WP-Safety

User Frontend for Elementor – Frontend Admin Panel, Profile, Login, Registration & Content Submission for Elementor Security & Risk Analysis

wordpress.org/plugins/user-frontend-for-elementor

Create frontend admin panel/frontend dashbaoard, frontend user profile in minutes. With this plugin, authorized users can manage the content from the …

70 active installs v2.0.0.5 PHP 5.4+ WP 4.7+ Updated Jun 6, 2023
elementorfrontend-adminfrontend-admin-for-elementorpagebuilderuser-frontend
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is User Frontend for Elementor – Frontend Admin Panel, Profile, Login, Registration & Content Submission for Elementor Safe to Use in 2026?

Generally Safe

Score 85/100

User Frontend for Elementor – Frontend Admin Panel, Profile, Login, Registration & Content Submission for Elementor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The user-frontend-for-elementor plugin version 2.0.0.5 presents a concerning security posture primarily due to its unprotected entry points. With 5 out of 6 identified entry points lacking authentication checks, there's a significant risk of unauthorized access and potential manipulation of plugin functionalities. The presence of a dangerous `create_function` usage is a red flag, as it can lead to code injection vulnerabilities if not handled with extreme care. Furthermore, only a small percentage of output is properly escaped, increasing the likelihood of cross-site scripting (XSS) vulnerabilities.

While the plugin boasts no known historical CVEs, this absence does not guarantee future safety, especially given the evident weaknesses in its current implementation. The 100% of analyzed taint flows having unsanitized paths is a major concern, even without critical or high severity classifications. This indicates that data is flowing through the application without proper validation and sanitization, which can be a precursor to various vulnerabilities.

In conclusion, while the plugin has not accumulated a history of public vulnerabilities, its current static and taint analysis reveals critical security shortcomings. The large number of unprotected AJAX handlers, the presence of a dangerous function, insufficient output escaping, and the prevalence of unsanitized data flows create a substantial attack surface. Developers should prioritize addressing these immediate issues to mitigate potential risks.

Key Concerns

  • 5 AJAX handlers without auth checks
  • Dangerous function: create_function
  • Only 3% of outputs properly escaped
  • 1 SQL query uses prepared statements (50%)
  • No nonce checks
  • 4 flows with unsanitized paths
Vulnerabilities
None known

User Frontend for Elementor – Frontend Admin Panel, Profile, Login, Registration & Content Submission for Elementor Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

User Frontend for Elementor – Frontend Admin Panel, Profile, Login, Registration & Content Submission for Elementor Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
1 prepared
Unescaped Output
382
12 escaped
Nonce Checks
0
Capability Checks
3
File Operations
1
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

create_function$callback = create_function('', 'echo "' . str_replace( '"', '\"', $section['desc'] ) . '";');includes\class-settings-api.php:100

SQL Query Safety

50% prepared2 total queries

Output Escaping

3% escaped394 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
wp_admin_access_check (includes\class-accessibility-functions.php:35)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

User Frontend for Elementor – Frontend Admin Panel, Profile, Login, Registration & Content Submission for Elementor Attack Surface

Entry Points6
Unprotected5

AJAX Handlers 5

authwp_ajax_fael_form_submitincludes\class-ajax.php:36
noprivwp_ajax_fael_form_submitincludes\class-ajax.php:37
authwp_ajax_fael_fetch_dataincludes\class-ajax.php:38
authwp_ajax_sm_dissmiss_news_noticenews.php:31
authwp_ajax_ufel_votevote.php:14

Shortcodes 1

[fael_form] includes\class-shortcodes.php:41
WordPress Hooks 49
actionelementor/widget/render_contentincludes\class-accessibility-functions.php:21
actionadmin_initincludes\class-accessibility-functions.php:22
actionafter_setup_themeincludes\class-accessibility-functions.php:23
actionadmin_initincludes\class-admin-settings.php:48
actionadmin_menuincludes\class-admin-settings.php:49
actioninitincludes\class-page-frontend.php:16
actionadmin_enqueue_scriptsincludes\class-settings-api.php:24
actioninitincludes\class-ufe-forms.php:36
filterfael_form_submit_typesincludes\modules\class-login.php:17
actionfael_create_itemincludes\modules\class-login.php:18
filterfael-after_create_item-conditionsincludes\modules\class-login.php:19
filterfael_settings_sectionsincludes\modules\class-login.php:20
filterfael_settings_fieldsincludes\modules\class-login.php:21
filterlogin_urlincludes\modules\class-login.php:22
actioninitincludes\modules\class-login.php:24
filterufel_after_form_restriction_filterincludes\modules\class-login.php:25
filterform_submit-check_widget_accessibilityincludes\modules\class-login.php:26
actionadmin_menunews.php:28
actionadmin_print_scriptsnews.php:29
actionadmin_noticesnews.php:30
actionelementor/documents/register_controlspage-settings.php:41
filterfael_form_submit_typespromo.php:2
actionfael_add_elementor_widget_categoriespromo.php:19
actionfael_widget_controls_sections_startpromo.php:28
actionfael_widget_controls_sections_afterpromo.php:50
actionfael_widget_controls_sections_startpromo.php:87
actionfael_page_settings_before-form_settings_sectionpromo.php:114
filterfael_page_settings-control_optionspromo.php:139
filterfael_form_submit_typespromo.php:152
actioninitufel.php:121
actionadmin_noticesufel.php:125
actionwp_enqueue_scriptsufel.php:132
actionadmin_enqueue_scriptsufel.php:133
actionwp_footerufel.php:134
actionelementor/editor/before_enqueue_scriptsufel.php:135
actionsave_postufel.php:155
filterajax_query_attachments_argsufel.php:158
actioninitvote.php:13
actionadmin_noticesvote.php:22
actionadmin_headvote.php:23
actionadmin_footervote.php:24
actioninitwidgets-loader.php:84
actionplugins_loadedwidgets-loader.php:85
actionadmin_noticeswidgets-loader.php:122
actionadmin_noticeswidgets-loader.php:128
actionadmin_noticeswidgets-loader.php:134
actionelementor/widgets/widgets_registeredwidgets-loader.php:139
actionelementor/controls/controls_registeredwidgets-loader.php:140
actionelementor/elements/categories_registeredwidgets-loader.php:307
Maintenance & Trust

User Frontend for Elementor – Frontend Admin Panel, Profile, Login, Registration & Content Submission for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9
Last updatedJun 6, 2023
PHP min version5.4
Downloads12K

Community Trust

Rating74/100
Number of ratings11
Active installs70
Alternatives

User Frontend for Elementor – Frontend Admin Panel, Profile, Login, Registration & Content Submission for Elementor Alternatives

Page Builder Companion

Page Builder Companion

page-builder-companion

A
100

Page Builder Companion helps you build fascinating full width pages with three different template types. Choose the one you like and enjoy displaying …

100 No CVEs
Elementor Website Builder – More Than Just a Page Builder

Elementor Website Builder – More Than Just a Page Builder

elementor

A
88

The Elementor Website Builder has it all: drag and drop page builder, pixel perfect design, mobile responsive editing, and more. Get started now!

10.0M 45 CVEs
Starter Templates – AI-Powered Templates for Elementor & Gutenberg

Starter Templates – AI-Powered Templates for Elementor & Gutenberg

astra-sites

A
89

The growing library of 300+ ready-to-use templates that work with all WordPress themes including Astra, Hello, OceanWP, GeneratePress and more

2.0M 7 CVEs
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

A
89

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 21 CVEs
Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs
Developer Profile

User Frontend for Elementor – Frontend Admin Panel, Profile, Login, Registration & Content Submission for Elementor Developer Profile

Mithu A Quayium

16 plugins · 500 total installs

84
trust score
Avg Security Score
86/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect User Frontend for Elementor – Frontend Admin Panel, Profile, Login, Registration & Content Submission for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/user-frontend-for-elementor/assets/css/app.css/wp-content/plugins/user-frontend-for-elementor/assets/css/fontello.css/wp-content/plugins/user-frontend-for-elementor/assets/js/editor-app.js/wp-content/plugins/user-frontend-for-elementor/assets/js/media-uploader.js
Script Paths
https://www.google.com/recaptcha/api.js

HTML / DOM Fingerprints

CSS Classes
fael-editor-icons-cssfael-editor-app-js
JS Globals
ufe_vueobject
FAQ

Frequently Asked Questions about User Frontend for Elementor – Frontend Admin Panel, Profile, Login, Registration & Content Submission for Elementor