WP-Safety

WPBITS Addons For Elementor Page Builder Security & Risk Analysis

wordpress.org/plugins/wpbits-addons-for-elementor

Addons for Elementor Page Builder.

2K active installs v1.8.1 PHP 5.4+ WP 5.6+ Updated Jan 19, 2026
elementor-addonselementor-extensionselementor-moduleselementor-widgetstemplate-library
95
A · Safe
CVEs total7
Unpatched0
Last CVEJan 27, 2026
Plugin page Download
Safety Verdict

Is WPBITS Addons For Elementor Page Builder Safe to Use in 2026?

Generally Safe

Score 95/100

WPBITS Addons For Elementor Page Builder has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Jan 27, 2026Updated 2mo ago
Risk Assessment

The static analysis of wpbits-addons-for-elementor v1.8.1 reveals a generally good security posture with a limited attack surface and robust use of prepared statements for SQL queries and adequate output escaping. The plugin also demonstrates good practice by implementing nonce and capability checks on its entry points. However, the presence of the `unserialize` function is a notable concern, as it can lead to object injection vulnerabilities if not handled with extreme care and proper sanitization of the serialized data. Taint analysis did not reveal any immediate critical or high-severity issues, which is a positive sign.

Key Concerns

  • Presence of unserialize function
  • Bundled outdated Freemius library v1.0
  • Past medium severity XSS vulnerabilities
Vulnerabilities
7

WPBITS Addons For Elementor Page Builder Security Vulnerabilities

CVEs by Year

4 CVEs in 2024
2024
2 CVEs in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
7

7 total CVEs

CVE-2025-9082medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPBITS Addons For Elementor <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 27, 2026 Patched in 1.8.1 (1d)
CVE-2025-22316medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPBITS Addons For Elementor Page Builder <= 1.5.1 - Authenticated (Author+) Stored Cross-Site Scripting

Jan 6, 2025 Patched in 1.6 (10d)
CVE-2024-56285medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPBITS Addons For Elementor Page Builder <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 3, 2025 Patched in 1.6 (6d)
CVE-2024-8962medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPBITS Addons For Elementor Page Builder <= 1.5.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

Dec 3, 2024 Patched in 1.6 (1d)
CVE-2024-4862medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPBITS Addons For Elementor Page Builder <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

Jul 8, 2024 Patched in 1.5.1 (10d)
CVE-2024-32593medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPBITS Addons For Elementor Page Builder <= 1.3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 16, 2024 Patched in 1.4 (116d)
CVE-2024-2129medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPBITS Addons For Elementor Page Builder <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 19, 2024 Patched in 1.5 (79d)
Code Analysis
Analyzed Mar 16, 2026

WPBITS Addons For Elementor Page Builder Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
2 prepared
Unescaped Output
126
594 escaped
Nonce Checks
3
Capability Checks
7
File Operations
8
External Requests
5
Bundled Libraries
1

Dangerous Functions Found

unserialize$datetime = @unserialize( trim( $date_value ), array( 'allowed_classes' => array( 'DateTime' ) ) );includes\cmb2\includes\CMB2_Utils.php:571

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared2 total queries

Output Escaping

83% escaped720 total outputs
Attack Surface

WPBITS Addons For Elementor Page Builder Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 2

authwp_ajax_cmb2_oembed_handlerincludes\cmb2\includes\CMB2_Ajax.php:51
noprivwp_ajax_cmb2_oembed_handlerincludes\cmb2\includes\CMB2_Ajax.php:52

REST API Routes 1

GET/wp-json/wpbits-afeget-json/(?P<istheme>[a-zA-Z0-9-]+)/(?P<tid>[a-zA-Z0-9-]+)includes\elementor-config.php:753
WordPress Hooks 68
actionplugins_loadedclass-wpbits.php:75
actioninitclass-wpbits.php:76
actionadmin_enqueue_scriptsclass-wpbits.php:77
actioncmb2_meta_box_urlclass-wpbits.php:78
actioncmb2_before_formincludes\admin-fields.php:12
actioncmb2_after_formincludes\admin-fields.php:13
actioncmb2_render_switchincludes\admin-fields.php:64
actioncmb2_admin_initincludes\cmb2\example-functions.php:105
actioncmb2_admin_initincludes\cmb2\example-functions.php:470
actioncmb2_admin_initincludes\cmb2\example-functions.php:500
actioncmb2_admin_initincludes\cmb2\example-functions.php:564
actioncmb2_admin_initincludes\cmb2\example-functions.php:633
actioncmb2_admin_initincludes\cmb2\example-functions.php:674
actioncmb2_initincludes\cmb2\example-functions.php:777
actioncmb2_save_options-page_fieldsincludes\cmb2\includes\CMB2_Ajax.php:54
filterget_post_metadataincludes\cmb2\includes\CMB2_Ajax.php:147
filterupdate_post_metadataincludes\cmb2\includes\CMB2_Ajax.php:150
filtercmb2_show_onincludes\cmb2\includes\CMB2_Hookup.php:79
actionedit_form_topincludes\cmb2\includes\CMB2_Hookup.php:118
actionedit_form_before_permalinkincludes\cmb2\includes\CMB2_Hookup.php:122
actionedit_form_after_titleincludes\cmb2\includes\CMB2_Hookup.php:126
actionedit_form_after_editorincludes\cmb2\includes\CMB2_Hookup.php:130
actionadd_meta_boxesincludes\cmb2\includes\CMB2_Hookup.php:134
actionadd_meta_boxesincludes\cmb2\includes\CMB2_Hookup.php:137
actionadd_attachmentincludes\cmb2\includes\CMB2_Hookup.php:138
actionedit_attachmentincludes\cmb2\includes\CMB2_Hookup.php:139
actionsave_postincludes\cmb2\includes\CMB2_Hookup.php:140
actionpre_get_postsincludes\cmb2\includes\CMB2_Hookup.php:147
actionadd_meta_boxes_commentincludes\cmb2\includes\CMB2_Hookup.php:155
actionedit_commentincludes\cmb2\includes\CMB2_Hookup.php:156
filtermanage_edit-comments_columnsincludes\cmb2\includes\CMB2_Hookup.php:159
actionmanage_comments_custom_columnincludes\cmb2\includes\CMB2_Hookup.php:160
filtermanage_edit-comments_sortable_columnsincludes\cmb2\includes\CMB2_Hookup.php:161
actionpre_get_postsincludes\cmb2\includes\CMB2_Hookup.php:162
actionshow_user_profileincludes\cmb2\includes\CMB2_Hookup.php:171
actionedit_user_profileincludes\cmb2\includes\CMB2_Hookup.php:172
actionuser_new_formincludes\cmb2\includes\CMB2_Hookup.php:173
actionpersonal_options_updateincludes\cmb2\includes\CMB2_Hookup.php:175
actionedit_user_profile_updateincludes\cmb2\includes\CMB2_Hookup.php:176
actionuser_registerincludes\cmb2\includes\CMB2_Hookup.php:177
filtermanage_users_columnsincludes\cmb2\includes\CMB2_Hookup.php:180
filtermanage_users_custom_columnincludes\cmb2\includes\CMB2_Hookup.php:181
filtermanage_users_sortable_columnsincludes\cmb2\includes\CMB2_Hookup.php:182
actionpre_get_postsincludes\cmb2\includes\CMB2_Hookup.php:183
actionpre_get_postsincludes\cmb2\includes\CMB2_Hookup.php:229
actioncreated_termincludes\cmb2\includes\CMB2_Hookup.php:233
actionedited_termsincludes\cmb2\includes\CMB2_Hookup.php:234
actiondelete_termincludes\cmb2\includes\CMB2_Hookup.php:235
filterwp_prepare_attachment_for_jsincludes\cmb2\includes\CMB2_Hookup_Field.php:54
actionadmin_enqueue_scriptsincludes\cmb2\includes\CMB2_Hookup_Field.php:71
actioncmb2_do_oembedincludes\cmb2\includes\helper-functions.php:131
filteris_protected_metaincludes\cmb2\includes\rest-api\CMB2_REST.php:144
actioninitincludes\cmb2\init.php:131
actionelementor/widgets/widgets_registeredincludes\elementor-config.php:51
actionelementor/widgets/widgets_registeredincludes\elementor-config.php:63
actionelementor/frontend/after_register_scriptsincludes\elementor-config.php:87
actionelementor/editor/before_enqueue_scriptsincludes\elementor-config.php:153
actionwp_enqueue_scriptsincludes\elementor-config.php:191
actionwp_enqueue_scriptsincludes\elementor-config.php:326
actionsave_postincludes\elementor-config.php:616
actionelementor/frontend/after_enqueue_stylesincludes\elementor-config.php:685
actionelementor/initincludes\elementor-config.php:701
actionelementor/editor/after_enqueue_stylesincludes\elementor-config.php:716
actionrest_api_initincludes\elementor-config.php:774
actioninitincludes\elementor-config.php:965
filterWPBITS_AFE_PRO_LIBincludes\elementor-config.php:967
actionadmin_menuincludes\settings.php:22
actioncmb2_admin_initincludes\settings.php:90
Maintenance & Trust

WPBITS Addons For Elementor Page Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJan 19, 2026
PHP min version5.4
Downloads24K

Community Trust

Rating100/100
Number of ratings2
Active installs2K
Alternatives

WPBITS Addons For Elementor Page Builder Alternatives

Livemesh Addons by Elementor

Livemesh Addons by Elementor

addons-for-elementor

A
94

Elementor Addons that saves time with multiple ready-to-use drag and drop styles for 30+ essential widgets built for Elementor page builder.

40K 18 CVEs
LA-Studio Element Kit for Elementor

LA-Studio Element Kit for Elementor

lastudio-element-kit

B
83

The advanced addons for Elementor

10K 18 CVEs
Easy Elementor Addons – Addons Pack for Elementor Page Builder

Easy Elementor Addons – Addons Pack for Elementor Page Builder

easy-elementor-addons

A
94

Level up with Easy Elementor Addons – adds powerful widgets and sleek design tools to your favorite Elementor page builder.

1K 7 CVEs
Sidebars for Hello Elementor Theme

Sidebars for Hello Elementor Theme

sidebars-for-helloelementortheme

A
85

This plugin comes with 6 responsive sidebars for just about everything you need to use anywhere within your website built using Elementor and Hello El &hellip;

1K No CVEs
ElementsCSS Addons for Elementor (Elementor Widgets Extender & Addons)

ElementsCSS Addons for Elementor (Elementor Widgets Extender & Addons)

css-for-elementor

C
56

Extends existing Elementor and Elementor Pro Widgets, adds more useful new Widgets, features that saves your valuable time.

200 2 unpatched
Developer Profile

WPBITS Addons For Elementor Page Builder Developer Profile

wpbits

1 plugin · 2K total installs

85
trust score
Avg Security Score
95/100
Avg Patch Time
32 days
View full developer profile
Detection Fingerprints

How We Detect WPBITS Addons For Elementor Page Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpbits-addons-for-elementor/assets/js/wpbits-frontend.js/wp-content/plugins/wpbits-addons-for-elementor/assets/css/wpbits-addons.css/wp-content/plugins/wpbits-addons-for-elementor/assets/js/wpbits-editor.js
Script Paths
/wp-content/plugins/wpbits-addons-for-elementor/assets/js/wpbits-frontend.js/wp-content/plugins/wpbits-addons-for-elementor/assets/js/wpbits-editor.js
Version Parameters
/wp-content/plugins/wpbits-addons-for-elementor/assets/js/wpbits-frontend.js?ver=/wp-content/plugins/wpbits-addons-for-elementor/assets/css/wpbits-addons.css?ver=/wp-content/plugins/wpbits-addons-for-elementor/assets/js/wpbits-editor.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpbits-elementor-addonswpbits-swiper-slider-wrapper
Data Attributes
data-wpbits-swiper-slides
JS Globals
WPBITS_AFE_EDITORWPBITS_AFE_FRONTEND
FAQ

Frequently Asked Questions about WPBITS Addons For Elementor Page Builder