Does Ultra Addons Lite for Elementor have any unpatched vulnerabilities?

No. All known vulnerabilities in Ultra Addons Lite for Elementor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Ultra Addons Lite for Elementor compatible with WordPress 6.8.5?

According to WordPress.org data, Ultra Addons Lite for Elementor 1.3.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Ultra Addons Lite for Elementor compatible with PHP 5.2.4+?

Ultra Addons Lite for Elementor requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Ultra Addons Lite for Elementor updated?

Ultra Addons Lite for Elementor was last updated on Feb 3, 2026. Frequent updates are generally a positive security signal.

What is Ultra Addons Lite for Elementor's security score?

Ultra Addons Lite for Elementor has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ultra Addons Lite for Elementor Security & Risk Analysis

wordpress.org/plugins/ut-elementor-addons-lite

Ultra Addons Lite for Elementor enhances your page-building experience with creative elements & extensions, offering extensive customization options

800 active installs v1.3.2 PHP 5.2.4+ WP 4.1+ Updated Feb 3, 2026

elementorelementor-widgetelementsheader-footer-builderpage-builder

A · Safe

CVEs total3

Unpatched0

Last CVEOct 2, 2025

Plugin page Download

Safety Verdict

Is Ultra Addons Lite for Elementor Safe to Use in 2026?

Generally Safe

Score 97/100

Ultra Addons Lite for Elementor has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Oct 2, 2025Updated 2mo ago

Risk Assessment

The "ut-elementor-addons-lite" v1.3.2 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by ensuring all identified AJAX handlers and REST API routes have permission checks, and it exclusively uses prepared statements for its SQL queries. The high percentage of properly escaped output (95%) also suggests a commitment to preventing basic cross-site scripting vulnerabilities. However, the presence of two taint flows with unsanitized paths, even without critical or high severity, warrants attention as it indicates potential pathways for malicious input to reach sensitive functions.

The vulnerability history reveals a past pattern of three medium-severity vulnerabilities, specifically Cross-site Scripting and Authorization Bypass. While there are currently no unpatched CVEs, this history suggests a recurring need for diligent security auditing and patching. The plugin's age, indicated by a vulnerability dated 2025-10-02, could also imply that older code might still be present and potentially unaddressed if not actively maintained. Overall, the plugin has a decent foundation with strong output escaping and authentication checks, but the taint analysis and historical vulnerability data indicate areas where further scrutiny and potentially more robust sanitization mechanisms are advisable.

Key Concerns

Taint flows with unsanitized paths (High)
History of medium severity vulnerabilities (3 total)
Bundled library (DataTables) potentially outdated

Vulnerabilities

Ultra Addons Lite for Elementor Security Vulnerabilities

CVEs by Year

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-9077medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ultra Addons Lite for Elementor <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text Field

Oct 2, 2025 Patched in 1.2.0 (41d)

CVE-2025-32192medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ultra Addons Lite for Elementor <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 4, 2025 Patched in 1.1.9 (6d)

CVE-2024-13832medium · 4.3Authorization Bypass Through User-Controlled Key

Ultra Addons Lite for Elementor <= 1.1.8 - Authenticated (Contributor+) Restricted Post Disclosure

Feb 27, 2025 Patched in 1.1.9 (22d)

Code Analysis

Analyzed Mar 16, 2026

Ultra Addons Lite for Elementor Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

874 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTables

SQL Query Safety

100% prepared2 total queries

Output Escaping

95% escaped922 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

8 flows2 with unsanitized paths

ut_hf_input (modules\ut-hf-builder\inc\admin\class-ut-hf-metabox.php:314)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Ultra Addons Lite for Elementor Attack Surface

Entry Points20

Unprotected0

AJAX Handlers 19

authwp_ajax_utal_save_mark_default_statusincludes\ajax-functions.php:7

noprivwp_ajax_utal_save_mark_default_statusincludes\ajax-functions.php:8

authwp_ajax_utal_update_default_templateincludes\ajax-functions.php:68

noprivwp_ajax_utal_update_default_templateincludes\ajax-functions.php:69

authwp_ajax_utal_uncheck_other_defaultsincludes\ajax-functions.php:104

noprivwp_ajax_utal_uncheck_other_defaultsincludes\ajax-functions.php:105

authwp_ajax_utal_add_email_to_mailchimpincludes\ajax-functions.php:164

noprivwp_ajax_utal_add_email_to_mailchimpincludes\ajax-functions.php:165

authwp_ajax_utal_template_buildermodules\ut-hf-builder\ajax\ut-hf.php:6

noprivwp_ajax_utal_template_buildermodules\ut-hf-builder\ajax\ut-hf.php:7

authwp_ajax_utal_save_contentmodules\ut-hf-builder\ajax\ut-hf.php:74

noprivwp_ajax_utal_save_contentmodules\ut-hf-builder\ajax\ut-hf.php:75

authwp_ajax_utal_save_contentmodules\ut-hf-builder\ajax\ut-hf.php:80

authwp_ajax_ut_create_postmodules\ut-hf-builder\inc\admin\class-ut-hf-admin.php:42

authwp_ajax_ut_hf_load_autocomplatemodules\ut-hf-builder\inc\admin\class-ut-hf-metabox.php:22

authwp_ajax_ut_hf_post_adminmodules\ut-hf-builder\inc\admin\class-ut-hf-metabox.php:23

authwp_ajax_ut_more_rulemodules\ut-hf-builder\inc\admin\class-ut-hf-metabox.php:24

authwp_ajax_ut_hf_ex_automodules\ut-hf-builder\inc\admin\class-ut-hf-metabox.php:25

authwp_ajax_ut_hf_typemodules\ut-hf-builder\inc\admin\class-ut-hf-metabox.php:26

Shortcodes 1

[ut_elementor] includes\queries.php:512

WordPress Hooks 31

actionelementor/element/column/layout/before_section_endcontrols\make-column-clickable.php:16

actionelementor/frontend/column/before_rendercontrols\make-column-clickable.php:17

filtermanage_elementor_library_posts_columnsincludes\queries.php:496

actionmanage_elementor_library_posts_custom_columnincludes\queries.php:537

actionadmin_enqueue_scriptsmodules\ut-hf-builder\inc\admin\class-ut-hf-admin.php:37

filtermanage_ut_hf_builder_posts_columnsmodules\ut-hf-builder\inc\admin\class-ut-hf-admin.php:38

actionmanage_ut_hf_builder_posts_custom_columnmodules\ut-hf-builder\inc\admin\class-ut-hf-admin.php:39

actionadmin_footermodules\ut-hf-builder\inc\admin\class-ut-hf-admin.php:40

actionadmin_footermodules\ut-hf-builder\inc\admin\class-ut-hf-admin.php:41

actionadd_meta_boxesmodules\ut-hf-builder\inc\admin\class-ut-hf-metabox.php:20

actionsave_postmodules\ut-hf-builder\inc\admin\class-ut-hf-metabox.php:21

actionwpmodules\ut-hf-builder\inc\class-ut-hf-template.php:35

actionwp_headmodules\ut-hf-builder\inc\class-ut-hf-template.php:36

filterut_single_templatemodules\ut-hf-builder\inc\class-ut-hf-template.php:37

actionutal_hf_get_headermodules\ut-hf-builder\inc\class-ut-hf-template.php:38

actionutal_hf_get_footermodules\ut-hf-builder\inc\class-ut-hf-template.php:39

actionget_headermodules\ut-hf-builder\inc\class-ut-hf-template.php:93

actionget_footermodules\ut-hf-builder\inc\class-ut-hf-template.php:94

actioninitut-elementor-addons-lite.php:34

actionplugins_loadedut-elementor-addons-lite.php:35

actionelementor/initut-elementor-addons-lite.php:36

actionelementor/frontend/after_register_scriptsut-elementor-addons-lite.php:37

actionelementor/frontend/after_enqueue_stylesut-elementor-addons-lite.php:38

actionelementor/editor/after_enqueue_stylesut-elementor-addons-lite.php:39

actionelementor/widgets/widgets_registeredut-elementor-addons-lite.php:40

actionadmin_menuut-elementor-addons-lite.php:41

actioninitut-elementor-addons-lite.php:42

actionadmin_enqueue_scriptsut-elementor-addons-lite.php:43

actionwp_footerut-elementor-addons-lite.php:45

actionadmin_noticesut-elementor-addons-lite.php:209

actionelementor/controls/controls_registeredut-elementor-addons-lite.php:377

Maintenance & Trust

Ultra Addons Lite for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedFeb 3, 2026

PHP min version5.2.4

Downloads15K

Community Trust

Rating0/100

Number of ratings0

Active installs800

Alternatives

Ultra Addons Lite for Elementor Alternatives

Easy Elements for Elementor – Addons & Website Templates

easy-elements

100

Modern Elementor Addons: A lightweight, powerful addon with beautifully designed widgets and extensions to build creative, animated websites.

600 No CVEs

myCred for Elementor

mycred-for-elementor

📢 🚨 Important Notice: The myCred for Elementor is now part of myCred Core plugin and will no longer receive updates here. Only security fixes will be …

500 1 CVE

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 22 CVEs

Ultimate Addons for Elementor

header-footer-elementor

Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa …

2.0M 12 CVEs

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

Elementor templates, Header footer builder, Elementor Post Grid, Woocommerce Grid builder, Slider, Forms, Gallery, Nav menu addons, Elementor widgets.

600K 1 unpatched

Developer Profile

Ultra Addons Lite for Elementor Developer Profile

UltraPress

2 plugins · 900 total installs

trust score

Avg Security Score

83/100

Avg Patch Time

23 days

View full developer profile

Detection Fingerprints

How We Detect Ultra Addons Lite for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ut-elementor-addons-lite/assets/css/ut-backend.css/wp-content/plugins/ut-elementor-addons-lite/assets/css/ut-frontend.css/wp-content/plugins/ut-elementor-addons-lite/assets/js/ut-frontend.js

Version Parameters

ut-elementor-addons-lite/assets/css/ut-backend.css?ver=ut-elementor-addons-lite/assets/css/ut-frontend.css?ver=ut-elementor-addons-lite/assets/js/ut-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

ut-admin-setting-wrapperut-admin-setting-titleut-admin-setting-formut-admin-setting-fieldut-admin-setting-switchut-admin-setting-sliderut-admin-setting-labelut-admin-setting-submit+2 more

Data Attributes

name="ut_enable_section_sticky"name="ut_enable_header_tranparent"name="ua_sticky_settings_nonce"

JS Globals

UTAL_PLUGIN_VERSION

FAQ