Does UiCore Elements – Free widgets and templates for Elementor have any unpatched vulnerabilities?

No. All known vulnerabilities in UiCore Elements – Free widgets and templates for Elementor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is UiCore Elements – Free widgets and templates for Elementor compatible with WordPress 6.9.4?

According to WordPress.org data, UiCore Elements – Free widgets and templates for Elementor 1.3.13 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is UiCore Elements – Free widgets and templates for Elementor compatible with PHP 7.4+?

UiCore Elements – Free widgets and templates for Elementor requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

UiCore Elements – Free widgets and templates for Elementor Security & Risk Analysis

wordpress.org/plugins/uicore-elements

Enhance your website with UiCore Elements – a free plugin offering diverse widgets for effortless design enrichment.

40K active installs v1.3.13 PHP 7.4+ WP 4.6+ Updated Jan 27, 2026

elementorpage-builderui-elementswidgets

A · Safe

CVEs total3

Unpatched0

Last CVEAug 27, 2025

Plugin page Download

Safety Verdict

Is UiCore Elements – Free widgets and templates for Elementor Safe to Use in 2026?

Generally Safe

Score 96/100

UiCore Elements – Free widgets and templates for Elementor has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Aug 27, 2025Updated 2mo ago

Risk Assessment

The uicore-elements plugin version 1.3.14 exhibits a mixed security posture. While it demonstrates good practices such as 100% prepared SQL statements and a high percentage of output escaping (80%), significant concerns arise from its attack surface and vulnerability history. The static analysis reveals 4 REST API routes, with 2 lacking proper permission callbacks, creating potential unauthorized access vectors. Additionally, the absence of nonce checks across all entry points, particularly concerning given the unprotected REST API endpoints, is a notable weakness. The vulnerability history is concerning, with 3 past CVEs, including one high and two medium severity vulnerabilities, primarily related to Cross-site Scripting and Missing Authorization. The fact that these historical issues often involved authorization problems further emphasizes the risk posed by the unprotected REST API endpoints found in this version. While the current static analysis doesn't show exploitable flows or missing capability checks on all identified entry points, the historical pattern and the presence of unprotected REST API routes suggest a recurring tendency towards authorization and input sanitization issues.

Key Concerns

2 REST API routes without permission callbacks
0 Nonce checks on entry points
Vulnerability history: 1 high, 2 medium severity
Common vulnerability types: Missing Authorization
Common vulnerability types: Cross-site Scripting
80% output escaping (20% potentially unescaped)

Vulnerabilities

UiCore Elements – Free widgets and templates for Elementor Security Vulnerabilities

CVEs by Year

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2025-58196medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

UiCore Elements <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 27, 2025 Patched in 1.3.5 (8d)

CVE-2025-6253high · 7.5Missing Authorization

UiCore Elements <= 1.3.0 - Missing Authorization to Unauthenticated Arbitrary File Read

Aug 11, 2025 Patched in 1.3.1 (1d)

CVE-2025-1054medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

UiCore Elements – Free Elementor widgets and templates <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

Apr 22, 2025 Patched in 1.2.0 (1d)

Code Analysis

Analyzed Mar 16, 2026

UiCore Elements – Free widgets and templates for Elementor Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

332 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

80% escaped416 total outputs

Attack Surface

2 unprotected

UiCore Elements – Free widgets and templates for Elementor Attack Surface

Entry Points4

Unprotected2

REST API Routes 4

GET/wp-json/uielem/v1/load_more/includes\class-rest-api.php:22

POST/wp-json/uielem/v1/submit_actions/includes\class-rest-api.php:48

POST/wp-json/uielem/v1/prepare_templateincludes\class-rest-api.php:53

GET/wp-json/uielem/v1/check_connectionincludes\class-rest-api.php:59

WordPress Hooks 23

actionadmin_menuincludes\class-admin.php:21

actionadmin_initincludes\class-admin.php:22

actionelementor/element/heading/section_title_style/after_section_endincludes\class-animate.php:20

actionelementor/element/highlighted-text/section_title_style/after_section_endincludes\class-animate.php:21

actionelementor/element/text-editor/section_drop_cap/after_section_endincludes\class-animate.php:22

actionadmin_enqueue_scriptsincludes\class-assets.php:16

actionelementor/editor/after_enqueue_scriptsincludes\class-assets.php:17

actionwp_enqueue_scriptsincludes\class-assets.php:19

actionelementor/editor/before_enqueue_scriptsincludes\class-design-cloud.php:19

actionelementor/elements/categories_registeredincludes\class-elementor.php:21

actionelementor/widgets/widgets_registeredincludes\class-elementor.php:22

actionelementor/controls/registerincludes\class-elementor.php:23

actionelementor/widgets/registerincludes\class-elementor.php:24

actionrest_api_initincludes\class-rest-api.php:17

actionelementor/element/button/section_button/before_section_endincludes\controls\class-lightbox-button.php:24

actionelementor/widget/render_contentincludes\controls\class-lightbox-button.php:25

actionwp_footerincludes\widgets\contact-form.php:1386

filterelementor/frontend/container/should_renderincludes\widgets\custom-carousel.php:268

actionwp_footerincludes\widgets\newsletter.php:671

filterelementor/frontend/container/should_renderincludes\widgets\tabs.php:1354

actionplugins_loadedplugin.php:57

actioninitplugin.php:189

actioninitplugin.php:192

Maintenance & Trust

UiCore Elements – Free widgets and templates for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 27, 2026

PHP min version7.4

Downloads363K

Community Trust

Rating0/100

Number of ratings0

Active installs40K

Alternatives

UiCore Elements – Free widgets and templates for Elementor Alternatives

HT Mega Addons for Elementor – Elementor Widgets & Template Builder

ht-mega-for-elementor

Elementor addon offering 135+ widgets — Mega Menu, Ready Templates, Page Builder, Slider, Gallery, Post Grid, AI Writer & more.

80K 32 CVEs

Livemesh Addons by Elementor

addons-for-elementor

Elementor Addons that saves time with multiple ready-to-use drag and drop styles for 30+ essential widgets built for Elementor page builder.

40K 18 CVEs

Apollo13 Framework Extensions

apollo13-framework-extensions

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs

Move Addons for Elementor

move-addons

Move Addons is a WordPress plugin for Elementor page builder, is a powerful tool that helps you to make almost every possible customization to your we …

3K 8 CVEs

Black Widgets For Elementor

black-widgets

Free add-on for Elementor! With this add-on, you can add more visual effects and improve your website's user experience. ✌

900 1 unpatched

Developer Profile

UiCore Elements – Free widgets and templates for Elementor Developer Profile

uicore

3 plugins · 80K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

3 days

View full developer profile

Detection Fingerprints

How We Detect UiCore Elements – Free widgets and templates for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/uicore-elements/assets/css/uicore-elements-frontend.css/wp-content/plugins/uicore-elements/assets/css/uicore-elements.css/wp-content/plugins/uicore-elements/assets/js/components/nested-elements.js/wp-content/plugins/uicore-elements/assets/js/uicore-elements-frontend.js

Script Paths

/wp-content/plugins/uicore-elements/assets/js/uicore-elements-frontend.js/wp-content/plugins/uicore-elements/assets/js/components/nested-elements.js

Version Parameters

uicore-elements/assets/css/uicore-elements-frontend.css?ver=uicore-elements/assets/css/uicore-elements.css?ver=uicore-elements/assets/js/components/nested-elements.js?ver=uicore-elements/assets/js/uicore-elements-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

uicore-elements

Data Attributes

data-uicore-elements-widget

JS Globals

UiCoreElements

REST Endpoints

/wp-json/uicore-elements/v1/data

Shortcode Output

[uicore_elements]

FAQ