WP-Safety

WP Templata – WordPress Template Library for Elementor Security & Risk Analysis

wordpress.org/plugins/wptemplata

WP Templata is a WordPress Template Library for Elementor page builder. Very soon we will add templates for Gutenberg as well.

90 active installs v1.0.8 PHP + WP 5.0+ Updated Feb 19, 2025
astra-templateelementorpre-build-templatetemplatewp-template
91
A · Safe
CVEs total1
Unpatched0
Last CVEFeb 23, 2025
Plugin page Download
Safety Verdict

Is WP Templata – WordPress Template Library for Elementor Safe to Use in 2026?

Generally Safe

Score 91/100

WP Templata – WordPress Template Library for Elementor has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 23, 2025Updated 1yr ago
Risk Assessment

The "wptemplata" plugin v1.0.8 exhibits a mixed security posture. On the positive side, it demonstrates good practices by ensuring all identified entry points, including AJAX handlers, are protected by authentication checks. All SQL queries are executed using prepared statements, and there are no file operations or bundled libraries, which reduces potential attack vectors. Nonce and capability checks are present, though not on every entry point.

However, several areas raise concerns. The presence of the dangerous `create_function` function is a significant red flag, as it can be exploited for code injection. Furthermore, a notable 41% of output escaping is not properly handled, indicating a risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis reveals two flows with unsanitized paths, and while they are not classified as critical or high severity in this static analysis, they warrant investigation due to the potential for them to become exploitable, especially in conjunction with the unescaped output.

The plugin's vulnerability history shows one known medium-severity CVE related to Cross-Site Scripting, which was last reported in 2025. While this vulnerability is currently patched (indicated by 'Currently unpatched: 0'), the pattern suggests a history of input sanitization issues. The combination of unescaped output, unsanitized taint flows, and a past XSS vulnerability points to a recurring weakness in how user-supplied data is handled. While the plugin has strengths in authentication and SQL handling, the aforementioned issues create a notable risk profile.

Key Concerns

  • Dangerous function used (create_function)
  • Significant percentage of unescaped output
  • Taint flows with unsanitized paths
  • History of XSS vulnerability
Vulnerabilities
1

WP Templata – WordPress Template Library for Elementor Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-26917medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Templata <= 1.0.7 - Reflected Cross-Site Scripting

Feb 23, 2025 Patched in 1.0.8 (9d)
Code Analysis
Analyzed Mar 16, 2026

WP Templata – WordPress Template Library for Elementor Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
26
37 escaped
Nonce Checks
4
Capability Checks
2
File Operations
0
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

create_function$callback = create_function('', 'echo "' . str_replace( '"', '\"', $section['desc'] ) . '";');includes\admin\class.setting_api.php:105

Output Escaping

59% escaped63 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
templates_ajax_request (includes\admin\class.template_api.php:104)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Templata – WordPress Template Library for Elementor Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 5

authwp_ajax_wptemplata_ajax_requestincludes\admin\class.template_api.php:33
noprivwp_ajax_wptemplata_ajax_requestincludes\admin\class.template_api.php:34
authwp_ajax_htwptemplata_ajax_get_required_pluginincludes\admin\class.template_api.php:36
authwp_ajax_htwptemplata_ajax_plugin_activationincludes\admin\class.template_api.php:37
authwp_ajax_htwptemplata_ajax_theme_activationincludes\admin\class.template_api.php:38
WordPress Hooks 7
actionadmin_enqueue_scriptsincludes\admin\class.scripts_manager.php:27
actionadmin_initincludes\admin\class.setting.php:12
actionadmin_menuincludes\admin\class.setting.php:13
actionwsa_form_bottom_wptemplata_general_tabsincludes\admin\class.setting.php:15
actionadmin_enqueue_scriptsincludes\admin\class.setting_api.php:28
actioninitincludes\base.php:18
actionplugins_loadedincludes\base.php:19
Maintenance & Trust

WP Templata – WordPress Template Library for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedFeb 19, 2025
PHP min version
Downloads7K

Community Trust

Rating0/100
Number of ratings0
Active installs90
Alternatives

WP Templata – WordPress Template Library for Elementor Alternatives

Starter Templates – AI-Powered Templates for Elementor & Gutenberg

Starter Templates – AI-Powered Templates for Elementor & Gutenberg

astra-sites

A
89

The growing library of 300+ ready-to-use templates that work with all WordPress themes including Astra, Hello, OceanWP, GeneratePress and more

2.0M 7 CVEs
Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs
Ultimate Addons for Elementor

Ultimate Addons for Elementor

header-footer-elementor

A
96

Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa &hellip;

2.0M 12 CVEs
Premium Addons for Elementor – Powerful Elementor Templates & Widgets

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

A
95

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 35 CVEs
Royal Addons for Elementor – Addons and Templates Kit for Elementor

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

C
50

Elementor templates, Header footer builder, Elementor Post Grid, Woocommerce Grid builder, Slider, Forms, Gallery, Nav menu addons, Elementor widgets.

600K 1 unpatched
Developer Profile

WP Templata – WordPress Template Library for Elementor Developer Profile

HasThemes

14 plugins · 16K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
179 days
View full developer profile
Detection Fingerprints

How We Detect WP Templata – WordPress Template Library for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wptemplata/assets/css/style.css/wp-content/plugins/wptemplata/assets/lib/css/selectric.css/wp-content/plugins/wptemplata/assets/lib/js/modernizr-3.6.0.min.js/wp-content/plugins/wptemplata/assets/lib/js/jquery.selectric.min.js/wp-content/plugins/wptemplata/assets/lib/js/ScrollMagic.min.js/wp-content/plugins/wptemplata/assets/lib/js/babel.min.js/wp-content/plugins/wptemplata/assets/js/admin_scripts.js/wp-content/plugins/wptemplata/assets/js/admin_install_manager.js
Version Parameters
wptemplata/assets/css/style.css?ver=wptemplata/assets/lib/css/selectric.css?ver=wptemplata/assets/lib/js/modernizr-3.6.0.min.js?ver=wptemplata/assets/lib/js/jquery.selectric.min.js?ver=wptemplata/assets/lib/js/ScrollMagic.min.js?ver=wptemplata/assets/lib/js/babel.min.js?ver=wptemplata/assets/js/admin_scripts.js?ver=wptemplata/assets/js/admin_install_manager.js?ver=

HTML / DOM Fingerprints

JS Globals
WPTEMPLATA
FAQ

Frequently Asked Questions about WP Templata – WordPress Template Library for Elementor