WP-Safety

All-in-One Addons for Elementor – WidgetKit Security & Risk Analysis

wordpress.org/plugins/widgetkit-for-elementor

Build stunning websites with Elementor using premium widgets for WooCommerce, LearnDash & LearnPress. Free creative, content & dynamic widget pack.

9K active installs v2.5.9 PHP 7.0+ WP 5.0+ Updated Dec 31, 2025
elementor-widgetslearndash-addonslearnpress-addonssensei-addonswoocommerce-addons
52
C · Use Caution
CVEs total10
Unpatched2
Last CVEDec 12, 2025
Plugin page Download
Safety Verdict

Is All-in-One Addons for Elementor – WidgetKit Safe to Use in 2026?

Use With Caution

Score 52/100

All-in-One Addons for Elementor – WidgetKit has 2 unpatched vulnerabilities. Evaluate alternatives or apply available mitigations.

10 known CVEs 2 unpatched Last CVE: Dec 12, 2025Updated 3mo ago
Risk Assessment

The widgetkit-for-elementor plugin exhibits a mixed security posture. While the static analysis reveals good practices in certain areas, such as the absence of dangerous functions, raw SQL queries, and unsanitized taint flows, significant concerns arise from its vulnerability history. The plugin has a history of 10 known CVEs, with 2 currently unpatched, and all of them are of medium severity. The common vulnerability types point to persistent issues with authorization, cross-site scripting, and information exposure. This suggests a pattern of recurring security flaws that have not been fully addressed over time.

Despite the static analysis showing a protected attack surface with all AJAX handlers and a capability check in place, the historical data strongly indicates underlying weaknesses. The presence of external HTTP requests, while only one, could be a potential vector if not handled securely. The high percentage of properly escaped output (89%) is positive, but the remaining 11% could still be a vector for cross-site scripting if sensitive data is involved. The conclusion is that while the current version's static analysis doesn't reveal immediate critical flaws, the extensive and recurring vulnerability history necessitates extreme caution and immediate patching of any outstanding vulnerabilities.

Key Concerns

  • 2 unpatched CVEs
  • 10 total medium severity CVEs
  • External HTTP requests
  • 11% output not properly escaped
Vulnerabilities
10

All-in-One Addons for Elementor – WidgetKit Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2022
2022
4 CVEs in 2024 · unpatched
2024
4 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
10

10 total CVEs

CVE-2025-8779medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

All-in-One Addons for Elementor – WidgetKit <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team and Countdown Widgets

Dec 12, 2025 Patched in 2.5.7 (1d)
CVE-2025-2330medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

All-in-One Addons for Elementor – WidgetKit <= 2.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via button+modal Widget

Jul 1, 2025 Patched in 2.5.5 (1d)
CVE-2025-49074medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WidgetKit <= 2.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 30, 2025 Patched in 2.5.5 (4d)
CVE-2024-10321medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

All-in-One Addons for Elementor – WidgetKit <= 2.5.5 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates

Mar 7, 2025Unpatched
CVE-2024-37428medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WidgetKit <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 28, 2024 Patched in 2.5.1 (5d)
CVE-2024-34548medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

All-in-One Addons for Elementor – WidgetKit <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 7, 2024 Patched in 2.5.0 (10d)
CVE-2024-33908medium · 5.3Missing Authorization

WidgetKit <= 2.5.4 - Missing Authorization to Notice Dismissal

Apr 29, 2024 Patched in 2.5.5 (452d)
CVE-2024-2137medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

All-in-One Addons for Elementor – WidgetKit <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Widgets

Apr 11, 2024Unpatched
CVE-2022-4256medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

All-in-One Addons for Elementor - WidgetKit <= 2.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Dec 6, 2022 Patched in 2.4.4 (413d)
CVE-2021-24267medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

All-in-One Addons for Elementor - WidgetKit <= 2.3.9 - Contributor+ Stored Cross-Site Scripting

Apr 13, 2021 Patched in 2.3.10 (1015d)
Code Analysis
Analyzed Mar 17, 2026

All-in-One Addons for Elementor – WidgetKit Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
194
1551 escaped
Nonce Checks
5
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

89% escaped1745 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
wkfe_mailchimp_api_keys (elements\helper-functions.php:177)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

All-in-One Addons for Elementor – WidgetKit Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 5

authwp_ajax_widgetkit_save_admin_addons_settingsadmin\admin-init.php:200
authwp_ajax_wkfe_mailchimp_ajax_form_data_receiverelements\helper-functions.php:100
noprivwp_ajax_wkfe_mailchimp_ajax_form_data_receiverelements\helper-functions.php:101
authwp_ajax_wkfe_mailchimp_api_keyselements\helper-functions.php:174
noprivwp_ajax_wkfe_mailchimp_api_keyselements\helper-functions.php:175
WordPress Hooks 62
actionadmin_menuadmin\admin-init.php:194
actionadmin_enqueue_scriptsadmin\admin-init.php:196
actionadmin_initadmin\admin-init.php:198
actionadmin_noticesadmin\notices\admin-notices.php:4
actionadmin_initadmin\notices\admin-notices.php:5
actionelementor/widgets/widgets_registeredelements\advanced-tab\widget.php:35
actionelementor/widgets/widgets_registeredelements\animation-text\widget.php:35
actionelementor/widgets/widgets_registeredelements\blog-1\widget.php:35
actionelementor/widgets/widgets_registeredelements\blog-2\widget.php:35
actionelementor/widgets/widgets_registeredelements\blog-3\widget.php:35
actionelementor/widgets/widgets_registeredelements\blog-4\widget.php:35
actionelementor/widgets/widgets_registeredelements\blog-5\widget.php:35
actionelementor/widgets/widgets_registeredelements\button-modal\widget.php:35
actionelementor/widgets/widgets_registeredelements\carousel\widget.php:35
actionelementor/widgets/widgets_registeredelements\click-tweet\widget.php:15
actionelementor/widgets/widgets_registeredelements\contact\widget.php:35
actionelementor/widgets/widgets_registeredelements\contact-form\widget.php:35
actionelementor/widgets/widgets_registeredelements\content-carousel\widget.php:35
actionelementor/widgets/widgets_registeredelements\countdown\widget.php:35
actionelementor/widgets/widgets_registeredelements\gallery\widget.php:35
filterwidget_textelements\helper-functions.php:13
actionelementor/widgets/widgets_registeredelements\hover-image\widget.php:35
actionelementor/widgets/widgets_registeredelements\image-compare\widget.php:35
actionelementor/widgets/widgets_registeredelements\image-feature\widget.php:35
filterupload_mimeselements\lottie\widget.php:25
filterwp_check_filetype_and_extelements\lottie\widget.php:26
actionelementor/widgets/widgets_registeredelements\lottie\widget.php:37
actionelementor/widgets/widgets_registeredelements\mailchimp\widget.php:35
actionelementor/widgets/widgets_registeredelements\portfolio\widget.php:35
actionelementor/widgets/widgets_registeredelements\pricing-1\widget.php:35
actionelementor/widgets/widgets_registeredelements\pricing-2\widget.php:35
actionelementor/widgets/widgets_registeredelements\pricing-tab\widget.php:35
actionelementor/widgets/widgets_registeredelements\pros-cons\widget.php:15
actionelementor/widgets/widgets_registeredelements\search\widget.php:35
actionelementor/widgets/widgets_registeredelements\site-social\widget.php:35
actionelementor/widgets/widgets_registeredelements\slider-1\widget.php:35
actionelementor/widgets/widgets_registeredelements\slider-2\widget.php:35
actionelementor/widgets/widgets_registeredelements\slider-3\widget.php:35
actionelementor/widgets/widgets_registeredelements\social-share-1\widget.php:35
actionelementor/widgets/widgets_registeredelements\social-share-2\widget.php:35
actionelementor/widgets/widgets_registeredelements\team\widget.php:35
actionelementor/widgets/widgets_registeredelements\team-1\widget.php:35
actionelementor/widgets/widgets_registeredelements\team-2\widget.php:35
actionelementor/widgets/widgets_registeredelements\team-3\widget.php:35
actionelementor/widgets/widgets_registeredelements\team-4\widget.php:35
actionelementor/widgets/widgets_registeredelements\testimonial\widget.php:35
actionelementor/widgets/widgets_registeredelements\testimonial-1\widget.php:35
actionelementor/widgets/widgets_registeredelements\testimonial-2\widget.php:35
actionelementor/widgets/widgets_registeredelements\tilt-box\widget.php:35
actionelementor/widgets/widgets_registeredelements\video-popup\widget.php:35
actionelementor/frontend/after_register_stylesincludes\addons-integration.php:16
actionelementor/frontend/after_register_scriptsincludes\addons-integration.php:17
actionelementor/frontend/before_enqueue_scriptsincludes\addons-integration.php:18
actionadmin_noticesincludes\dependency.php:16
actionelementor/editor/before_enqueue_scriptsincludes\widgetkit-admin-resources.php:14
filterplugin_action_linksincludes\widgetkit-pro-init.php:14
actioninitwidgetkit-for-elementor.php:43
actionelementor/initwidgetkit-for-elementor.php:44
actioninitwidgetkit-for-elementor.php:45
actionadmin_headwidgetkit-for-elementor.php:46
filterelementor/utils/get_placeholder_image_srcwidgetkit-for-elementor.php:47
actionbefore_woocommerce_initwidgetkit-for-elementor.php:50
Maintenance & Trust

All-in-One Addons for Elementor – WidgetKit Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 31, 2025
PHP min version7.0
Downloads564K

Community Trust

Rating90/100
Number of ratings36
Active installs9K
Alternatives

All-in-One Addons for Elementor – WidgetKit Alternatives

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

A
89

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 21 CVEs
Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs
Ultimate Addons for Elementor

Ultimate Addons for Elementor

header-footer-elementor

A
96

Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa &hellip;

2.0M 12 CVEs
Premium Addons for Elementor – Powerful Elementor Templates & Widgets

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

A
95

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 35 CVEs
Royal Addons for Elementor – Addons and Templates Kit for Elementor

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

C
50

Elementor templates, Header footer builder, Elementor Post Grid, Woocommerce Grid builder, Slider, Forms, Gallery, Nav menu addons, Elementor widgets.

600K 1 unpatched
Developer Profile

All-in-One Addons for Elementor – WidgetKit Developer Profile

Abu Huraira Bin Aman

7 plugins · 9K total installs

71
trust score
Avg Security Score
88/100
Avg Patch Time
238 days
View full developer profile
Detection Fingerprints

How We Detect All-in-One Addons for Elementor – WidgetKit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/widgetkit-for-elementor/dist/images/placeholder.jpg/wp-content/plugins/widgetkit-for-elementor/dist/js/widgetkit-editor.min.js/wp-content/plugins/widgetkit-for-elementor/dist/js/widgetkit-frontend.min.js/wp-content/plugins/widgetkit-for-elementor/dist/css/widgetkit-editor.min.css/wp-content/plugins/widgetkit-for-elementor/dist/css/widgetkit-frontend.min.css
Script Paths
/wp-content/plugins/widgetkit-for-elementor/dist/js/widgetkit-editor.min.js/wp-content/plugins/widgetkit-for-elementor/dist/js/widgetkit-frontend.min.js
Version Parameters
/wp-content/plugins/widgetkit-for-elementor/dist/js/widgetkit-editor.min.js?ver=/wp-content/plugins/widgetkit-for-elementor/dist/js/widgetkit-frontend.min.js?ver=/wp-content/plugins/widgetkit-for-elementor/dist/css/widgetkit-editor.min.css?ver=/wp-content/plugins/widgetkit-for-elementor/dist/css/widgetkit-frontend.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
widgetkit-gallerywidgetkit-portfoliowidgetkit-pricing-singlewidgetkit-pricing-iconwidgetkit-pricing-tabwidgetkit-searchwidgetkit-site-socialwidgetkit-contact+74 more
Data Attributes
data-widgetkit-noncedata-widgetkit-settings
JS Globals
window.WidgetkitFrontendwindow.WidgetkitEditor
FAQ

Frequently Asked Questions about All-in-One Addons for Elementor – WidgetKit