_item_settingsincludes\mega-menu\init.php:27
authwp_ajax_save_topppa_mega_item_contentincludes\mega-menu\init.php:28
authwp_ajax_check_temp_validityincludes\mega-menu\init.php:30
authwp_ajax_topppa_export_settingsincludes\settings-import\class-settings-manager.php:34
authwp_ajax_topppa_import_settingsincludes\settings-import\class-settings-manager.php:35
authwp_ajax_topppa_reset_settingsincludes\settings-import\class-settings-manager.php:36
authwp_ajax_topper_pack_save_wizard_dataincludes\setup-wizard\wizard.php:22
authwp_ajax_topppa_hfe_get_posts_by_queryincludes\theme-builder\conditions\class-topppa-conditions.php:26
authwp_ajax_topppa_mailchimp_subscribewidgets\topppa-mailchimp-widget.php:911
noprivwp_ajax_topppa_mailchimp_subscribewidgets\topppa-mailchimp-widget.php:912

Shortcodes 1

[topppa_theme_builder] includes\theme-builder\class-theme-builder.php:87
WordPress Hooks 187
actionadmin_menuadmin\dashboard.php:9
actionadmin_enqueue_scriptsadmin\dashboard.php:84
actionadmin_enqueue_scriptsadmin\dashboard.php:108
actionelementor/element/section/section_advanced/after_section_endextensions\conditional-display\conditional-display.php:24
actionelementor/element/column/section_advanced/after_section_endextensions\conditional-display\conditional-display.php:25
actionelementor/element/common/_section_style/after_section_endextensions\conditional-display\conditional-display.php:26
actionelementor/element/container/section_layout/after_section_endextensions\conditional-display\conditional-display.php:27
filterelementor/frontend/widget/should_renderextensions\conditional-display\handler.php:91
filterelementor/frontend/column/should_renderextensions\conditional-display\handler.php:92
filterelementor/frontend/section/should_renderextensions\conditional-display\handler.php:93
filterelementor/frontend/container/should_renderextensions\conditional-display\handler.php:94
actionelementor/element/common/_section_responsive/after_section_endextensions\custom-css.php:21
actionelementor/element/section/_section_responsive/after_section_endextensions\custom-css.php:22
actionelementor/element/column/_section_responsive/after_section_endextensions\custom-css.php:23
actionelementor/element/container/_section_responsive/after_section_endextensions\custom-css.php:25
actionelementor/element/parse_cssextensions\custom-css.php:27
actionelementor/css-file/post/parseextensions\custom-css.php:28
actionelementor/frontend/after_enqueue_scriptsextensions\custom-css.php:30
actionelementor/element/container/section_layout/after_section_endextensions\dots-particale-animation.php:21
actionelementor/element/section/section_advanced/after_section_endextensions\dots-particale-animation.php:24
actionelementor/editor/after_enqueue_scriptsextensions\dots-particale-animation.php:27
actionelementor/frontend/container/before_renderextensions\dots-particale-animation.php:30
actionelementor/frontend/section/before_renderextensions\dots-particale-animation.php:31
actionelementor/frontend/after_enqueue_stylesextensions\dots-particale-animation.php:34
actionelementor/frontend/after_enqueue_scriptsextensions\dots-particale-animation.php:35
actionelementor/element/common/_section_style/after_section_endextensions\hover-effect.php:22
actionelementor/editor/after_enqueue_scriptsextensions\hover-effect.php:25
actionelementor/frontend/widget/before_renderextensions\hover-effect.php:28
actionelementor/frontend/after_enqueue_stylesextensions\hover-effect.php:31
actionelementor/element/container/section_layout/after_section_endextensions\hover-image-viewer.php:14
actionelementor/frontend/container/before_renderextensions\hover-image-viewer.php:19
actionelementor/frontend/after_enqueue_scriptsextensions\hover-image-viewer.php:24
actionelementor/element/section/section_advanced/after_section_endextensions\interactive-animations.php:20
actionelementor/element/container/section_layout/after_section_endextensions\interactive-animations.php:21
actionelementor/element/common/_section_style/after_section_endextensions\interactive-animations.php:22
actionelementor/frontend/after_enqueue_scriptsextensions\interactive-animations.php:25
actionelementor/frontend/before_renderextensions\interactive-animations.php:28
actionelementor/element/section/section_advanced/after_section_endextensions\motion-text.php:41
actionelementor/element/column/section_advanced/after_section_endextensions\motion-text.php:42
actionelementor/element/common/section_custom_css/after_section_endextensions\motion-text.php:43
actionelementor/element/container/section_advanced/after_section_endextensions\motion-text.php:46
actionelementor/element/heading/section_advanced/after_section_endextensions\motion-text.php:49
actionelementor/element/text-editor/section_advanced/after_section_endextensions\motion-text.php:50
actionelementor/element/common/_section_responsive/after_section_endextensions\motion-text.php:53
actionelementor/frontend/widget/before_renderextensions\motion-text.php:55
actionelementor/frontend/after_enqueue_scriptsextensions\motion-text.php:56
actionelementor/kit/register_tabsextensions\scroll-to-top\scroll-to-top.php:24
actionelementor/documents/register_controlsextensions\scroll-to-top\scroll-to-top.php:25
actionwp_footerextensions\scroll-to-top\scroll-to-top.php:26
actionelementor/element/section/section_background/after_section_endextensions\sticky-section.php:19
actionelementor/section/print_templateextensions\sticky-section.php:20
actionelementor/frontend/section/before_renderextensions\sticky-section.php:21
actionelementor/element/container/section_layout/after_section_endextensions\sticky-section.php:24
actionelementor/container/print_templateextensions\sticky-section.php:25
actionelementor/frontend/container/before_renderextensions\sticky-section.php:26
actionelementor/element/common/_section_style/after_section_endextensions\tooltip.php:23
actionelementor/frontend/widget/before_renderextensions\tooltip.php:24
actionelementor/frontend/after_enqueue_scriptsextensions\tooltip.php:25
actionelementor/element/container/section_layout/after_section_endextensions\wrapper-link.php:17
actionelementor/element/section/section_advanced/after_section_endextensions\wrapper-link.php:18
actionelementor/element/column/section_advanced/after_section_endextensions\wrapper-link.php:19
actionelementor/element/common/_section_style/after_section_endextensions\wrapper-link.php:20
actionelementor/frontend/before_renderextensions\wrapper-link.php:22
actionwp_enqueue_scriptsincludes\class-topppa-fonts.php:52
actionadmin_enqueue_scriptsincludes\class-topppa-fonts.php:53
actionwp_headincludes\class-topppa-fonts.php:88
actionelementor/controls/registerincludes\controls\init.php:19
filterelementor/icons_manager/additional_tabsincludes\custom-icon\init.php:19
actionadmin_menuincludes\import\class-ready-site-importer.php:16
actionadmin_enqueue_scriptsincludes\import\class-ready-site-importer.php:17
filterupload_mimesincludes\import\class-ready-site-importer.php:1191
filterwp_check_filetype_and_extincludes\import\class-ready-site-importer.php:1192
filterimport_post_meta_keyincludes\import\class-topppa-custom-import.php:82
filterhttp_request_timeoutincludes\import\class-topppa-custom-import.php:83
actionadmin_initincludes\import\init.php:21
actionadmin_enqueue_scriptsincludes\mega-menu\init.php:22
actionelementor/initincludes\plugin.php:83
actionadmin_noticesincludes\plugin.php:99
actionadmin_noticesincludes\plugin.php:105
actionadmin_noticesincludes\plugin.php:111
actionelementor/elements/categories_registeredincludes\plugin.php:205
actionelementor/widgets/registerincludes\plugin.php:206
actionwp_enqueue_scriptsincludes\plugin.php:213
actionwp_enqueue_scriptsincludes\plugin.php:215
actionafter_enqueue_scriptsincludes\plugin.php:223
actionelementor/editor/after_enqueue_scriptsincludes\plugin.php:224
actionelementor/editor/after_enqueue_scriptsincludes\plugin.php:225
actionwp_enqueue_scriptsincludes\plugin.php:227
actioninitincludes\settings-import\init.php:33
actionadmin_menuincludes\setup-wizard\wizard.php:20
actionadmin_enqueue_scriptsincludes\setup-wizard\wizard.php:21
actionadmin_initincludes\setup-wizard\wizard.php:23
actionadmin_initincludes\setup-wizard\wizard.php:24
actionadmin_initincludes\setup-wizard\wizard.php:27
actionadmin_footerincludes\setup-wizard\wizard.php:578
actionadmin_footerincludes\setup-wizard\wizard.php:675
actionwp_enqueue_scriptsincludes\smooth-scroller\init.php:16
actionelementor/ajax/register_actionsincludes\template-library\templates\import.php:22
actionwp_enqueue_scriptsincludes\template-library\templates\init.php:29
actionelementor/editor/after_enqueue_scriptsincludes\template-library\templates\init.php:36
actionelementor/editor/after_enqueue_stylesincludes\template-library\templates\init.php:66
actionwp_headincludes\template-library\templates\init.php:71
actionelementor/editor/footerincludes\template-library\templates\init.php:76
actionelementor/editor/footerincludes\template-library\templates\load.php:25
actionelementor/ajax/register_actionsincludes\template-library\templates\load.php:26
actioninitincludes\theme-builder\admin\class-admin.php:27
filterparse_queryincludes\theme-builder\admin\class-admin.php:29
actionadd_meta_boxesincludes\theme-builder\admin\class-admin.php:30
actionsave_postincludes\theme-builder\admin\class-admin.php:31
actionadmin_noticesincludes\theme-builder\admin\class-admin.php:32
actiontemplate_redirectincludes\theme-builder\admin\class-admin.php:33
filtersingle_templateincludes\theme-builder\admin\class-admin.php:34
filtermanage_topppa-theme-builder_posts_columnsincludes\theme-builder\admin\class-admin.php:35
filtermanage_topppa-theme-builder_posts_columnsincludes\theme-builder\admin\class-admin.php:36
actionmanage_topppa-theme-builder_posts_custom_columnincludes\theme-builder\admin\class-admin.php:37
actionmanage_topppa-theme-builder_posts_custom_columnincludes\theme-builder\admin\class-admin.php:38
actionelementor/editor/footerincludes\theme-builder\admin\class-admin.php:40
actionmanage_topppa-theme-builder_posts_custom_columnincludes\theme-builder\admin\class-admin.php:44
filtermanage_topppa-theme-builder_posts_columnsincludes\theme-builder\admin\class-admin.php:45
actionadmin_menuincludes\theme-builder\class-theme-builder.php:31
actionsave_postincludes\theme-builder\class-theme-builder.php:34
actiondelete_postincludes\theme-builder\class-theme-builder.php:35
actioninitincludes\theme-builder\class-theme-builder.php:43
actionwp_enqueue_scriptsincludes\theme-builder\class-theme-builder.php:58
actionadmin_enqueue_scriptsincludes\theme-builder\class-theme-builder.php:59
filterbody_classincludes\theme-builder\class-theme-builder.php:60
filterwc_get_template_partincludes\theme-builder\class-theme-builder.php:64
filtertemplate_includeincludes\theme-builder\class-theme-builder.php:65
actiontopppa_template_woocommerce_product_contentincludes\theme-builder\class-theme-builder.php:66
actiontopppa_template_woocommerce_product_contentincludes\theme-builder\class-theme-builder.php:67
filtertemplate_includeincludes\theme-builder\class-theme-builder.php:70
actiontopppa_template_woocommerce_cart_contentincludes\theme-builder\class-theme-builder.php:71
filtertemplate_includeincludes\theme-builder\class-theme-builder.php:74
actiontopppa_template_woocommerce_checkout_contentincludes\theme-builder\class-theme-builder.php:75
actiontemplate_redirectincludes\theme-builder\class-theme-builder.php:82
filtertemplate_includeincludes\theme-builder\class-theme-builder.php:83
actiontopppa_template_woocommerce_archive_product_contentincludes\theme-builder\class-theme-builder.php:84
filtertopppa_hfe_get_settings_type_headerincludes\theme-builder\compatibility\class-theme-wpml-compatibility.php:16
filtertopppa_hfe_get_settings_type_footerincludes\theme-builder\compatibility\class-theme-wpml-compatibility.php:17
filtertopppa_hfe_render_template_idincludes\theme-builder\compatibility\class-theme-wpml-compatibility.php:18
actionadmin_action_editincludes\theme-builder\conditions\class-topppa-conditions.php:25
filterposts_searchincludes\theme-builder\conditions\class-topppa-conditions.php:221
actionsave_postincludes\theme-builder\theme-util.php:176
actiondelete_postincludes\theme-builder\theme-util.php:182
actionwpincludes\theme-builder\themes\compatibility\class-topppa-compatibility-compat.php:19
actiontemplate_redirectincludes\theme-builder\themes\compatibility\class-topppa-compatibility-compat.php:27
actiontemplate_redirectincludes\theme-builder\themes\compatibility\class-topppa-compatibility-compat.php:30
actionastra_headerincludes\theme-builder\themes\compatibility\class-topppa-compatibility-compat.php:31
actiontemplate_redirectincludes\theme-builder\themes\compatibility\class-topppa-compatibility-compat.php:35
actionastra_footerincludes\theme-builder\themes\compatibility\class-topppa-compatibility-compat.php:36
filterenable_topppa_render_page_titleincludes\theme-builder\themes\compatibility\class-topppa-compatibility-compat.php:43
actiontemplate_redirectincludes\theme-builder\themes\compatibility\class-topppa-compatibility-compat.php:47
actionastra_content_beforeincludes\theme-builder\themes\compatibility\class-topppa-compatibility-compat.php:50
filtertemplate_includeincludes\theme-builder\themes\compatibility\class-topppa-compatibility-compat.php:55
filterastra_get_content_layoutincludes\theme-builder\themes\compatibility\class-topppa-compatibility-compat.php:205
filterastra_content_layoutincludes\theme-builder\themes\compatibility\class-topppa-compatibility-compat.php:206
filterastra_page_templateincludes\theme-builder\themes\compatibility\class-topppa-compatibility-compat.php:209
filterastra_container_classincludes\theme-builder\themes\compatibility\class-topppa-compatibility-compat.php:212
filterbody_classincludes\theme-builder\themes\compatibility\class-topppa-compatibility-compat.php:215
actionastra_content_beforeincludes\theme-builder\themes\compatibility\class-topppa-compatibility-compat.php:218
actionastra_content_afterincludes\theme-builder\themes\compatibility\class-topppa-compatibility-compat.php:219
actiontemplate_redirectincludes\theme-builder\themes\default\class-topppa-default-compat.php:21
actionwp_enqueue_scriptsincludes\theme-builder\themes\default\class-topppa-default-compat.php:37
actionget_headerincludes\theme-builder\themes\default\class-topppa-default-compat.php:40
actiontopppa_headerincludes\theme-builder\themes\default\class-topppa-default-compat.php:41
actionget_footerincludes\theme-builder\themes\default\class-topppa-default-compat.php:45
actiontopppa_footerincludes\theme-builder\themes\default\class-topppa-default-compat.php:46
filterenable_topppa_render_page_titleincludes\theme-builder\themes\default\class-topppa-default-compat.php:53
actiontopppa_page_titleincludes\theme-builder\themes\default\class-topppa-default-compat.php:57
actionwp_headincludes\theme-builder\themes\default\class-topppa-default-compat.php:59
filtertemplate_includeincludes\theme-builder\themes\default\class-topppa-default-compat.php:64
actionadmin_menuincludes\upgrade.php:178
actionadmin_headincludes\upgrade.php:207
actionadmin_footerincludes\upgrade.php:226
actionadmin_footerincludes\utilities.php:210
filterwoocommerce_add_to_cart_fragmentsincludes\woocommerce\class-topppa-woo-mini-cart.php:14
actioninitincludes\woocommerce\class-woocommerce-config.php:21
filterwoocommerce_locate_templateincludes\woocommerce\class-woocommerce-config.php:33
filterdeactivate_on_activationtopper-pack.php:116
filterhide_freemius_powered_bytopper-pack.php:117
filterfs_default_optionstopper-pack.php:120
actionplugins_loadedtopper-pack.php:171
filtercomment_form_defaultswidgets\topppa-post-comment-widget.php:1712
filterwoocommerce_coupons_enabledwidgets\topppa-product-checkout-page-widget.php:994
actionwoocommerce_checkout_before_order_review_headingwidgets\topppa-product-checkout-page-widget.php:1007
actionwoocommerce_checkout_after_order_reviewwidgets\topppa-product-checkout-page-widget.php:1012
filterwoocommerce_product_review_comment_form_argswidgets\topppa-product-review-comment-widget.php:718
Maintenance & Trust

TopperPack – Complete Elementor Addons, Theme & CPT Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 1, 2026
PHP min version7.4
Downloads3K

Community Trust

Rating100/100
Number of ratings4
Active installs400
Alternatives

TopperPack – Complete Elementor Addons, Theme & CPT Builder Alternatives

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

A
89

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 21 CVEs
Livemesh Addons by Elementor

Livemesh Addons by Elementor

addons-for-elementor

A
94

Elementor Addons that saves time with multiple ready-to-use drag and drop styles for 30+ essential widgets built for Elementor page builder.

40K 18 CVEs
LA-Studio Element Kit for Elementor

LA-Studio Element Kit for Elementor

lastudio-element-kit

B
83

The advanced addons for Elementor

10K 18 CVEs
WPBITS Addons For Elementor Page Builder

WPBITS Addons For Elementor Page Builder

wpbits-addons-for-elementor

A
95

Addons for Elementor Page Builder.

2K 7 CVEs
Easy Elementor Addons – Addons Pack for Elementor Page Builder

Easy Elementor Addons – Addons Pack for Elementor Page Builder

easy-elementor-addons

A
94

Level up with Easy Elementor Addons – adds powerful widgets and sleek design tools to your favorite Elementor page builder.

1K 7 CVEs
Developer Profile

TopperPack – Complete Elementor Addons, Theme & CPT Builder Developer Profile

Themepul

1 plugin · 400 total installs

77
trust score
Avg Security Score
75/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect TopperPack – Complete Elementor Addons, Theme & CPT Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/topper-pack/admin/assets/css/dashboard.css/wp-content/plugins/topper-pack/assets/css/frontend.css/wp-content/plugins/topper-pack/assets/js/frontend.js
Script Paths
/wp-content/plugins/topper-pack/freemius/start.php
Version Parameters
topper-pack/assets/css/frontend.css?ver=topper-pack/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
topppa-elementor-panel-widget-badge
HTML Comments
Don't remove this function, it is essential for the * `function_exists` CALL ABOVE TO PROPERLY WORK.
Data Attributes
data-elementor-iddata-elementor-post-typedata-elementor-type
JS Globals
TopperPackFrontendtopppa_params
REST Endpoints
/wp-json/topper-pack/v1/settings
Shortcode Output
<span class="topppa-elementor-panel-widget-badge"></span>
FAQ

Frequently Asked Questions about TopperPack – Complete Elementor Addons, Theme & CPT Builder