WP-Safety

UltraAddons for Elementor Security & Risk Analysis

wordpress.org/plugins/ultraaddons-elementor-lite

Free widgets, Custom Fonts, Custom CSS, Anywhere Elementor Shortcode, Header & Footer Builder, Menu Builder, WooCommerce Widgets.

800 active installs v2.0.2 PHP 7.0+ WP 4.0+ Updated Dec 10, 2025
builderdrag-and-dropeditorelementorlanding-page
44
D · High Risk
CVEs total5
Unpatched3
Last CVEMay 16, 2025
Plugin page Download
Safety Verdict

Is UltraAddons for Elementor Safe to Use in 2026?

High Risk

Score 44/100

UltraAddons for Elementor carries significant security risk with 5 known CVEs, 3 still unpatched. Consider switching to a maintained alternative.

5 known CVEs 3 unpatched Last CVE: May 16, 2025Updated 3mo ago
Risk Assessment

The "ultraaddons-elementor-lite" v2.0.2 plugin exhibits a mixed security posture. While the static analysis shows good practices like 100% prepared SQL statements and a high percentage of properly escaped output, several concerning areas exist. The presence of 3 shortcodes as entry points, even without immediate unprotected access, represents potential vectors for exploitation if not handled carefully within their logic. The static analysis also indicates file operations and external HTTP requests, which can introduce vulnerabilities if inputs influencing these operations are not rigorously sanitized. Furthermore, the plugin has a history of 5 known CVEs, with 3 remaining unpatched, all of medium severity. These include common and serious vulnerabilities like Cross-site Scripting (XSS), Cross-Site Request Forgery (CSRF), and Authorization Bypass. The recency of the last vulnerability (2025-05-16) suggests ongoing security issues. While the current version's static analysis highlights some positive security implementations, the historical prevalence and unpatched nature of past vulnerabilities significantly elevate the risk, suggesting a pattern of recurring security weaknesses that require careful attention and prompt patching.

Key Concerns

  • Unpatched CVEs
  • Medium severity CVEs
  • File operations present
  • External HTTP requests present
  • Shortcodes as entry points
Vulnerabilities
5

UltraAddons for Elementor Security Vulnerabilities

CVEs by Year

3 CVEs in 2024 · unpatched
2024
2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
5

5 total CVEs

CVE-2025-48131medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

UltraAddons Elementor Lite <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 16, 2025Unpatched
CVE-2025-32264medium · 4.3Cross-Site Request Forgery (CSRF)

UltraAddons <= 2.0.0 - Cross-Site Request Forgery

Apr 4, 2025Unpatched
CVE-2024-10696medium · 4.3Authorization Bypass Through User-Controlled Key

UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.8 - Insecure Direct Object Reference to Sensitive Information Exposure via UA_Template Shortcode

Nov 20, 2024 Patched in 1.1.9 (71d)
CVE-2024-49277medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

UltraAddons Elementor Lite <= 2.0.0 - Authenticated (Author+) Stored Cross-Site Scripting

Oct 15, 2024Unpatched
CVE-2024-4866medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

Jul 9, 2024 Patched in 1.1.7 (23d)
Code Analysis
Analyzed Mar 16, 2026

UltraAddons for Elementor Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
117
1640 escaped
Nonce Checks
2
Capability Checks
6
File Operations
3
External Requests
4
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

93% escaped1757 total outputs
Attack Surface

UltraAddons for Elementor Attack Surface

Entry Points3
Unprotected0

Shortcodes 3

[UltraAddons_Template] inc\wp\shortcode.php:11
[UA_Template] inc\wp\shortcode.php:12
[ULTRAADDONS_TEMPLATE] inc\wp\shortcode.php:13
WordPress Hooks 91
actionadmin_enqueue_scriptsadmin\admin-handle.php:36
actionadmin_menuadmin\admin-handle.php:39
filterparent_fileadmin\admin-handle.php:50
filtersubmenu_fileadmin\admin-handle.php:51
actionwp_headinc\classes\custom-fonts-render.php:34
actionadmin_headinc\classes\custom-fonts-render.php:35
actionelementor/editor/before_enqueue_scriptsinc\classes\custom-fonts-render.php:36
actionget_headerinc\classes\header-footer-render.php:72
actionwp_body_openinc\classes\header-footer-render.php:76
filterbody_classinc\classes\header-footer-render.php:77
actionget_footerinc\classes\header-footer-render.php:81
actionwp_footerinc\classes\header-footer-render.php:85
filterbody_classinc\classes\header-footer-render.php:86
actionwp_enqueue_scriptsinc\classes\header-footer-render.php:90
actionelementor/page_templates/canvas/before_contentinc\classes\header-footer-render.php:99
actionget_headerinc\classes\header-footer-render.php:101
actionget_headerinc\core\header-footer.php:102
actionwp_body_openinc\core\header-footer.php:104
actionget_footerinc\core\header-footer.php:113
actionwp_footerinc\core\header-footer.php:115
filterbody_classinc\core\header-footer.php:120
filterelementor/icons_manager/nativeinc\core\icons-manager.php:21
actionelementor/element/common/_section_style/after_section_endinc\extensions\background-overlay.php:14
actionelementor/element/section/section_advanced/after_section_endinc\extensions\conditional-content.php:37
filterelementor/frontend/section/should_renderinc\extensions\conditional-content.php:42
actionelementor/element/common/_section_style/after_section_endinc\extensions\custom-css.php:16
filterelementor/fonts/groupsinc\extensions\custom-fonts.php:42
filterelementor/fonts/additional_fontsinc\extensions\custom-fonts.php:43
actionelementor/element/common/_section_style/after_section_endinc\extensions\floating-effects.php:14
actionelementor/frontend/widget/before_renderinc\extensions\floating-effects.php:16
actionelementor/preview/enqueue_scriptsinc\extensions\floating-effects.php:18
actionelementor/element/section/section_advanced/after_section_endinc\extensions\general-extension.php:42
actionelementor/element/column/section_advanced/after_section_endinc\extensions\gradient-text-deleted.php:13
actionelementor/element/section/section_advanced/after_section_endinc\extensions\gradient-text-deleted.php:14
actionelementor/element/common/_section_style/after_section_endinc\extensions\gradient-text-deleted.php:15
actionelementor/element/column/section_advanced/after_section_endinc\extensions\hover-effect.php:12
actionelementor/element/section/section_advanced/after_section_endinc\extensions\hover-effect.php:13
actionelementor/element/common/_section_style/after_section_endinc\extensions\hover-effect.php:14
actionelementor/element/column/section_advanced/after_section_endinc\extensions\placeholder-extension.php:23
actionelementor/element/section/section_advanced/after_section_endinc\extensions\placeholder-extension.php:24
actionelementor/element/common/_section_style/after_section_endinc\extensions\placeholder-extension.php:25
actionelementor/element/column/section_advanced/after_section_endinc\extensions\preset.php:18
actionelementor/element/section/section_advanced/after_section_endinc\extensions\preset.php:19
actionelementor/element/common/_section_style/after_section_endinc\extensions\preset.php:20
actionelementor/frontend/before_renderinc\extensions\preset.php:24
actionelementor/element/section/section_advanced/after_section_endinc\extensions\sticky-section.php:36
actionelementor/element/common/_section_style/after_section_endinc\extensions\transform.php:13
actionelementor/frontend/after_enqueue_stylesinc\extensions\transform.php:19
actionelementor/preview/enqueue_scriptsinc\extensions\transform.php:20
actionelementor/element/column/section_advanced/after_section_endinc\extensions\wrapper-link.php:12
actionelementor/element/section/section_advanced/after_section_endinc\extensions\wrapper-link.php:13
actionelementor/element/common/_section_style/after_section_endinc\extensions\wrapper-link.php:14
actionelementor/frontend/before_renderinc\extensions\wrapper-link.php:16
filterwoocommerce_add_to_cart_fragmentsinc\functions.php:270
filterwp_nav_menuinc\functions.php:659
actionelementor/editor/footerinc\library\demo\demo-library-manager.php:48
actionelementor/ajax/register_actionsinc\library\demo\demo-library-manager.php:49
actionelementor/editor/after_enqueue_scriptsinc\library\demo\demo-library-manager.php:52
actionelementor/preview/enqueue_stylesinc\library\demo\demo-library-manager.php:55
actionelementor/editor/footerinc\library\library-manager.php:42
actionelementor/ajax/register_actionsinc\library\library-manager.php:43
actionelementor/editor/after_enqueue_scriptsinc\library\library-manager.php:46
actionelementor/preview/enqueue_stylesinc\library\library-manager.php:49
filtergettextinc\widget\product-flip-carousel.php:1377
actioncmb2_admin_initinc\wp\custom-field.php:21
actionwp_here_stay_on_wpinc\wp\custom-field.php:99
filterwoocommerce_locate_templateinc\wp\custom-field.php:123
actioninitinc\wp\custom-fonts-taxonomy.php:40
actioninitinc\wp\header-footer-post.php:15
actionadd_meta_boxesinc\wp\header-footer-post.php:18
actionsave_postinc\wp\header-footer-post.php:19
actiontrashed_postinc\wp\header-footer-post.php:20
actiondelete_postinc\wp\header-footer-post.php:21
filtermanage_posts_columnsinc\wp\header-footer-post.php:24
actionmanage_posts_custom_columninc\wp\header-footer-post.php:25
filtertemplate_includeinc\wp\header-footer-post.php:31
actioninitinit.php:162
actionplugins_loadedinit.php:163
actionadmin_noticesinit.php:216
actionadmin_noticesinit.php:222
actionadmin_noticesinit.php:228
actionelementor/widgets/widgets_registeredloader.php:101
actionelementor/widgets/widgets_registeredloader.php:104
actionelementor/elements/categories_registeredloader.php:107
actionelementor/frontend/after_enqueue_stylesloader.php:110
actionwp_enqueue_scriptsloader.php:111
actionwp_enqueue_scriptsloader.php:112
actionadmin_enqueue_scriptsloader.php:121
actionwp_enqueue_scriptsloader.php:122
actionelementor/editor/before_enqueue_scriptsloader.php:125
actionelementor/editor/before_enqueue_scriptsloader.php:128
Maintenance & Trust

UltraAddons for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedDec 10, 2025
PHP min version7.0
Downloads28K

Community Trust

Rating90/100
Number of ratings4
Active installs800
Alternatives

UltraAddons for Elementor Alternatives

Elementor Website Builder – More Than Just a Page Builder

Elementor Website Builder – More Than Just a Page Builder

elementor

A
88

The Elementor Website Builder has it all: drag and drop page builder, pixel perfect design, mobile responsive editing, and more. Get started now!

10.0M 45 CVEs
TemplateSpare – 1000+ WordPress Starter Templates & Full Site Migration Tool | 1-Click Import/Export & No-Code Builder

TemplateSpare – 1000+ WordPress Starter Templates & Full Site Migration Tool | 1-Click Import/Export & No-Code Builder

templatespare

A
99

Imagine this... You’re planning your new website. You’re excited at first—but then reality hits. The design takes months. You wait for the developer t &hellip;

10K 1 CVE
DragDropr – Visual Drag & Drop Page Builder

DragDropr – Visual Drag & Drop Page Builder

dragdropr

A
85

DragDropr is a What-You-See-Is-What-You-REALLY-Get visual editor.

20 No CVEs
Multi-step Forms FREE (for Elementor)

Multi-step Forms FREE (for Elementor)

multi-step-forms-free-for-elementor

A
85

A simple plugin that streamlines the creation of multistep (or multiple page) forms to an easy drag-and-drop through the power of Elementor Pro.

20 No CVEs
Page builder for Posts – Mong9 Editor

Page builder for Posts – Mong9 Editor

mong9-editor

A
85

The most advanced frontend drag & drop content editor. Mong9 Editor is a responsive page builder which can be used to extend the Classic Editor.

10 No CVEs
Developer Profile

UltraAddons for Elementor Developer Profile

Saiful Islam

12 plugins · 20K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
116 days
View full developer profile
Detection Fingerprints

How We Detect UltraAddons for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ultraaddons-elementor-lite/assets/css/ultraaddons-admin.css/wp-content/plugins/ultraaddons-elementor-lite/assets/css/ultraaddons-public.css/wp-content/plugins/ultraaddons-elementor-lite/assets/js/ultraaddons-public.js
Version Parameters
ultraaddons-elementor-lite/assets/css/ultraaddons-admin.css?ver=ultraaddons-elementor-lite/assets/css/ultraaddons-public.css?ver=ultraaddons-elementor-lite/assets/js/ultraaddons-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
ultraaddons-elementor-lite
Data Attributes
data-ua-widget-id
JS Globals
ultraaddons_addons_switchers
FAQ

Frequently Asked Questions about UltraAddons for Elementor