WP-Safety

WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder Security & Risk Analysis

wordpress.org/plugins/wdesignkit

3000+ Elementor Templates, Gutenberg Templates, Widgets Builder for Elementor, Gutenberg & Bricks, Cloud Workspace & Figma Files, 160+ Widgets Library

30K active installs v2.2.9 PHP 7.0+ WP 6.0+ Updated Mar 5, 2026
elementor-templateelementor-widgetsgutenberg-blockspage-templateswordpress-template
96
A · Safe
CVEs total3
Unpatched0
Last CVEOct 3, 2025
Plugin page Download
Safety Verdict

Is WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder Safe to Use in 2026?

Generally Safe

Score 96/100

WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Oct 3, 2025Updated 1mo ago
Risk Assessment

The wdesignkit plugin v2.2.9 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by implementing prepared statements for all SQL queries and properly escaping a high percentage of its output. It also includes nonce and capability checks on its entry points, which are crucial for preventing unauthorized actions. However, the presence of the `unserialize` function is a significant concern, as it can lead to Remote Code Execution if not handled with extreme care and proper input validation. While the static analysis shows no critical or high severity taint flows, the high number of unsanitized paths (9 out of 10 analyzed) is worrying and suggests potential for vulnerabilities that might not have been caught by the specific analysis conducted.

The plugin's vulnerability history is also a point of concern. Having 3 known CVEs, including one high severity vulnerability, indicates a pattern of past security weaknesses. While there are no currently unpatched vulnerabilities, the types of past issues—Missing Authorization, Cross-site Scripting, and Unrestricted File Uploads—are common and can be severe. The most recent vulnerability being in October 2025 suggests a potential for ongoing security challenges or that past vulnerabilities were complex to remediate.

In conclusion, while wdesignkit v2.2.9 has made strides in secure coding practices for SQL and output handling, the reliance on `unserialize` and the concerning taint analysis results, coupled with a history of significant vulnerabilities, point to a moderate risk. Further scrutiny of the `unserialize` implementation and thorough security auditing of all unsanitized paths are highly recommended. The plugin's strengths in SQL and output escaping are noteworthy but do not entirely mitigate the risks posed by other factors.

Key Concerns

  • Dangerous function: unserialize detected
  • High number of unsanitized paths
  • Known CVEs: 1 high severity
  • Known CVEs: 2 medium severity
Vulnerabilities
3

WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2025-9029medium · 4.3Missing Authorization

WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.16 - Missing Authentication via wdkit_handle_review_submission Function

Oct 3, 2025 Patched in 1.2.17 (1d)
CVE-2024-12189medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 31, 2025 Patched in 1.2.4 (18d)
CVE-2024-53811high · 7.2Unrestricted Upload of File with Dangerous Type

WDesignkit <= 1.0.40 - Authenticated (Administrator+) Arbitrary File Upload

Dec 2, 2024 Patched in 1.1.0 (10d)
Code Analysis
Analyzed Mar 16, 2026

WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder Code Analysis

Dangerous Functions
7
Raw SQL Queries
0
12 prepared
Unescaped Output
14
418 escaped
Nonce Checks
12
Capability Checks
20
File Operations
15
External Requests
24
Bundled Libraries
1

Dangerous Functions Found

unserialize$wdkit_licence = unserialize( $wdkit_licence );includes\admin\class-api.php:735
unserialize$theme_info = unserialize( $response['body'] );includes\admin\class-api.php:2306
unserialize$response['data']['tpae_licence'] = unserialize( $response['data']['tpae_licence'] );includes\admin\class-api.php:4612
unserialize$response['data']['tpag_licence'] = unserialize( $response['data']['tpag_licence'] );includes\admin\class-api.php:4616
unserialize$response['data']['uichemy_licence'] = unserialize( $response['data']['uichemy_licence'] );includes\admin\class-api.php:4620
unserialize$response['data']['wdkit_licence'] = unserialize( $response['data']['wdkit_licence'] );includes\admin\class-api.php:4624
unserialize$response['data']['wdkit_licence_extra'] = unserialize( $response['data']['wdkit_licence_extra'] );includes\admin\class-api.php:4633

Bundled Libraries

Select2

SQL Query Safety

100% prepared12 total queries

Output Escaping

97% escaped432 total outputs
Data Flows
9 unsanitized

Data Flow Analysis

10 flows9 with unsanitized paths
wdkit_get_snippet_kit (includes\admin\api\class-wdkit-code-snippet.php:531)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder Attack Surface

Entry Points9
Unprotected0

AJAX Handlers 9

authwp_ajax_wdkit_code_snippetincludes\admin\api\class-wdkit-code-snippet.php:60
authwp_ajax_wdkit_empty_search_handlingincludes\admin\api\class-wdkit-empty-search-handling.php:58
authwp_ajax_wdkit_theme_builderincludes\admin\api\class-wdkit-theme-builder.php:59
authwp_ajax_get_wdesignkitincludes\admin\class-api.php:110
authwp_ajax_wdkit_deactive_pluginincludes\admin\notices\class-wdkit-deactivate-feedback.php:74
authwp_ajax_wdkit_skip_deactivateincludes\admin\notices\class-wdkit-deactivate-feedback.php:75
authwp_ajax_wdkit_rating_banner_dismiss_noticeincludes\admin\notices\class-wdkit-rating.php:105
authwp_ajax_wdkit_submit_reviewincludes\admin\notices\class-wdkit-review-form.php:62
noprivwp_ajax_wdkit_submit_reviewincludes\admin\notices\class-wdkit-review-form.php:63
WordPress Hooks 36
actionwdkit_admin_create_defaultincludes\admin\class-wdkit-data-hooks.php:53
actionwdkit_active_settingsincludes\admin\class-wdkit-data-hooks.php:54
actionadmin_menuincludes\admin\class-wdkit-enqueue.php:55
actionadmin_enqueue_scriptsincludes\admin\class-wdkit-enqueue.php:57
actionadmin_enqueue_scriptsincludes\admin\class-wdkit-enqueue.php:59
actionenqueue_block_editor_assetsincludes\admin\class-wdkit-enqueue.php:60
actionenqueue_block_editor_assetsincludes\admin\class-wdkit-enqueue.php:61
actionenqueue_block_editor_assetsincludes\admin\class-wdkit-enqueue.php:64
actionelementor/editor/before_enqueue_stylesincludes\admin\class-wdkit-enqueue.php:67
actionelementor/editor/after_enqueue_stylesincludes\admin\class-wdkit-enqueue.php:68
actionelementor/preview/enqueue_stylesincludes\admin\class-wdkit-enqueue.php:69
actionelementor/editor/before_enqueue_scriptsincludes\admin\class-wdkit-enqueue.php:70
actionwp_enqueue_scriptsincludes\admin\class-wdkit-enqueue.php:74
filterwp_wdkit_import_temp_ajaxincludes\admin\hooks\class-wdkit-import-temp-ajax.php:63
filterwp_wdkit_login_ajaxincludes\admin\hooks\class-wdkit-login-ajax.php:57
filterwp_wdkit_preset_ajaxincludes\admin\hooks\class-wdkit-preset-ajax.php:57
filterwp_wdkit_widget_ajaxincludes\admin\hooks\class-wdkit-widget-ajax.php:69
filterupload_dirincludes\admin\hooks\class-wdkit-widget-ajax.php:448
actionadmin_footerincludes\admin\notices\class-wdkit-deactivate-feedback.php:70
actionadmin_enqueue_scriptsincludes\admin\notices\class-wdkit-deactivate-feedback.php:72
filterplugin_row_metaincludes\admin\notices\class-wdkit-plugin-page.php:77
filterall_pluginsincludes\admin\notices\class-wdkit-plugin-page.php:79
actionadmin_noticesincludes\admin\notices\class-wdkit-rating.php:102
actionwp_footerincludes\admin\notices\class-wdkit-review-form.php:56
actionadmin_footerincludes\admin\notices\class-wdkit-review-form.php:57
actionwp_enqueue_scriptsincludes\admin\notices\class-wdkit-review-form.php:59
actionadmin_enqueue_scriptsincludes\admin\notices\class-wdkit-review-form.php:60
filterall_pluginsincludes\admin\white_label\class-wdkit-white-label.php:49
actionplugins_loadedincludes\class-wdkit-wdesignkit.php:60
actioninitincludes\widget-load\bricks\class-wdkit-bricks-files-load.php:57
actionelementor/initincludes\widget-load\elementor\class-wdkit-elementor-files-load.php:63
actionelementor/widgets/registerincludes\widget-load\elementor\class-wdkit-elementor-files-load.php:79
actionenqueue_block_editor_assetsincludes\widget-load\gutenberg\class-wdkit-gutenberg-files-load.php:57
filterblock_categories_allincludes\widget-load\gutenberg\class-wdkit-gutenberg-files-load.php:146
actionenqueue_block_editor_assetsincludes\widget-load\gutenberg_core\class-wdkit-gutenberg-core-files-load.php:57
filterblock_categories_allincludes\widget-load\gutenberg_core\class-wdkit-gutenberg-core-files-load.php:58
Maintenance & Trust

WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMar 5, 2026
PHP min version7.0
Downloads508K

Community Trust

Rating96/100
Number of ratings12
Active installs30K
Alternatives

WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder Alternatives

PASS Addons – Templates, Widgets, and Resources for Elementor

PASS Addons – Templates, Widgets, and Resources for Elementor

pass-addons

A
100

Kickstart your website in minutes with Elementor widgets, templates, starter sites, and resources that make building easy and fast!

10 No CVEs
Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs
Ultimate Addons for Elementor

Ultimate Addons for Elementor

header-footer-elementor

A
96

Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa &hellip;

2.0M 12 CVEs
Premium Addons for Elementor – Powerful Elementor Templates & Widgets

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

A
95

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 35 CVEs
Royal Addons for Elementor – Addons and Templates Kit for Elementor

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

C
50

Elementor templates, Header footer builder, Elementor Post Grid, Woocommerce Grid builder, Slider, Forms, Gallery, Nav menu addons, Elementor widgets.

600K 1 unpatched
Developer Profile

WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder Developer Profile

POSIMYTH

8 plugins · 460K total installs

85
trust score
Avg Security Score
96/100
Avg Patch Time
72 days
View full developer profile
Detection Fingerprints

How We Detect WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wdesignkit/assets/fonts/style.css/wp-content/plugins/wdesignkit/assets/css/elementor/wdkit_enqueue_editor_styles.css/wp-content/plugins/wdesignkit/assets/css/bricks/wdkit_enqueue_editor_styles.css/wp-content/plugins/wdesignkit/assets/css/gutenberg/wdkit_enqueue_editor_styles.css
Version Parameters
wdesignkit/assets/fonts/style.css?ver=wdesignkit/assets/css/elementor/wdkit_enqueue_editor_styles.css?ver=wdesignkit/assets/css/bricks/wdkit_enqueue_editor_styles.css?ver=wdesignkit/assets/css/gutenberg/wdkit_enqueue_editor_styles.css?ver=

HTML / DOM Fingerprints

CSS Classes
tpae-wdkit-logowdkit-panel-need-help
Data Attributes
data-control-group*="Need"
JS Globals
wdkit_onbording_end
FAQ

Frequently Asked Questions about WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder