WP-Safety

WPZOOM Addons for Elementor – Starter Templates & Widgets Security & Risk Analysis

wordpress.org/plugins/wpzoom-elementor-addons

Elementor templates and widgets - Import professionally designed page templates, sections, and widgets. Build stunning pages in minutes.

20K active installs v1.4.0 PHP 7.4+ WP 6.5+ Updated Mar 2, 2026
elementorelementor-addonselementor-templateselementor-widgetsstarter-templates
89
A · Safe
CVEs total7
Unpatched0
Last CVEFeb 26, 2026
Plugin page Download
Safety Verdict

Is WPZOOM Addons for Elementor – Starter Templates & Widgets Safe to Use in 2026?

Generally Safe

Score 89/100

WPZOOM Addons for Elementor – Starter Templates & Widgets has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Feb 26, 2026Updated 1mo ago
Risk Assessment

The wpzoom-elementor-addons plugin exhibits a mixed security posture. While it demonstrates strong adherence to secure coding practices by utilizing prepared statements for all SQL queries and a high percentage of properly escaped output, significant concerns arise from its attack surface. A substantial number of AJAX handlers (10 out of 14) lack proper authentication checks, presenting a clear entry point for unauthorized actions. The taint analysis, while not revealing critical or high-severity issues in the current version, has identified flows with unsanitized paths, indicating a potential for path traversal or other input-related vulnerabilities if not handled rigorously. The plugin's historical vulnerability record is troubling, with a significant number of past CVEs, including a critical one, and a recent history of medium-severity issues across various common vulnerability types like XSS and path traversal. Although there are currently no unpatched vulnerabilities, this history suggests a recurring pattern of security weaknesses that require ongoing vigilance. The presence of the Select2 library, while potentially useful, also introduces a dependency that could be a vector for vulnerabilities if it's an outdated or unpatched version.

Key Concerns

  • 10 unprotected AJAX handlers
  • 4 flows with unsanitized paths
  • 7 known CVEs in history (1 critical)
  • Bundled library: Select2
  • Only 3 nonce checks for 14 entry points
Vulnerabilities
7

WPZOOM Addons for Elementor – Starter Templates & Widgets Security Vulnerabilities

CVEs by Year

4 CVEs in 2024
2024
1 CVE in 2025
2025
2 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
1
Medium
6

7 total CVEs

WF-e5b98a2c-faed-4e2b-8b94-31e2be95ad40-wpzoom-elementor-addonsmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPZOOM Addons for Elementor – Starter Templates & Widgets <= 1.3.4 - Unauthenticated Reflected Cross-Site Scripting via 'title_tag' Parameter

Feb 26, 2026 Patched in 1.3.5 (1d)
CVE-2026-2295medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

WPZOOM Addons for Elementor – Starter Templates & Widgets <= 1.3.2 - Unauthenticated Protected Post Exposure via ajax_post_grid_load_more

Feb 10, 2026 Patched in 1.3.3 (1d)
CVE-2025-67951medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPZOOM Addons for Elementor <= 1.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 6, 2025 Patched in 1.2.11 (14d)
CVE-2024-5686medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget

Jun 19, 2024 Patched in 1.1.39 (1d)
CVE-2024-5147critical · 9.8Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.37 - Unauthenticated Local File Inclusion

May 21, 2024 Patched in 1.1.38 (1d)
CVE-2024-4370medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget

May 14, 2024 Patched in 1.1.37 (1d)
CVE-2024-33539medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPZOOM Addons for Elementor (Templates, Widgets) <= <=1.1.35 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 25, 2024 Patched in 1.1.36 (7d)
Code Analysis
Analyzed Mar 16, 2026

WPZOOM Addons for Elementor – Starter Templates & Widgets Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
113
484 escaped
Nonce Checks
3
Capability Checks
18
File Operations
3
External Requests
2
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared8 total queries

Output Escaping

81% escaped597 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths
ajax_get_wpzoom_preview (includes\wpzoom-template-manager.php:327)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
10 unprotected

WPZOOM Addons for Elementor – Starter Templates & Widgets Attack Surface

Entry Points14
Unprotected10

AJAX Handlers 14

authwp_ajax_wpz_posts_grid_load_moreincludes\wpzoom-elementor-ajax-posts-grid.php:61
noprivwp_ajax_wpz_posts_grid_load_moreincludes\wpzoom-elementor-ajax-posts-grid.php:62
authwp_ajax_get_content_from_elementor_export_fileincludes\wpzoom-template-library.php:21
authwp_ajax_get_wpzoom_templates_library_viewincludes\wpzoom-template-manager.php:66
authwp_ajax_get_wpzoom_pages_library_viewincludes\wpzoom-template-manager.php:68
authwp_ajax_get_wpzoom_previewincludes\wpzoom-template-manager.php:69
authwp_ajax_get_filter_optionsincludes\wpzoom-template-manager.php:70
authwp_ajax_get_wpzoom_sections_library_viewincludes\wpzoom-template-manager.php:73
authwp_ajax_get_wpzoom_section_previewincludes\wpzoom-template-manager.php:74
authwp_ajax_get_sections_filter_optionsincludes\wpzoom-template-manager.php:75
authwp_ajax_get_wpzoom_wireframes_library_viewincludes\wpzoom-template-manager.php:78
authwp_ajax_get_wpzoom_wireframe_previewincludes\wpzoom-template-manager.php:79
authwp_ajax_get_wireframes_filter_optionsincludes\wpzoom-template-manager.php:80
authwp_ajax_wpzoom_dismiss_pro_noticewpzoom-elementor-addons.php:115
WordPress Hooks 29
actionadmin_enqueue_scriptsincludes\widgets\featured-category\category-image.php:44
actioncategory_term_new_form_tagincludes\widgets\featured-category\category-image.php:45
actioncategory_term_edit_form_tagincludes\widgets\featured-category\category-image.php:46
actioncategory_add_form_fieldsincludes\widgets\featured-category\category-image.php:47
actioncategory_edit_form_fieldsincludes\widgets\featured-category\category-image.php:48
actioncreated_categoryincludes\widgets\featured-category\category-image.php:49
actionedited_categoryincludes\widgets\featured-category\category-image.php:50
filterpost_classincludes\widgets\portfolio-reel\portfolio-reel.php:53
filterpost_classincludes\widgets\portfolio-showcase\portfolio-showcase.php:57
filterexcerpt_moreincludes\widgets\posts-grid\posts-grid.php:1889
filterexcerpt_lengthincludes\widgets\posts-grid\posts-grid.php:1890
actionelementor/controls/registerincludes\wpzoom-elementor-controls.php:57
actionelementor/initincludes\wpzoom-elementor-widgets.php:52
actionelementor/elements/categories_registeredincludes\wpzoom-elementor-widgets.php:69
actionelementor/widgets/registerincludes\wpzoom-elementor-widgets.php:70
actionelementor/editor/before_enqueue_scriptsincludes\wpzoom-elementor-widgets.php:73
filterelementor/template-library/import/pre_process_dataincludes\wpzoom-template-library.php:150
actioninitwpzoom-elementor-addons.php:101
actionplugins_loadedwpzoom-elementor-addons.php:102
actionelementor/editor/before_enqueue_scriptswpzoom-elementor-addons.php:104
actionelementor/preview/enqueue_styleswpzoom-elementor-addons.php:105
actionelementor/editor/footerwpzoom-elementor-addons.php:107
actionelementor/editor/footerwpzoom-elementor-addons.php:108
actionadmin_noticeswpzoom-elementor-addons.php:111
actionadmin_enqueue_scriptswpzoom-elementor-addons.php:114
actionelementor/initwpzoom-elementor-addons.php:225
actionadmin_noticeswpzoom-elementor-addons.php:245
actionadmin_noticeswpzoom-elementor-addons.php:251
actionadmin_noticeswpzoom-elementor-addons.php:257
Maintenance & Trust

WPZOOM Addons for Elementor – Starter Templates & Widgets Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 2, 2026
PHP min version7.4
Downloads887K

Community Trust

Rating100/100
Number of ratings2
Active installs20K
Alternatives

WPZOOM Addons for Elementor – Starter Templates & Widgets Alternatives

Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs
Premium Addons for Elementor – Powerful Elementor Templates & Widgets

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

A
95

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 35 CVEs
Royal Addons for Elementor – Addons and Templates Kit for Elementor

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

C
50

Elementor templates, Header footer builder, Elementor Post Grid, Woocommerce Grid builder, Slider, Forms, Gallery, Nav menu addons, Elementor widgets.

600K 1 unpatched
Unlimited Elements For Elementor

Unlimited Elements For Elementor

unlimited-elements-for-elementor

B
76

Elementor all-in-one addons pack with the best widgets for Elementor, offering 100+ free widgets, templates, and tools to create stunning websites!

300K 29 CVEs
The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce

The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce

the-plus-addons-for-elementor-page-builder

A
92

Best Addons for Elementor with 120+ Elementor FREE & Pro Widgets & 1000+ Elementor Templates with Mega Menu, Post Grid, Header Footer, WooCommerce

100K 33 CVEs
Developer Profile

WPZOOM Addons for Elementor – Starter Templates & Widgets Developer Profile

WPZOOM

24 plugins · 337K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
102 days
View full developer profile
Detection Fingerprints

How We Detect WPZOOM Addons for Elementor – Starter Templates & Widgets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpzoom-elementor-addons/assets/css/wpzoom-elementor-addons.css/wp-content/plugins/wpzoom-elementor-addons/assets/vendors/select2/select2.css/wp-content/plugins/wpzoom-elementor-addons/assets/vendors/select2/select2.full.min.js/wp-content/plugins/wpzoom-elementor-addons/assets/js/wpzoom-elementor-addons.js
Script Paths
/wp-content/plugins/wpzoom-elementor-addons/assets/vendors/select2/select2.full.min.js/wp-content/plugins/wpzoom-elementor-addons/assets/js/wpzoom-elementor-addons.js
Version Parameters
wpzoom-elementor-addons/assets/css/wpzoom-elementor-addons.css?ver=wpzoom-elementor-addons/assets/vendors/select2/select2.css?ver=wpzoom-elementor-addons/assets/vendors/select2/select2.full.min.js?ver=wpzoom-elementor-addons/assets/js/wpzoom-elementor-addons.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpzoom-elementor-addons
HTML Comments
<!-- Elementor Addons by WPZOOM --><!-- Start Elementor Addons by WPZOOM --><!-- End Elementor Addons by WPZOOM -->
Data Attributes
data-elementor-device-modedata-settings
JS Globals
wpzoom_admin_data
FAQ

Frequently Asked Questions about WPZOOM Addons for Elementor – Starter Templates & Widgets