WP-Safety

Innovs WPBakery Visual Composer WHMCS Elements Security & Risk Analysis

wordpress.org/plugins/void-visual-whmcs-element

🚀 This WordPress Plugin seamlessly integrates various WPBakery Page Builder widgets with WHMCS, the leading solution for hosting companies to bill and …

2K active installs v1.0.4.3 PHP 5.6+ WP 4.4+ Updated Dec 2, 2025
page-buildervisual-composerwhmcswhmcs-bridgewpbakery
54
C · Use Caution
CVEs total3
Unpatched2
Last CVEDec 17, 2025
Plugin page Download
Safety Verdict

Is Innovs WPBakery Visual Composer WHMCS Elements Safe to Use in 2026?

Use With Caution

Score 54/100

Innovs WPBakery Visual Composer WHMCS Elements has 2 unpatched vulnerabilities. Evaluate alternatives or apply available mitigations.

3 known CVEs 2 unpatched Last CVE: Dec 17, 2025Updated 4mo ago
Risk Assessment

The "void-visual-whmcs-element" plugin v1.0.4.3 exhibits a mixed security posture. While it demonstrates good practices in avoiding dangerous functions and using prepared statements for SQL queries, significant concerns arise from its attack surface and historical vulnerability patterns. Three out of four identified entry points, specifically AJAX handlers, lack proper authentication checks. This is further compounded by taint analysis revealing two flows with unsanitized paths, suggesting a potential for injecting malicious data into the application, though thankfully no critical or high-severity issues were flagged in this analysis. The plugin's history of three known CVEs, with two currently unpatched and all being medium severity and related to Cross-Site Scripting, is a major red flag. This pattern indicates a recurring weakness in how user input is handled, making it susceptible to persistent or stored XSS attacks.

Key Concerns

  • Unpatched CVEs (2)
  • AJAX handlers without auth checks (3)
  • Unsanitized paths in taint flows (2)
  • Low percentage of properly escaped output
  • No nonce checks on AJAX handlers
Vulnerabilities
3

Innovs WPBakery Visual Composer WHMCS Elements Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-68574medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPBakery Visual Composer WHMCS Elements <= 1.0.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 17, 2025Unpatched
CVE-2025-47659medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPBakery Visual Composer WHMCS Elements <= 1.0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 7, 2025Unpatched
CVE-2024-10172medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPBakery Visual Composer WHMCS Elements <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via void_wbwhmcse_laouts_search Shortcode

Nov 20, 2024 Patched in 1.0.4.1 (34d)
Code Analysis
Analyzed Mar 16, 2026

Innovs WPBakery Visual Composer WHMCS Elements Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
28
45 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

62% escaped73 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
void_wbwhmcse_ajax_domain_function (helper\helper.php:22)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Innovs WPBakery Visual Composer WHMCS Elements Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 3

authwp_ajax_void_wbwhmcse_ajax_domain_functionhelper\helper.php:34
noprivwp_ajax_void_wbwhmcse_ajax_domain_functionhelper\helper.php:35
authwp_ajax_void_dismiss_noticeincludes\class-void-visual-whmcs-notice.php:7

Shortcodes 1

[void_wbwhmcse_laouts_knowledgebase] widgets\section-knowledgebase.php:21
WordPress Hooks 13
actionadmin_menuincludes\class-void-visual-whmcs-admin.php:13
actionadmin_enqueue_scriptsincludes\class-void-visual-whmcs-admin.php:14
actionadmin_noticesincludes\class-void-visual-whmcs-notice.php:6
actionadmin_noticesvoid-visual-whmcs-elements.php:35
actionplugins_loadedvoid-visual-whmcs-elements.php:44
actioninitvoid-visual-whmcs-elements.php:126
actionadmin_enqueue_scriptsvoid-visual-whmcs-elements.php:136
actionadmin_noticesvoid-visual-whmcs-elements.php:158
actionadmin_initvoid-visual-whmcs-elements.php:163
actionadmin_initvoid-visual-whmcs-elements.php:193
actioninitwidgets\section-domain-search.php:37
actioninitwidgets\section-knowledgebase.php:20
actioninitwidgets\section-pricing.php:28
Maintenance & Trust

Innovs WPBakery Visual Composer WHMCS Elements Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 2, 2025
PHP min version5.6
Downloads56K

Community Trust

Rating92/100
Number of ratings5
Active installs2K
Alternatives

Innovs WPBakery Visual Composer WHMCS Elements Alternatives

Mega Addons For WPBakery Page Builder

Mega Addons For WPBakery Page Builder

mega-addons-for-visual-composer

D
41

34+ Addons WPBakery extension, Beautifully designed unique elements, Includes Premium quality addons For WPBakery Page Builder.

30K 2 unpatched
Video Background

Video Background

video-background

A
92

Easily assign a video background to any element on your WordPress pages or posts. Now compatible with WPBakery (Visual Composer) and SiteOrigin Page B &hellip;

10K 1 CVE
Post Slider For WPBakery Page Builder

Post Slider For WPBakery Page Builder

post-carousel-slider-for-visual-composer

A
85

Drag & touch Post Carousel anything at any position (row / column) in VC

1K No CVEs
Pricing Table For WPBakery Page Builder

Pricing Table For WPBakery Page Builder

price-table-for-wpbakery-page-builder

A
85

Add Stylish, Unique and Fully Customizable Price table to your site. A unique Pricing Tables to suit your needs.

600 No CVEs
Image Hotspot With Tooltip For WPBakery Page Builder (formerly Visual Composer)

Image Hotspot With Tooltip For WPBakery Page Builder (formerly Visual Composer)

vc-image-hotspot

A
85

Checkout our Latest WordPress Themes - 100% Free

400 No CVEs
Developer Profile

Innovs WPBakery Visual Composer WHMCS Elements Developer Profile

voidcoders

2 plugins · 2K total installs

67
trust score
Avg Security Score
70/100
Avg Patch Time
34 days
View full developer profile
Detection Fingerprints

How We Detect Innovs WPBakery Visual Composer WHMCS Elements

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/void-visual-whmcs-element/assets/js/domain-search.js/wp-content/plugins/void-visual-whmcs-element/assets/css/style.css/wp-content/plugins/void-visual-whmcs-element/assets/css/void-cf7-admin.css
Script Paths
/wp-content/plugins/void-visual-whmcs-element/assets/js/domain-search.js
Version Parameters
void-visual-whmcs-element/assets/js/domain-search.js?ver=void-visual-whmcs-element/assets/css/style.css?ver=void-visual-whmcs-element/assets/css/void-cf7-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
void-cf7-reviewvoid-cf7-review-btnvoid-cf7-review-done
Data Attributes
spare_me_ewhmcse
JS Globals
domainjs_texts
FAQ

Frequently Asked Questions about Innovs WPBakery Visual Composer WHMCS Elements