WP-Safety

Web and WooCommerce Addons for WPBakery Builder Security & Risk Analysis

wordpress.org/plugins/vc-addons-by-bit14

Clean, responsive, well designed addons for WPBakery Page Builder with custom post type

1K active installs v1.5 PHP 7.0+ WP 4.0+ Updated Apr 22, 2025
addons-for-wpbakery-page-builderweb-addonswoocommerce-addonswpbakery-addonswpbakery-page-builder
52
C · Use Caution
CVEs total4
Unpatched2
Last CVEDec 31, 2025
Download
Safety Verdict

Is Web and WooCommerce Addons for WPBakery Builder Safe to Use in 2026?

Use With Caution

Score 52/100

Web and WooCommerce Addons for WPBakery Builder has 2 unpatched vulnerabilities. Evaluate alternatives or apply available mitigations.

4 known CVEs 2 unpatched Last CVE: Dec 31, 2025Updated 11mo ago
Risk Assessment

The "vc-addons-by-bit14" plugin version 1.5 exhibits a mixed security posture. On the positive side, the static analysis indicates strong adherence to secure coding practices, with 100% of SQL queries using prepared statements and all identified outputs being properly escaped. Furthermore, all 27 entry points, including AJAX handlers and shortcodes, appear to have authorization checks, and there are no identified flows with unsanitized paths, critical or high severity taint issues.

However, significant concerns arise from the plugin's vulnerability history. With four known CVEs, and crucially, two of them remaining unpatched, this indicates a recurring pattern of security weaknesses. The prevalence of medium severity vulnerabilities, specifically Cross-site Scripting (XSS) and Missing Authorization, in the past suggests that these types of flaws are being introduced or are not being effectively remediated. The fact that the last vulnerability was reported as recently as December 31, 2025, despite the static analysis showing good practices, is particularly concerning and suggests potential blind spots or a delay in addressing discovered issues.

In conclusion, while the current version's code analysis suggests good secure coding practices, the plugin's history of unpatched vulnerabilities is a major red flag. The presence of known, unpatched vulnerabilities outweighs the positive static analysis findings, making this plugin a moderate to high risk. Users should exercise caution and prioritize applying any available patches for older versions, although the data implies a history of delayed patching.

Key Concerns

  • Unpatched CVEs (2)
  • Vulnerability history (4 medium)
  • Bundled library (Select2)
Vulnerabilities
4

Web and WooCommerce Addons for WPBakery Builder Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
2 CVEs in 2024 · unpatched
2024
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
4

4 total CVEs

CVE-2025-62748medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Web and WooCommerce Addons for WPBakery Builder <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 31, 2025Unpatched
CVE-2024-43960medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Web and WooCommerce Addons for WPBakery Builder <= 1.4.7 - Authenticated (Editor+) Stored Cross-Site Scripting

Aug 26, 2024Unpatched
CVE-2024-6579medium · 4.3Missing Authorization

Web and WooCommerce Addons for WPBakery Builder <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification

Jul 15, 2024 Patched in 1.4.6 (1d)
WF-7e697e7f-8d5b-4a9f-9148-f2dc5fb1ba38-vc-addons-by-bit14medium · 6.3Missing Authorization

Web and WooCommerce Addons for WPBakery Builder <= 1.4.4.1 - Missing Authorization Checks

Jul 6, 2022 Patched in 1.4.4.2 (566d)
Code Analysis
Analyzed Mar 16, 2026

Web and WooCommerce Addons for WPBakery Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
528 escaped
Nonce Checks
6
Capability Checks
8
File Operations
2
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

100% escaped528 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
pbwb_rtl_check (bit14-vc-addons.php:102)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Web and WooCommerce Addons for WPBakery Builder Attack Surface

Entry Points27
Unprotected0

AJAX Handlers 9

authwp_ajax_rtl_checkbit14-vc-addons.php:117
noprivwp_ajax_rtl_checkbit14-vc-addons.php:118
authwp_ajax_enable_fontawesonebit14-vc-addons.php:134
noprivwp_ajax_enable_fontawesonebit14-vc-addons.php:135
authwp_ajax_enable_googlefontsbit14-vc-addons.php:151
noprivwp_ajax_enable_googlefontsbit14-vc-addons.php:152
authwp_ajax_pbwb_activate_addonmenus\about-us.php:135
authwp_ajax_pbwb_deactivate_addonmenus\about-us.php:136
authwp_ajax_pbwb_install_addonmenus\about-us.php:137

Shortcodes 18

[web_addons_banner] bit14-vc-addons.php:377
[woo_addons_banner] bit14-vc-addons.php:405
[send_in_blue] bit14-vc-addons.php:413
[bit_animatedtext] classes\class-bit-animated-text.php:9
[audio_player] classes\class-bit-audio-player.php:8
[counter-lists] classes\class-bit-counter-lists.php:8
[bit_divider] classes\class-bit-dividers.php:9
[bit_headings] classes\class-bit-headings.php:6
[iconic-list] classes\class-bit-iconic-list.php:8
[info_banner] classes\class-bit-info-banner.php:7
[pieforms] classes\class-bit-pie-forms.php:9
[pieregister] classes\class-bit-pie-register.php:9
[progress-bar] classes\class-bit-progress-bar.php:8
[recent-post] classes\class-bit-recent-posts.php:9
[ribbon] classes\class-bit-ribbon.php:8
[social_icons] classes\class-bit-social-icons.php:8
[testimonial-lists] classes\class-bit-testimonial-lists.php:9
[bit_recent_post] templates\template-bit-recent-posts.php:321
WordPress Hooks 25
actionvc_before_initbit14-vc-addons.php:28
actionvc_before_initbit14-vc-addons.php:29
filtergettextbit14-vc-addons.php:32
actionadmin_menubit14-vc-addons.php:155
actionwp_enqueue_scriptsbit14-vc-addons.php:210
actionadmin_enqueue_scriptsbit14-vc-addons.php:234
filterplugin_action_linksbit14-vc-addons.php:280
filterbody_classbit14-vc-addons.php:283
actionadmin_bar_menubit14-vc-addons.php:339
filterbody_classbit14-vc-addons.php:343
actionwp_loadedclasses\class-bit-animated-text.php:8
actionwp_loadedclasses\class-bit-audio-player.php:7
actionwp_loadedclasses\class-bit-counter-lists.php:7
actionwp_loadedclasses\class-bit-dividers.php:8
actionwp_loadedclasses\class-bit-headings.php:5
actionwp_loadedclasses\class-bit-iconic-list.php:7
actionwp_loadedclasses\class-bit-info-banner.php:6
actionwp_loadedclasses\class-bit-pie-forms.php:8
actionwp_loadedclasses\class-bit-pie-register.php:8
actionwp_loadedclasses\class-bit-progress-bar.php:7
actionwp_loadedclasses\class-bit-recent-posts.php:8
actionwp_loadedclasses\class-bit-ribbon.php:7
actionwp_loadedclasses\class-bit-social-icons.php:7
actionwp_loadedclasses\class-bit-testimonial-lists.php:8
filtervc_google_fonts_get_fonts_filterclasses\class-bit-theme-font.php:13
Maintenance & Trust

Web and WooCommerce Addons for WPBakery Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedApr 22, 2025
PHP min version7.0
Downloads88K

Community Trust

Rating88/100
Number of ratings7
Active installs1K
Alternatives

Web and WooCommerce Addons for WPBakery Builder Alternatives

Mega Addons For WPBakery Page Builder

Mega Addons For WPBakery Page Builder

mega-addons-for-visual-composer

D
41

34+ Addons WPBakery extension, Beautifully designed unique elements, Includes Premium quality addons For WPBakery Page Builder.

30K 2 unpatched
WPBakery Page Builder Addons by Livemesh

WPBakery Page Builder Addons by Livemesh

addons-for-visual-composer

B
72

A collection of 25+ beautifully designed premium quality addons or extensions for WPBakery Page Builder.

20K 1 unpatched
Classic Addons – WPBakery Page Builder

Classic Addons – WPBakery Page Builder

classic-addons-wpbakery-page-builder-addons

A
96

15+ Beautiful and Powerful Addons for WPBakery Page Builder (Visual Composer)

3K 3 CVEs
HT Mega – Absolute Addons for WPBakery Page Builder

HT Mega – Absolute Addons for WPBakery Page Builder

ht-mega-for-wpbakery

A
98

The HTMega is a WPBakery Page builder addons package for WPBakery Page Builder plugin for WordPress.

1K 2 CVEs
ChargeWP Timeline Addons For WPBakery Page Builder

ChargeWP Timeline Addons For WPBakery Page Builder

chargewp-timeline-addons-for-wpbakery

A
100

Power your WPBakery Page Builder with well crafted timeline addons.

200 No CVEs
Developer Profile

Web and WooCommerce Addons for WPBakery Builder Developer Profile

Genetech Products

3 plugins · 3K total installs

54
trust score
Avg Security Score
64/100
Avg Patch Time
1564 days
View full developer profile
Detection Fingerprints

How We Detect Web and WooCommerce Addons for WPBakery Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/vc-addons-by-bit14/assets/css/style.css/wp-content/plugins/vc-addons-by-bit14/assets/css/rtl.css/wp-content/plugins/vc-addons-by-bit14/assets/js/rtl.js/wp-content/plugins/vc-addons-by-bit14/assets/css/select2.min.css/wp-content/plugins/vc-addons-by-bit14/assets/css/fontawesome5.11.css/wp-content/plugins/vc-addons-by-bit14/assets/css/slick.min.css/wp-content/plugins/vc-addons-by-bit14/assets/css/admin.css
Script Paths
/wp-content/plugins/vc-addons-by-bit14/assets/js/rtl.js

HTML / DOM Fingerprints

CSS Classes
bit-counter-listsbit-iconic-listbit-headingsbit-progress-barbit-testimonial-listsbit-info-bannerbit-pricing-tablebit-pricing-table-child+12 more
FAQ

Frequently Asked Questions about Web and WooCommerce Addons for WPBakery Builder