Does WPKoi Templates for Elementor have any unpatched vulnerabilities?

No. All known vulnerabilities in WPKoi Templates for Elementor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WPKoi Templates for Elementor compatible with WordPress 6.9.4?

According to WordPress.org data, WPKoi Templates for Elementor 3.6.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WPKoi Templates for Elementor compatible with PHP 7.0+?

WPKoi Templates for Elementor requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WPKoi Templates for Elementor updated?

WPKoi Templates for Elementor was last updated on Mar 6, 2026. Frequent updates are generally a positive security signal.

What is WPKoi Templates for Elementor's security score?

WPKoi Templates for Elementor has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPKoi Templates for Elementor Security & Risk Analysis

wordpress.org/plugins/wpkoi-templates-for-elementor

Unlock 400+ stunning Elementor templates that transform your website into a visual masterpiece. Compatible with popular WordPress themes.

5K active installs v3.6.0 PHP 7.0+ WP 4.9+ Updated Mar 6, 2026

demoelementorelementor-templatelanding-pagetemplate-library

A · Safe

CVEs total6

Unpatched0

Last CVEDec 6, 2025

Plugin page Download

Safety Verdict

Is WPKoi Templates for Elementor Safe to Use in 2026?

Generally Safe

Score 95/100

WPKoi Templates for Elementor has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Dec 6, 2025Updated 28d ago

Risk Assessment

The 'wpkoi-templates-for-elementor' plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices in areas like SQL query preparation (100% prepared statements) and output escaping (98% properly escaped), significantly mitigating common web vulnerabilities. The absence of any currently unpatched CVEs is also a strong indicator of active maintenance and a commitment to security.

However, there are notable concerns arising from the static analysis. The presence of two unprotected AJAX handlers exposes a significant attack surface without proper authentication checks. While the taint analysis shows no critical or high severity flows, the two flows with unsanitized paths warrant attention, as they could potentially lead to vulnerabilities if not handled carefully in subsequent code. The vulnerability history, with six past medium severity CVEs, primarily related to missing authorization and cross-site scripting, suggests a recurring pattern of weaknesses in input validation and access control.

Overall, while the plugin has strong foundations in many security areas, the identified unprotected entry points and past vulnerability types indicate a need for increased vigilance in authorization checks and input sanitization to prevent potential exploitation.

Key Concerns

Unprotected AJAX handlers present
Flows with unsanitized paths found
Past medium CVEs (Missing Auth, XSS)

Vulnerabilities

WPKoi Templates for Elementor Security Vulnerabilities

CVEs by Year

4 CVEs in 2024

2024

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

6 total CVEs

CVE-2025-64274medium · 4.3Missing Authorization

WPKoi Templates for Elementor <= 3.4.4 - Missing Authorization

Dec 6, 2025 Patched in 3.4.5 (6d)

CVE-2025-57999medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPKoi Templates for Elementor <= 3.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025 Patched in 3.4.4 (9d)

CVE-2024-56241medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPKoi Templates for Elementor <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 30, 2024 Patched in 3.1.4 (10d)

CVE-2024-49679medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPKoi Templates for Elementor <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 21, 2024 Patched in 3.1.1 (10d)

CVE-2024-4980medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPKoi Templates for Elementor <= 2.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters

May 21, 2024 Patched in 2.5.11 (1d)

CVE-2024-2136medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPKoi Templates for Elementor <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Heading Widget

Mar 6, 2024 Patched in 2.5.7 (1d)

Code Analysis

Analyzed Mar 16, 2026

WPKoi Templates for Elementor Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

849 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped869 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

wpkoi_templates_for_elementor_import_template_ajax_handler (inc\element-options.php:153)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

WPKoi Templates for Elementor Attack Surface

Entry Points6

Unprotected2

AJAX Handlers 6

authwp_ajax_elementor_render_widgetelements\includes\class-wpkoi-elements-integration.php:50

authwp_ajax_wpkoi_templates_for_elementor_lite_wtfe_submitinc\element-options.php:11

authwp_ajax_wtfe_import_template_ajaxinc\element-options.php:271

authwp_ajax_wtfe_create_page_ajaxinc\element-options.php:272

authwp_ajax_wtfe_update_page_meta_ajaxinc\element-options.php:273

authwp_ajax_wpkoi_handle_notice_responsewpkoi-templates-for-elementor.php:260

WordPress Hooks 66

actionelementor/element/after_section_endelements\elements\custom-css\custom-css.php:13

actionelementor/element/parse_csselements\elements\custom-css\custom-css.php:14

actionwp_footerelements\elements\distorted-heading\distorted-heading.php:504

actionelementor/element/common/_section_responsive/after_section_endelements\elements\effects\effects.php:46

actionelementor/frontend/widget/before_renderelements\elements\effects\effects.php:48

actionelementor/widget/before_render_contentelements\elements\effects\effects.php:50

actionelementor/frontend/before_enqueue_scriptselements\elements\effects\effects.php:52

actionelementor/element/container/section_layout/after_section_endelements\elements\sticky-container\sticky-container.php:23

actionelementor/frontend/container/before_renderelements\elements\sticky-container\sticky-container.php:24

actionelementor/frontend/before_enqueue_scriptselements\elements\sticky-container\sticky-container.php:26

actionelementor/editor/after_enqueue_scriptselements\elements\sticky-container\sticky-container.php:27

actionelementor/initelements\elements\sticky-container\sticky-container.php:264

actionwp_enqueue_scriptselements\includes\class-wpkoi-elements-integration.php:44

actionelementor/widgets/registerelements\includes\class-wpkoi-elements-integration.php:46

actionelementor/controls/controls_registeredelements\includes\class-wpkoi-elements-integration.php:48

actionelementor/frontend/before_register_scriptselements\includes\class-wpkoi-elements-integration.php:52

actionelementor/frontend/before_enqueue_scriptselements\includes\class-wpkoi-elements-integration.php:54

actionelementor/editor/before_enqueue_scriptselements\includes\class-wpkoi-elements-integration.php:55

actionelementor/initelements\includes\elementor-helper.php:14

actionelementor/editor/before_enqueue_scriptselements\includes\elementor-helper.php:23

actionwp_enqueue_scriptstheme\inc\css-output.php:461

actionadmin_inittheme\inc\css-output.php:471

actioncustomize_controls_enqueue_scriptstheme\inc\customizer-helpers.php:378

actioncustomize_controls_enqueue_scriptstheme\inc\customizer-helpers.php:401

actioncustomize_registertheme\inc\customizer.php:11

actioncustomize_registertheme\inc\customizer.php:18

actionadmin_menutheme\inc\dashboard.php:12

actionadmin_enqueue_scriptstheme\inc\dashboard.php:33

actionadmin_headtheme\inc\dashboard.php:49

actionadmin_noticestheme\inc\dashboard.php:419

actionadmin_inittheme\inc\dashboard.php:436

actionadmin_menutheme\inc\dashboard.php:454

filterbody_classtheme\inc\markup.php:31

filterwpkoi_header_classtheme\inc\markup.php:127

filterwpkoi_footer_classtheme\inc\markup.php:137

filterwpkoi_main_classtheme\inc\markup.php:147

filterpost_classtheme\inc\markup.php:155

actionadmin_enqueue_scriptstheme\inc\meta-box.php:11

actionadd_meta_boxestheme\inc\meta-box.php:25

actionsave_posttheme\inc\meta-box.php:136

actionwpkoi_creditstheme\inc\structures.php:39

actionwpkoi_social_bar_actiontheme\inc\structures.php:106

actionafter_setup_themetheme\inc\structures.php:188

actionwpkoi_before_navigationtheme\inc\structures.php:475

filternav_menu_item_titletheme\inc\structures.php:594

filternav_menu_link_attributestheme\inc\structures.php:651

actionwpkoi_inside_navigationtheme\inc\structures.php:678

filterwp_nav_menu_itemstheme\inc\structures.php:705

actionwp_headtheme\inc\structures.php:739

filterwpkoi_option_defaultstheme\inc\theme-functions.php:12

filterwpkoi_default_color_palettestheme\inc\theme-functions.php:22

filterwpkoi_typography_default_fontstheme\inc\theme-functions.php:32

filterwpkoi_typography_inherit_fontstheme\inc\theme-functions.php:42

actionwp_enqueue_scriptstheme\inc\theme-functions.php:65

actionwp_enqueue_scriptstheme\inc\theme-functions.php:74

actionadmin_noticeswpkoi-templates-for-elementor.php:30

actionadmin_noticeswpkoi-templates-for-elementor.php:59

actionadmin_noticeswpkoi-templates-for-elementor.php:88

actionadmin_enqueue_scriptswpkoi-templates-for-elementor.php:122

actionwp_enqueue_scriptswpkoi-templates-for-elementor.php:149

actionadmin_menuwpkoi-templates-for-elementor.php:161

actionadmin_headwpkoi-templates-for-elementor.php:171

actionplugins_loadedwpkoi-templates-for-elementor.php:183

actionadmin_noticeswpkoi-templates-for-elementor.php:191

actionadmin_initwpkoi-templates-for-elementor.php:277

actionadmin_initwpkoi-templates-for-elementor.php:288

Maintenance & Trust

WPKoi Templates for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 6, 2026

PHP min version7.0

Downloads252K

Community Trust

Rating92/100

Number of ratings17

Active installs5K

Alternatives

WPKoi Templates for Elementor Alternatives

StillAnotherSite

stillanothersite

100

3,000+ Elementor template blocks and sections with one-click import. Free and premium design blocks to build stunning pages in minutes.

0 No CVEs

Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud!

templately

Templately is an AI-powered WordPress templates cloud for Elementor and Gutenberg that offers 6,500+ ready template designs for a wide range of niches

400K 6 CVEs

Anant Sites — Elementor & Gutenberg Readymade Template Library Free & Pro Templates

ananta-sites

100

Ready Free Templates for Elementor & Gutenberg block editor

1K No CVEs

Custom Library for Elementor: Design System & Template Manager

analogwp-library

100

Create your own design system in Elementor. Organize templates, save time, and empower clients with consistent designs.

90 No CVEs

Elementor Website Builder – More Than Just a Page Builder

elementor

The Elementor Website Builder has it all: drag and drop page builder, pixel perfect design, mobile responsive editing, and more. Get started now!

10.0M 46 CVEs

Developer Profile

WPKoi Templates for Elementor Developer Profile

wpkoithemes

154 plugins · 13K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

6 days

View full developer profile

Detection Fingerprints

How We Detect WPKoi Templates for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpkoi-templates-for-elementor/assets/css/wpkoi-templates-for-elementor.css/wp-content/plugins/wpkoi-templates-for-elementor/assets/js/import.js

Script Paths

/wp-content/plugins/wpkoi-templates-for-elementor/assets/js/import.js

Version Parameters

wpkoi-templates-for-elementor/assets/css/wpkoi-templates-for-elementor.css?ver=wpkoi-templates-for-elementor/assets/js/import.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-nonce

JS Globals

wtfe_ajax_obj

FAQ