Does Xpro Addons — 140+ Widgets for Elementor have any unpatched vulnerabilities?

No. All known vulnerabilities in Xpro Addons — 140+ Widgets for Elementor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Xpro Addons — 140+ Widgets for Elementor compatible with WordPress 6.9.4?

According to WordPress.org data, Xpro Addons — 140+ Widgets for Elementor 1.4.25 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Xpro Addons — 140+ Widgets for Elementor compatible with PHP 7.4+?

Xpro Addons — 140+ Widgets for Elementor requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Xpro Addons — 140+ Widgets for Elementor updated?

Xpro Addons — 140+ Widgets for Elementor was last updated on Feb 26, 2026. Frequent updates are generally a positive security signal.

What is Xpro Addons — 140+ Widgets for Elementor's security score?

Xpro Addons — 140+ Widgets for Elementor has a WP-Safety security score of 89/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Xpro Addons — 140+ Widgets for Elementor Security & Risk Analysis

wordpress.org/plugins/xpro-elementor-addons

Get Premium level 50+ Free Elementor Widgets, 10+ Free Elementor Extensions, 500+ Free Themes & Templates for Elementor.

30K active installs v1.4.25 PHP 7.4+ WP 6.0+ Updated Feb 26, 2026

addons-for-elementorelementorelementor-widgetswidgets-for-elementorwoocommerce-elementor

A · Safe

CVEs total16

Unpatched0

Last CVEFeb 26, 2026

Plugin page Download

Safety Verdict

Is Xpro Addons — 140+ Widgets for Elementor Safe to Use in 2026?

Generally Safe

Score 89/100

Xpro Addons — 140+ Widgets for Elementor has a strong security track record. Known vulnerabilities have been patched promptly.

16 known CVEsLast CVE: Feb 26, 2026Updated 1mo ago

Risk Assessment

The xpro-elementor-addons plugin v1.4.25 exhibits a mixed security posture. While it demonstrates good practices such as 100% prepared SQL statements and 95% properly escaped output, significant concerns arise from its attack surface and historical vulnerability data. The presence of 18 AJAX handlers, with 2 lacking authentication checks, presents a direct entry point for potential exploitation. Although taint analysis did not reveal any critical or high-severity unsanitized flows, the existence of these unprotected AJAX endpoints still poses a risk.

The plugin's vulnerability history is a major red flag, with 16 known CVEs, including 2 high and 14 medium severity vulnerabilities. Common vulnerability types like Unrestricted File Upload, Cross-Site Scripting, Information Exposure, and Deserialization issues suggest recurring security weaknesses in the plugin's development. The fact that there are currently no unpatched vulnerabilities is positive, but the sheer volume and historical recurrence of medium and high-severity issues indicate a pattern of insecure coding practices that require diligent attention and ongoing vigilance.

In conclusion, while the plugin has made some strides in secure coding practices like prepared statements and output escaping, the large unprotected attack surface and extensive history of serious vulnerabilities necessitate a cautious approach. The potential for exploitation through unprotected AJAX handlers, combined with the plugin's track record, suggests that users should be wary and ensure they are always using the latest, patched version, and remain vigilant for any future security advisories.

Key Concerns

2 unprotected AJAX handlers
16 known CVEs (2 high, 14 medium)

Vulnerabilities

Xpro Addons — 140+ Widgets for Elementor Security Vulnerabilities

CVEs by Year

8 CVEs in 2024

2024

6 CVEs in 2025

2025

2 CVEs in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

16 total CVEs

CVE-2025-14149medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Xpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Scroller Widget box link

Feb 26, 2026 Patched in 1.4.25 (1d)

CVE-2025-69312high · 8.8Unrestricted Upload of File with Dangerous Type

Xpro Elementor Addons <= 1.4.19.1 - Authenticated (Author+) Arbitrary File Upload

Jan 19, 2026 Patched in 1.4.20 (10d)

CVE-2025-63044medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Xpro Elementor Addons <= 1.4.19.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 6, 2025 Patched in 1.4.20 (83d)

CVE-2025-58195medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Xpro Elementor Addons <= 1.4.17 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 27, 2025 Patched in 1.4.18 (8d)

CVE-2025-32163medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Xpro Elementor Addons <= 1.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 4, 2025 Patched in 1.4.11 (22d)

CVE-2025-2108medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Site Title' widget

Mar 19, 2025 Patched in 1.4.8 (85d)

CVE-2024-13649medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 7, 2025 Patched in 1.4.6.8 (1d)

CVE-2024-12584medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.2 - Authenticated (Contributor+) Post Disclosure via Post Duplication

Jan 7, 2025 Patched in 1.4.6.3 (1d)

CVE-2024-54253medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 5, 2024 Patched in 1.4.6.6 (69d)

CVE-2024-10319medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template

Nov 4, 2024 Patched in 1.4.6.1 (1d)

CVE-2024-7791medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Grid Widget

Aug 26, 2024 Patched in 1.4.4.4 (1d)

CVE-2024-43150medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Xpro Elementor Addons <= 1.4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 7, 2024 Patched in 1.4.4.3 (8d)

CVE-2024-4471high · 8Deserialization of Untrusted Data

140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3.1 - Authenticated (Contributor+) PHP Object Injection

May 22, 2024 Patched in 1.4.3.2 (2d)

CVE-2024-4440medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

May 13, 2024 Patched in 1.4.3.1 (8d)

CVE-2024-34570medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3 - Authenticated (Admin+) Cross Site Scripting

May 7, 2024 Patched in 1.4.3.1 (9d)

CVE-2024-2250medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

130+ Widgets | Best Addons For Elementor – FREE <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 28, 2024 Patched in 1.4.3 (1d)

Code Analysis

Analyzed Mar 16, 2026

Xpro Addons — 140+ Widgets for Elementor Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

1016 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared14 total queries

Output Escaping

95% escaped1071 total outputs

Data Flows

All sanitized

Data Flow Analysis

9 flows

get_menu_item_settings (classes\class-ajax-handler.php:104)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Xpro Addons — 140+ Widgets for Elementor Attack Surface

Entry Points18

Unprotected2

AJAX Handlers 18

authwp_ajax_xpro_elementor_select_search_postclasses\class-ajax-handler.php:36

authwp_ajax_xpro_elementor_select_get_titleclasses\class-ajax-handler.php:37

authwp_ajax_xpro_elementor_contact_formclasses\class-ajax-handler.php:38

noprivwp_ajax_xpro_elementor_contact_formclasses\class-ajax-handler.php:39

authwp_ajax_xpro_elementor_mailchimp_formclasses\class-ajax-handler.php:40

noprivwp_ajax_xpro_elementor_mailchimp_formclasses\class-ajax-handler.php:41

authwp_ajax_xpro_save_menuitem_settingsclasses\class-ajax-handler.php:43

authwp_ajax_xpro_get_menuitem_settingsclasses\class-ajax-handler.php:44

authwp_ajax_xpro_get_content_editorclasses\class-ajax-handler.php:45

authwp_ajax_save_megamenu_settingsclasses\class-ajax-handler.php:46

authwp_ajax_xpro_elementor_live_search_data_fetchclasses\class-ajax-handler.php:48

noprivwp_ajax_xpro_elementor_live_search_data_fetchclasses\class-ajax-handler.php:49

authwp_ajax_load_quick_view_product_dataclasses\class-ajax-handler.php:52

noprivwp_ajax_load_quick_view_product_dataclasses\class-ajax-handler.php:53

authwp_ajax_add_cart_single_product_ajaxclasses\class-ajax-handler.php:55

noprivwp_ajax_add_cart_single_product_ajaxclasses\class-ajax-handler.php:56

authwp_ajax_xpro_add_new_attributemodules\swatches\admin-product.php:25

authwp_ajax_xpro_theme_builder_dismiss_noticexpro-elementor-addons.php:161

WordPress Hooks 92

actionwp_loadedclasses\class-ajax-handler.php:451

filterwoocommerce_add_to_cart_form_actionclasses\class-ajax-handler.php:506

actionelementor/editor/after_enqueue_scriptsclasses\class-library-manager.php:18

actionelementor/editor/footerclasses\class-library-manager.php:19

actionelementor/ajax/register_actionsclasses\class-library-manager.php:20

actionrest_api_initcore\handler-api.php:25

actionelementor/editor/after_enqueue_stylesinc\controls\widget-area-utils.php:69

actionadmin_menuinc\dynamic-content\custom-post-item.php:19

actionadmin_headinc\dynamic-content\custom-post-item.php:20

filtersingle_templateinc\dynamic-content\custom-post-item.php:23

actionxpro_elementor_woo_products_add_to_cart_beforeinc\helper-functions.php:962

filterwoocommerce_product_add_to_cart_textinc\helper-functions.php:963

filterwpml_elementor_widgets_to_translateinc\wpml\wpml-compatibility.php:13

actionelementor/element/column/section_style/before_section_endmodules\backdrop-filter\backdrop-filter.php:19

actionelementor/element/common/_section_background/before_section_endmodules\backdrop-filter\backdrop-filter.php:20

actionelementor/element/section/section_background/before_section_endmodules\backdrop-filter\backdrop-filter.php:21

actionelementor/element/container/section_background/before_section_endmodules\backdrop-filter\backdrop-filter.php:22

actionelementor/element/common/_section_background/after_section_endmodules\background-overlay\background-overlay.php:16

actionelementor/element/after_add_attributesmodules\background-overlay\background-overlay.php:17

actionelementor/element/after_section_endmodules\custom-css\custom-css.php:28

actionelementor/element/parse_cssmodules\custom-css\custom-css.php:31

actionelementor/element/common/_section_style/before_section_endmodules\display-order\display-order.php:19

actionelementor/element/column/section_advanced/before_section_endmodules\display-order\display-order.php:20

actionelementor/element/section/section_advanced/before_section_endmodules\display-order\display-order.php:21

filterelementor/controls/animations/additional_animationsmodules\entrance-animation\entrance-animation.php:19

actionelementor/element/column/section_effects/before_section_endmodules\entrance-animation\entrance-animation.php:21

actionelementor/element/common/section_effects/before_section_endmodules\entrance-animation\entrance-animation.php:22

actionelementor/element/section/section_effects/before_section_endmodules\entrance-animation\entrance-animation.php:23

actionelementor/element/container/section_effects/before_section_endmodules\entrance-animation\entrance-animation.php:24

actionelementor/element/section/section_advanced/after_section_endmodules\equal-height\equal-height.php:13

actionelementor/frontend/section/before_rendermodules\equal-height\equal-height.php:14

actionelementor/element/container/section_layout/after_section_endmodules\equal-height\equal-height.php:16

actionelementor/frontend/container/before_rendermodules\equal-height\equal-height.php:17

actionelementor/element/common/_section_style/after_section_endmodules\floating-effect\floating-effect.php:21

actionelementor/frontend/widget/before_rendermodules\floating-effect\floating-effect.php:22

actionelementor/preview/enqueue_scriptsmodules\floating-effect\floating-effect.php:23

actionwp_enqueue_scriptsmodules\floating-effect\floating-effect.php:24

actionelementor/documents/register_controlsmodules\grid-column\grid-column.php:18

filterpost_row_actionsmodules\post-duplicator\post-duplicator.php:20

filterpage_row_actionsmodules\post-duplicator\post-duplicator.php:21

actionelementor/documents/register_controlsmodules\reading-progress-bar\reading-progress-bar.php:22

actionelementor/editor/after_savemodules\reading-progress-bar\reading-progress-bar.php:23

actionwpmodules\reading-progress-bar\reading-progress-bar.php:24

actionwp_footermodules\reading-progress-bar\reading-progress-bar.php:57

actionwp_enqueue_scriptsmodules\reading-progress-bar\reading-progress-bar.php:58

actionwoocommerce_product_option_termsmodules\swatches\admin-product.php:23

actionadmin_footermodules\swatches\admin-product.php:27

actioncreated_termmodules\swatches\attribute-hooks.php:52

actionedit_termmodules\swatches\attribute-hooks.php:53

actionxpro_attribute_field_chainmodules\swatches\attribute-hooks.php:54

actionwp_enqueue_scriptsmodules\swatches\frontend.php:23

filterwoocommerce_dropdown_variation_attribute_options_htmlmodules\swatches\frontend.php:24

filterxpro_filter_html_swatch_hookmodules\swatches\frontend.php:25

actionwp_enqueue_scriptsmodules\swatches\loop-product-support\xpro-swatches.php:29

actionxpro_swatches_anywheremodules\swatches\loop-product-support\xpro-swatches.php:30

filterproduct_attributes_type_selectormodules\swatches\swatches.php:60

actionadmin_initmodules\swatches\swatches.php:64

actionadmin_print_scriptsmodules\swatches\swatches.php:65

actionadmin_initmodules\swatches\swatches.php:66

actioninitmodules\swatches\swatches.php:70

actionelementor/element/section/section_advanced/after_section_endmodules\wrapper-link\wrapper-link.php:12

actionelementor/element/column/section_advanced/after_section_endmodules\wrapper-link\wrapper-link.php:13

actionelementor/element/container/section_layout/after_section_endmodules\wrapper-link\wrapper-link.php:14

actionelementor/element/common/_section_style/after_section_endmodules\wrapper-link\wrapper-link.php:15

actionelementor/frontend/before_rendermodules\wrapper-link\wrapper-link.php:17

filterelementor/icons_manager/additional_tabsmodules\xpro-icons\xpro-icons.php:11

actioninitplugin.php:59

actionelementor/initplugin.php:62

actionelementor/frontend/after_register_scriptsplugin.php:65

actionelementor/widgets/registerplugin.php:68

actioninitplugin.php:71

actionelementor/editor/before_enqueue_stylesplugin.php:74

actionelementor/editor/after_enqueue_scriptsplugin.php:77

actionelementor/frontend/after_enqueue_stylesplugin.php:80

actionelementor/frontend/after_enqueue_scriptsplugin.php:83

actionelementor/preview/enqueue_stylesplugin.php:86

actionelementor/controls/controls_registeredplugin.php:89

filterupload_mimesplugin.php:92

filteradmin_footer_textplugin.php:95

actionelementor/documents/registerplugin.php:98

filterplugin_row_metaplugin.php:101

filteroembed_resultwidgets\custom-field\custom-field.php:1244

filterupload_mimeswidgets\lottie\json-handler.php:24

filterwp_handle_upload_prefilterwidgets\lottie\json-handler.php:25

filterwp_check_filetype_and_extwidgets\lottie\json-handler.php:26

filterwoocommerce_product_single_add_to_cart_textwidgets\woo-add-to-cart\layout\frontend.php:36

actionplugins_loadedxpro-elementor-addons.php:102

actionadmin_noticesxpro-elementor-addons.php:142

actionadmin_noticesxpro-elementor-addons.php:147

actionadmin_noticesxpro-elementor-addons.php:153

actionadmin_noticesxpro-elementor-addons.php:159

actionadmin_headxpro-elementor-addons.php:160

Maintenance & Trust

Xpro Addons — 140+ Widgets for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 26, 2026

PHP min version7.4

Downloads517K

Community Trust

Rating88/100

Number of ratings28

Active installs30K

Alternatives

Xpro Addons — 140+ Widgets for Elementor Alternatives

Unlimited Elements For Elementor

unlimited-elements-for-elementor

Elementor all-in-one addons pack with the best widgets for Elementor, offering 100+ free widgets, templates, and tools to create stunning websites!

300K 29 CVEs

The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce

the-plus-addons-for-elementor-page-builder

Best Addons for Elementor with 120+ Elementor FREE & Pro Widgets & 1000+ Elementor Templates with Mega Menu, Post Grid, Header Footer, WooCommerce

100K 33 CVEs

Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits

master-addons

55+ Elementor widgets, 20+ extensions, Theme Builder, Popup Builder, Widget Builder & Template Kits — build any site without code.

30K 23 CVEs

King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder

king-addons

Elementor addons: Elementor widgets, Elementor templates, 80+ widgets, 4 000+ templates and sections, Mega Menu, Popup Builder, WooCommerce, AI tools.

10K 3 unpatched

LA-Studio Element Kit for Elementor

lastudio-element-kit

The advanced addons for Elementor

10K 18 CVEs

Developer Profile

Xpro Addons — 140+ Widgets for Elementor Developer Profile

Xpro

7 plugins · 42K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

19 days

View full developer profile

Detection Fingerprints

How We Detect Xpro Addons — 140+ Widgets for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/xpro-elementor-addons/assets/css/xpro-elementor-addons.css/wp-content/plugins/xpro-elementor-addons/assets/js/frontend.js

Script Paths

/wp-content/plugins/xpro-elementor-addons/assets/js/frontend.js

Version Parameters

/wp-content/plugins/xpro-elementor-addons/assets/css/xpro-elementor-addons.css?ver=/wp-content/plugins/xpro-elementor-addons/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

xpro-addons-widgetxpro-addons-list-itemxpro-addons-menu-item

Data Attributes

data-xpro-addons-id

JS Globals

XproElementorFrontend

FAQ