Does Widgets for WooCommerce Products on Elementor have any unpatched vulnerabilities?

Yes — Widgets for WooCommerce Products on Elementor currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Widgets for WooCommerce Products on Elementor compatible with WordPress 6.6.5?

According to WordPress.org data, Widgets for WooCommerce Products on Elementor 2.0.4 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Widgets for WooCommerce Products on Elementor compatible with PHP 7.4+?

Widgets for WooCommerce Products on Elementor requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is Widgets for WooCommerce Products on Elementor's security score?

Widgets for WooCommerce Products on Elementor has a WP-Safety security score of 68/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Widgets for WooCommerce Products on Elementor Security & Risk Analysis

wordpress.org/plugins/woo-products-widgets-for-elementor

Woo Products widget is a plugin that allows adding WooCommerce Products and Categories into stylish grid and listing layouts to the pages built with E …

3K active installs v2.0.4 PHP 7.4+ WP 4.7+ Updated Oct 14, 2024

elementorelementor-woocommerce-addonsproduct-gridproducts-carouselproducts-list

C · Use Caution

CVEs total2

Unpatched1

Last CVEAug 12, 2024

Download

Safety Verdict

Is Widgets for WooCommerce Products on Elementor Safe to Use in 2026?

Use With Caution

Score 68/100

Widgets for WooCommerce Products on Elementor has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

2 known CVEs 1 unpatched Last CVE: Aug 12, 2024Updated 1yr ago

Risk Assessment

The 'woo-products-widgets-for-elementor' plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping a high percentage of its output. It also implements nonce and capability checks, indicating an awareness of common WordPress security mechanisms. However, significant concerns arise from the presence of unprotected entry points and the results of the taint analysis.

The plugin has one AJAX handler that lacks authentication checks, creating a direct pathway for unauthenticated attackers to interact with the plugin's functionality. Furthermore, the taint analysis revealed two high-severity flows with unsanitized paths. This suggests that user-supplied input might be processed in a way that could lead to vulnerabilities such as path traversal or include vulnerabilities if not handled carefully.

The vulnerability history is a notable area of concern, with two known CVEs, one of which remains unpatched. The types of past vulnerabilities, including Remote File Inclusion and Cross-Site Scripting, are serious and can have a significant impact. The presence of an unpatched high-severity vulnerability and the patterns of past issues indicate a recurring need for robust security practices and diligent patching. While the plugin has strengths in its SQL handling and output escaping, the identified unprotected entry points, taint analysis findings, and unpatched historical vulnerability necessitate caution.

Key Concerns

Unprotected AJAX handler found
Two high severity taint flows with unsanitized paths
One unpatched high severity CVE
Bundled outdated library: Freemius v1.0

Vulnerabilities

Widgets for WooCommerce Products on Elementor Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2024 · unpatched

2024

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2024-43271high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Woo Products Widgets For Elementor <= 2.0.4 - Authenticated (Contributor+) Local File Inclusion

Aug 12, 2024Unpatched

CVE-2022-4661medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Woo Products Widgets For Elementor <= 1.0.7 - Authenticated (Contributor+) Stored Cross Site Scripting

Dec 21, 2022 Patched in 1.0.8 (398d)

Code Analysis

Analyzed Mar 16, 2026

Widgets for WooCommerce Products on Elementor Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

289 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2Freemius1.0

SQL Query Safety

100% prepared3 total queries

Output Escaping

91% escaped316 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

save_meta_option (framework\post-meta\cherry-x-post-meta.php:481)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Widgets for WooCommerce Products on Elementor Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_elementor_render_widgetincludes\integrations\base\class-woo-product-widgets-integration.php:48

WordPress Hooks 34

actionadmin_enqueue_scriptsframework\interface-builder\cherry-x-interface-builder.php:150

actionwp_enqueue_scriptsframework\interface-builder\inc\class-cx-controls-base.php:52

actionadmin_enqueue_scriptsframework\interface-builder\inc\class-cx-controls-base.php:53

actionadmin_footerframework\interface-builder\inc\controls\iconpicker.php:85

actioncustomize_controls_print_footer_scriptsframework\interface-builder\inc\controls\iconpicker.php:86

filtercx_handler_response_dataframework\interface-builder\inc\controls\iconpicker.php:87

filtercx_control/add_repeater_dataframework\interface-builder\inc\controls\iconpicker.php:179

actionadmin_footerframework\interface-builder\inc\controls\repeater.php:80

actioncustomize_controls_print_footer_scriptsframework\interface-builder\inc\controls\repeater.php:81

filtercx_control/is_repeaterframework\interface-builder\inc\controls\repeater.php:119

actionafter_setup_themeframework\loader.php:83

actionafter_setup_themeframework\loader.php:84

actionadmin_enqueue_scriptsframework\post-meta\cherry-x-post-meta.php:81

actionadd_meta_boxesframework\post-meta\cherry-x-post-meta.php:82

actionsave_postframework\post-meta\cherry-x-post-meta.php:83

actionwp_enqueue_scriptsincludes\class-woo-product-widgets-assets.php:28

actionelementor/frontend/before_enqueue_scriptsincludes\class-woo-product-widgets-assets.php:30

actionelementor/frontend/after_register_scriptsincludes\class-woo-product-widgets-assets.php:31

actionelementor/frontend/after_enqueue_scriptsincludes\class-woo-product-widgets-assets.php:32

actionadmin_enqueue_scriptsincludes\class-woo-product-widgets-assets.php:33

actioninitincludes\class-woo-product-widgets-shortcodes.php:43

actionelementor/initincludes\integrations\base\class-woo-product-widgets-integration.php:44

actionelementor/widgets/widgets_registeredincludes\integrations\base\class-woo-product-widgets-integration.php:46

actionelementor/editor/after_enqueue_stylesincludes\integrations\base\class-woo-product-widgets-integration.php:50

actionelementor/controls/controls_registeredincludes\integrations\base\class-woo-product-widgets-integration.php:52

actiontemplate_redirectincludes\integrations\base\class-woo-product-widgets-integration.php:54

actionadmin_enqueue_scriptsincludes\settings\class-woo-product-widgets-settings.php:61

actionadmin_menuincludes\settings\class-woo-product-widgets-settings.php:62

actioninitincludes\settings\class-woo-product-widgets-settings.php:63

actionadmin_noticesincludes\settings\class-woo-product-widgets-settings.php:64

actionafter_setup_themewoo-product-widgets-for-elementor.php:119

actioninitwoo-product-widgets-for-elementor.php:122

actioninitwoo-product-widgets-for-elementor.php:124

actiontgmpa_registerwoo-product-widgets-for-elementor.php:190

Maintenance & Trust

Widgets for WooCommerce Products on Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedOct 14, 2024

PHP min version7.4

Downloads92K

Community Trust

Rating100/100

Number of ratings8

Active installs3K

Alternatives

Widgets for WooCommerce Products on Elementor Alternatives

JetWidgets for Elementor and WooCommerce

jetwoo-widgets-for-elementor

JetWidgets for Elementor and WooCommerce is a plugin that allows adding WooCommerce Products and Categories into stylish grid and listing layouts to t …

8K 1 CVE

Stax Addons for WooCommerce and Elementor

stax-woo-addons-for-elementor

100

Lightweight WooCommerce widgets for Elementor — product grids, image galleries, and more. Fast, modular, zero bloat.

100 No CVEs

Flexi Post Grid

flexi-post-grid

100

AJAX-powered Post Grid widget for Elementor with preset layouts, filters, pagination types, and slider support.

70 No CVEs

Post Grid for Elementor & Product Grid | PowerGrids

post-grid-for-elementor

This plugin extend Elementor by adding the Post Grid addon/widget and also the Woocommerce Product Grid widget for free!

40 No CVEs

Elementor Website Builder – More Than Just a Page Builder

elementor

The Elementor Website Builder has it all: drag and drop page builder, pixel perfect design, mobile responsive editing, and more. Get started now!

10.0M 45 CVEs

Developer Profile

Widgets for WooCommerce Products on Elementor Developer Profile

themelocation

6 plugins · 10K total installs

trust score

Avg Security Score

78/100

Avg Patch Time

111 days

View full developer profile

Detection Fingerprints

How We Detect Widgets for WooCommerce Products on Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woo-products-widgets-for-elementor/framework/interface-builder/cherry-x-interface-builder.php/wp-content/plugins/woo-products-widgets-for-elementor/framework/post-meta/cherry-x-post-meta.php/wp-content/plugins/woo-products-widgets-for-elementor/includes/class-woo-product-widgets-assets.php/wp-content/plugins/woo-products-widgets-for-elementor/includes/class-woo-product-widgets-tools.php

/wp-content/plugins/woo-products-widgets-for-elementor/includes/integrations/base/class-woo-product-widgets-integration.php

/wp-content/plugins/woo-products-widgets-for-elementor/includes/class-woo-product-widgets-template-functions.php/wp-content/plugins/woo-products-widgets-for-elementor/includes/class-woo-product-widgets-shortcodes.php/wp-content/plugins/woo-products-widgets-for-elementor/includes/settings/class-woo-product-widgets-settings.php+1 more

Script Paths

/wp-content/plugins/woo-products-widgets-for-elementor/assets/js/woo-product-widgets-editor.js/wp-content/plugins/woo-products-widgets-for-elementor/assets/js/woo-product-widgets-frontend.js/wp-content/plugins/woo-products-widgets-for-elementor/assets/js/woo-product-widgets-common.js

Version Parameters

woo-products-widgets-for-elementor/assets/js/woo-product-widgets-editor.js?ver=woo-products-widgets-for-elementor/assets/js/woo-product-widgets-frontend.js?ver=woo-products-widgets-for-elementor/assets/js/woo-product-widgets-common.js?ver=woo-products-widgets-for-elementor/assets/css/woo-product-widgets-editor.css?ver=woo-products-widgets-for-elementor/assets/css/woo-product-widgets-frontend.css?ver=

HTML / DOM Fingerprints

CSS Classes

woo-products-widgets-for-elementorwoo-products-widgets-elementor

HTML Comments

Plugin Name: Widgets for WooCommerce Products on ElementorDescription: WooCommerce Products widget for Elementor Page BuilderAuthor: ThemelocationAuthor URI: https://themelocation.com/

Data Attributes

data-widget_typedata-element_type

JS Globals

woo_elementor_products_widgets_editorwoo_elementor_products_widgets_frontend

FAQ