Does wpsection have any unpatched vulnerabilities?

No. All known vulnerabilities in wpsection have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is wpsection compatible with WordPress 6.8.5?

According to WordPress.org data, wpsection 1.5.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is wpsection compatible with PHP 5.6+?

wpsection requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is wpsection updated?

wpsection was last updated on Jun 28, 2025. Frequent updates are generally a positive security signal.

What is wpsection's security score?

wpsection has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

wpsection Security & Risk Analysis

wordpress.org/plugins/wpsection

wpsection is an Elementor Addon and Theme Making Plugin

3K active installs v1.5.1 PHP 5.6+ WP 4.6+ Updated Jun 28, 2025

envato-themewpsection

A · Safe

CVEs total1

Unpatched0

Last CVEAug 7, 2024

Plugin page Download

Safety Verdict

Is wpsection Safe to Use in 2026?

Generally Safe

Score 98/100

wpsection has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 7, 2024Updated 9mo ago

Risk Assessment

The "wpsection" plugin version 1.5.1 exhibits a generally strong security posture based on the static analysis. The absence of dangerous functions, raw SQL queries, and file operations is commendable. Furthermore, the high percentage of properly escaped output and the presence of nonce checks on all AJAX handlers indicate good development practices.

However, a significant concern arises from the plugin's vulnerability history. The presence of a past high-severity vulnerability related to "Improper Control of Filename for Include/Require Statement" (PHP Remote File Inclusion) is a red flag. While this specific vulnerability is currently patched, it suggests a historical tendency towards critical security flaws that could be reintroduced in future versions or exploited in ways not immediately apparent from the static analysis.

The static analysis itself shows a large attack surface with 19 entry points, though all are reported as protected. The lack of explicit capability checks on these entry points, despite the presence of nonce checks for AJAX, warrants careful consideration. This, combined with the historical vulnerability, indicates that while the code adheres to some security best practices, the potential for serious security issues still exists, especially if future updates are not rigorously vetted.

Key Concerns

Historical high-severity RFI vulnerability
No capability checks on entry points

Vulnerabilities

wpsection Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2024-43165high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

WPSection <= 1.3.8 - Authenticated (Contributor+) Local File Inlcusion

Aug 7, 2024 Patched in 1.3.9 (8d)

Code Analysis

Analyzed Mar 16, 2026

wpsection Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2059 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped2103 total outputs

Data Flows

All sanitized

Data Flow Analysis

8 flows

<settings-dashboard> (plugin\adminboard\settings-dashboard.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

wpsection Attack Surface

Entry Points19

Unprotected0

AJAX Handlers 8

authwp_ajax_populate_import_popupplugin\dashboard\class-hooks.php:23

authwp_ajax_import_elementplugin\dashboard\class-hooks.php:24

authwp_ajax_add_to_carttheme\shop\shop_functions.php:82

noprivwp_ajax_add_to_carttheme\shop\shop_functions.php:83

authwp_ajax_woocommerce_remove_cart_itemtheme\shop\shop_functions.php:146

noprivwp_ajax_woocommerce_remove_cart_itemtheme\shop\shop_functions.php:147

authwp_ajax_woocommerce_update_cart_item_quantitytheme\shop\shop_functions.php:176

noprivwp_ajax_woocommerce_update_cart_item_quantitytheme\shop\shop_functions.php:177

Shortcodes 11

[BANNER_SHORTCODE] theme\custompost\banner.php:79

[BLOCK_SHORTCODE] theme\custompost\block.php:79

[FOOTER_SHORTCODE] theme\custompost\footer.php:79

[HEADER_SHORTCODE] theme\custompost\header.php:79

[MEGAMENU_SHORTCODE] theme\custompost\megamenu.php:79

[MODAL_SHORTCODE] theme\custompost\modal.php:79

[PAGE_SHORTCODE] theme\custompost\page.php:79

[SECTION_SHORTCODE] theme\custompost\section.php:79

[SHOP_SHORTCODE] theme\custompost\shop.php:79

[SLIDER_SHORTCODE] theme\custompost\slider.php:79

[WIDGET_SHORTCODE] theme\custompost\widget.php:79

WordPress Hooks 87

actioninitplugin\dashboard\class-hooks.php:14

actionadmin_menuplugin\dashboard\class-hooks.php:15

actionadmin_initplugin\dashboard\class-hooks.php:16

actionelementor/elements/categories_registeredplugin\dashboard\class-hooks.php:17

actionpb_settings_before_wpsection_elements_activeplugin\dashboard\class-hooks.php:19

actionpb_settings_before_wpsection_elements_ext_activeplugin\dashboard\class-hooks.php:20

actionpb_settings_fields_areaplugin\dashboard\class-hooks.php:21

actionwpsection_update_dataplugin\dashboard\class-hooks.php:22

actionadmin_enqueue_scriptsplugin\dashboard\class-hooks.php:313

actionadmin_menuplugin\dashboard\class-wps-settings.php:35

actionadmin_initplugin\dashboard\class-wps-settings.php:40

actionadmin_noticesplugin\dashboard\class-wps-settings.php:41

filterwhitelist_optionsplugin\dashboard\class-wps-settings.php:43

actionelementor/controls/controls_registeredplugin\require_once\class-control-layout.php:2

actionwp_enqueue_scriptsplugin\require_once\enqueue.php:16

actionwp_enqueue_scriptsplugin\require_once\enqueue.php:33

actionwp_enqueue_scriptsplugin\require_once\enqueue.php:45

actionelementor/editor/before_enqueue_stylesplugin\require_once\enqueue.php:50

filterwp_nav_menuplugin\require_once\functions.php:10

actionadmin_menuplugin\require_once\functions.php:16

filterelementor/icons_manager/additional_tabsplugin\require_once\icon.php:7

actioninittheme\custompost\banner.php:53

filterwidget_texttheme\custompost\banner.php:81

actionadd_meta_boxestheme\custompost\banner.php:127

filtermanage_banner_templates_posts_columnstheme\custompost\banner.php:129

actionmanage_banner_templates_posts_custom_columntheme\custompost\banner.php:131

actioninittheme\custompost\block.php:53

filterwidget_texttheme\custompost\block.php:81

actionadd_meta_boxestheme\custompost\block.php:127

filtermanage_block_templates_posts_columnstheme\custompost\block.php:129

actionmanage_block_templates_posts_custom_columntheme\custompost\block.php:131

actioninittheme\custompost\footer.php:53

filterwidget_texttheme\custompost\footer.php:81

actionadd_meta_boxestheme\custompost\footer.php:127

filtermanage_footer_templates_posts_columnstheme\custompost\footer.php:129

actionmanage_footer_templates_posts_custom_columntheme\custompost\footer.php:131

actioninittheme\custompost\header.php:53

filterwidget_texttheme\custompost\header.php:81

actionadd_meta_boxestheme\custompost\header.php:127

filtermanage_header_templates_posts_columnstheme\custompost\header.php:129

actionmanage_header_templates_posts_custom_columntheme\custompost\header.php:131

actioninittheme\custompost\megamenu.php:53

filterwidget_texttheme\custompost\megamenu.php:81

actionadd_meta_boxestheme\custompost\megamenu.php:127

filtermanage_megamenu_templates_posts_columnstheme\custompost\megamenu.php:129

actionmanage_megamenu_templates_posts_custom_columntheme\custompost\megamenu.php:131

actioninittheme\custompost\modal.php:53

filterwidget_texttheme\custompost\modal.php:81

actionadd_meta_boxestheme\custompost\modal.php:127

filtermanage_modal_templates_posts_columnstheme\custompost\modal.php:129

actionmanage_modal_templates_posts_custom_columntheme\custompost\modal.php:131

actioninittheme\custompost\page.php:53

filterwidget_texttheme\custompost\page.php:81

actionadd_meta_boxestheme\custompost\page.php:127

filtermanage_page_templates_posts_columnstheme\custompost\page.php:129

actionmanage_page_templates_posts_custom_columntheme\custompost\page.php:131

actioninittheme\custompost\section.php:53

filterwidget_texttheme\custompost\section.php:81

actionadd_meta_boxestheme\custompost\section.php:127

filtermanage_section_templates_posts_columnstheme\custompost\section.php:129

actionmanage_section_templates_posts_custom_columntheme\custompost\section.php:131

actioninittheme\custompost\shop.php:53

filterwidget_texttheme\custompost\shop.php:81

actionadd_meta_boxestheme\custompost\shop.php:127

filtermanage_shop_templates_posts_columnstheme\custompost\shop.php:129

actionmanage_shop_templates_posts_custom_columntheme\custompost\shop.php:131

actioninittheme\custompost\slider.php:53

filterwidget_texttheme\custompost\slider.php:81

actionadd_meta_boxestheme\custompost\slider.php:127

filtermanage_slider_templates_posts_columnstheme\custompost\slider.php:129

actionmanage_slider_templates_posts_custom_columntheme\custompost\slider.php:131

actioninittheme\custompost\widget.php:53

filterwidget_texttheme\custompost\widget.php:81

actionadd_meta_boxestheme\custompost\widget.php:127

filtermanage_widget_templates_posts_columnstheme\custompost\widget.php:129

actionmanage_widget_templates_posts_custom_columntheme\custompost\widget.php:131

actionplugins_loadedtheme\elementor\settings.php:27

actionadmin_noticestheme\elementor\settings.php:36

actionadmin_noticestheme\elementor\settings.php:42

actionadmin_noticestheme\elementor\settings.php:48

actionelementor/elements/categories_registeredtheme\elementor\settings.php:53

actionelementor/widgets/registertheme\elementor\settings.php:54

actionelementor/frontend/after_enqueue_scriptstheme\elementor\settings.php:55

actionelementor/editor/after_enqueue_stylestheme\elementor\settings.php:178

actionwp_enqueue_scriptstheme\shop\shop_functions.php:26

actiontemplate_redirecttheme\shop\shop_functions.php:118

actionadmin_enqueue_scriptswpsection.php:74

Scheduled Events 1

wpsection_update_data

Maintenance & Trust

wpsection Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 28, 2025

PHP min version5.6

Downloads22K

Community Trust

Rating100/100

Number of ratings1

Active installs3K

Alternatives

wpsection Alternatives

GS Portfolio for Envato

gs-envato-portfolio

Best Responsive Envato Portfolio Plugin to display Themeforest & Codecanyon Items.

4K 1 unpatched

wpsmegamenu

wpsmegamenu is Elemntor Addon and Theme Making Mega Menu with Short-code as Custom Post

0 No CVEs

Developer Profile

wpsection Developer Profile

Rashid

6 plugins · 4K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect wpsection

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpsection/plugin/assets/admin/css/style.css/wp-content/plugins/wpsection/plugin/assets/frontend/css/bootstrap.css/wp-content/plugins/wpsection/plugin/assets/admin/js/script.js/wp-content/plugins/wpsection/plugin/assets/frontend/js/bootstrap.min.js

Script Paths

/wp-content/plugins/wpsection/plugin/assets/admin/js/script.js/wp-content/plugins/wpsection/plugin/assets/frontend/js/bootstrap.min.js

Version Parameters

wpsection/style.css?ver=wpsection/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpsection-admin-wrapwpsection-dashboardwpsection-headerwpsection-sidebarwpsection-main-contentwpsection-footerwpsection-settings-formwpsection-element-wrapper

HTML Comments

+3 more

Data Attributes

data-wpsection-ajaxurldata-wpsection-nonce

JS Globals

wpsection

FAQ