WP-Safety

WCFM – WCFM Marketplace integrate Elementor Security & Risk Analysis

wordpress.org/plugins/wc-frontend-manager-elementor

Create your marketplace store page using Elementor with your own design. Easily and Beatifully.

1K active installs v3.0.4 PHP 5.6+ WP 4.4+ Updated Sep 15, 2024
elementormulti-vendorvendorwcfmwoocommerce-marketplace
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WCFM – WCFM Marketplace integrate Elementor Safe to Use in 2026?

Generally Safe

Score 92/100

WCFM – WCFM Marketplace integrate Elementor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The static analysis of wc-frontend-manager-elementor v3.0.4 presents a mixed security picture. On the positive side, the plugin exhibits a strong adherence to secure coding practices regarding database interactions, with 100% of SQL queries utilizing prepared statements. Furthermore, the absence of any recorded vulnerabilities or CVEs is a significant indicator of past security maturity. However, a substantial concern arises from the code analysis revealing that only 28% of output operations are properly escaped. This low percentage suggests a high likelihood of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data could be directly rendered in the browser without adequate sanitization, potentially allowing attackers to inject malicious scripts. While the attack surface appears minimal with no identified AJAX handlers, REST API routes, or shortcodes without authentication, the lack of proper output escaping remains a critical weakness that significantly elevates the risk profile of this plugin version.

Key Concerns

  • Low percentage of properly escaped output
  • No nonce checks detected
  • Limited capability checks detected
Vulnerabilities
None known

WCFM – WCFM Marketplace integrate Elementor Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WCFM – WCFM Marketplace integrate Elementor Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
41
16 escaped
Nonce Checks
0
Capability Checks
2
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

28% escaped57 total outputs
Attack Surface

WCFM – WCFM Marketplace integrate Elementor Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 23
actionelementor/theme/register_conditionscore\class-wcfmem-conditions-manager.php:11
actionelementor/controls/registercore\class-wcfmem-controls-manager.php:12
actionelementor/documents/registercore\class-wcfmem-documents-manager.php:15
actionelementor/dynamic_tags/registercore\class-wcfmem-dynamic_tags-manager.php:11
filterelementor/api/get_templates/body_argscore\class-wcfmem-templates-manager.php:6
actionwoocommerce_api_wcfmem-template-preview-9000001core\class-wcfmem-templates-manager.php:18
actionwoocommerce_api_wcfmem-template-preview-9000002core\class-wcfmem-templates-manager.php:19
filterpre_http_requestcore\class-wcfmem-templates-manager.php:34
actionelementor/elements/categories_registeredcore\class-wcfmem-widgets-manager.php:11
actionelementor/widgets/registercore\class-wcfmem-widgets-manager.php:12
actionelementor/initcore\class-wcfmem.php:30
actionbefore_woocommerce_initcore\class-wcfmem.php:31
actionelementor/editor/footercore\class-wcfmem.php:67
filterwcfmem_locate_store_templatecore\class-wcfmem.php:68
actionwp_enqueue_scriptscore\class-wcfmem.php:69
actionwp_enqueue_scriptsincludes\documents\class-wcfmem-document-wcfmem-store.php:17
actionplugins_loadedwc-frontend-manager-elementor.php:38
actionadmin_noticeswc-frontend-manager-elementor.php:43
actionadmin_noticeswc-frontend-manager-elementor.php:48
actionadmin_noticeswc-frontend-manager-elementor.php:53
actionadmin_noticeswc-frontend-manager-elementor.php:58
actionadmin_noticeswc-frontend-manager-elementor.php:64
actionadmin_noticeswc-frontend-manager-elementor.php:69
Maintenance & Trust

WCFM – WCFM Marketplace integrate Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedSep 15, 2024
PHP min version5.6
Downloads85K

Community Trust

Rating70/100
Number of ratings12
Active installs1K
Alternatives

WCFM – WCFM Marketplace integrate Elementor Alternatives

WCFM – Direct PayPal Pay for WooCommerce Multivendor Marketplace

WCFM – Direct PayPal Pay for WooCommerce Multivendor Marketplace

wc-frontend-manager-direct-paypal

A
85

Direct pay in vendor's PayPal account from customer account.

400 No CVEs
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible

WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible

wc-frontend-manager

A
88

Vendor frontend store/shop manager for WC Marketplace, WC Vendors, WC Product Vendors & Dokan with Bookings, Listings & Subscriptions compatib …

20K 8 CVEs
WCFM Marketplace – Multivendor Marketplace for WooCommerce

WCFM Marketplace – Multivendor Marketplace for WooCommerce

wc-multivendor-marketplace

C
57

The most featured and powerful multi vendor plugin for WordPress, setup fantastic woocommerce marketplace store in minutes.

20K 1 unpatched
MultiVendorX – WooCommerce Multivendor Marketplace Solutions

MultiVendorX – WooCommerce Multivendor Marketplace Solutions

dc-woocommerce-multi-vendor

A
86

MultiVendorX: WordPress multivendor plugin to build your dream marketplace. Top-rated multi-vendor plugin to launch your dream WooCommerce marketplace …

3K 23 CVEs
Split Pay – Stripe Connect Split Payments & Multi-Vendor Marketplace for WooCommerce

Split Pay – Stripe Connect Split Payments & Multi-Vendor Marketplace for WooCommerce

bsd-woo-stripe-connect-split-pay

A
100

Split payments made in WooCommerce stores between multiple Stripe Connected Accounts and a Stripe Platform Account.

100 No CVEs
Developer Profile

WCFM – WCFM Marketplace integrate Elementor Developer Profile

WC Lovers

7 plugins · 52K total installs

68
trust score
Avg Security Score
84/100
Avg Patch Time
210 days
View full developer profile
Detection Fingerprints

How We Detect WCFM – WCFM Marketplace integrate Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wc-frontend-manager-elementor/assets/css/wcfmem-elementor-editor.css/wp-content/plugins/wc-frontend-manager-elementor/assets/js/wcfmem-elementor-editor.js/wp-content/plugins/wc-frontend-manager-elementor/assets/js/wcfmem-elementor-frontend.js/wp-content/plugins/wc-frontend-manager-elementor/assets/js/wcfmem-elementor-frontend-wrapper.js/wp-content/plugins/wc-frontend-manager-elementor/views/editor-templates/sortable-list-row.php
Script Paths
/wp-content/plugins/wc-frontend-manager-elementor/assets/js/wcfmem-elementor-editor.js/wp-content/plugins/wc-frontend-manager-elementor/assets/js/wcfmem-elementor-frontend.js/wp-content/plugins/wc-frontend-manager-elementor/assets/js/wcfmem-elementor-frontend-wrapper.js
Version Parameters
wc-frontend-manager-elementor/assets/css/wcfmem-elementor-editor.css?ver=wc-frontend-manager-elementor/assets/js/wcfmem-elementor-editor.js?ver=wc-frontend-manager-elementor/assets/js/wcfmem-elementor-frontend.js?ver=wc-frontend-manager-elementor/assets/js/wcfmem-elementor-frontend-wrapper.js?ver=wc-frontend-manager-elementor/views/editor-templates/sortable-list-row.php?ver=

HTML / DOM Fingerprints

CSS Classes
wcfmem-elementor-editor-wrapper
HTML Comments
<!-- WCFM Elementor plugin core Dependency check and load -->
Data Attributes
data-wcfmem-elementor-id
JS Globals
WCFMemwcfmem_elementor_frontend_params
FAQ

Frequently Asked Questions about WCFM – WCFM Marketplace integrate Elementor