PLUGIN SECURITY
Is Premium Addons For Elementor safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Premium Addons For Elementor WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
premium-addons-for-elementor - Requires PHP: 7.4+
- Max supported PHP (analyzed): 8.4
Known vulnerabilities
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.2.8 [CVE-2021-24257, Premium Addons for Elementor <=4.2.7 Contributor+ Stored Cross-Site Scripting, Premium Addons for Elementor < 4.2.8 - Contributor+ Stored Cross-Site Scripting (XSS)]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.5.2 [WordPress Premium Addons for Elementor plugin <= 4.5.1 - Arbitrary Blog Option Update vulnerability]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.2.8 [WordPress Premium Addons for Elementor plugin <= 4.2.7 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.5.2 [Premium Addons for Elementor <= 4.5.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.5.2 [Premium Addons for Elementor < 4.5.2 - Subscriber+ Arbitrary Blog Option Update]
+ 37 more known vulnerabilities
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.17 [CVE-2024-24831, Premium Addons for Elementor <= 4.10.16 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Premium Addons for Elementor Plugin <= 4.10.16 is vulnerable to Cross Site Scripting (XSS), Premium Addons for Elementor < 4.10.17 - Authenticated (Contributor+) Stored Cross-Site Scripting]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.19 [CVE-2024-0326, Premium Addons for Elementor <= 4.10.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via onClick Events, WordPress Premium Addons for Elementor Plugin <= 4.10.18 is vulnerable to Cross Site Scripting (XSS), Premium Addons for Elementor <= 4.10.17 - Authenticated(Contributor+) Stored Cross-Site Scripting via Link Wrapper, Premium Addons for Elementor < 4.10.19 - Contributor+ Stored Cross-Site Scripting]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.19 [CVE-2024-1242, Premium Addons for Elementor <= 4.10.18 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Premium Addons for Elementor Plugin <= 4.10.18 is vulnerable to Cross Site Scripting (XSS), Premium Addons for Elementor < 4.10.19 - Contributor+ Stored Cross-Site Scripting]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.22 [CVE-2024-1680, Premium Addons for Elementor <= 4.10.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Banner, Team Members, and Image Scroll Widgets, WordPress Premium Addons for Elementor Plugin <= 4.10.21 is vulnerable to Cross Site Scripting (XSS), Premium Addons for Elementor < 4.10.22 - Contributor+ Stored XSS]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.24 [CVE-2024-2399, Premium Addons for Elementor <= 4.10.23 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Premium Addons for Elementor Plugin <= 4.10.23 is vulnerable to Cross Site Scripting (XSS), Premium Addons for Elementor (Free < 4.10.24, Pro < 2.9.14) - Contributor+ Stored XSS]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.17 [CVE-2024-29106, WordPress Premium Addons for Elementor Plugin <= 4.10.16 is vulnerable to Cross Site Scripting (XSS)]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.23 [CVE-2024-31278, WordPress Premium Addons for Elementor Plugin <= 4.10.22 is vulnerable to Sensitive Data Exposure, Premium Addons for Elementor <= 4.10.22 - Authenticated (Contributor+) Sensitive Information Exposure]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.17 [CVE-2024-0376, Premium Addons for Elementor <= 4.10.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link Widget, WordPress Premium Addons for Elementor Plugin <= 4.10.16 is vulnerable to Cross Site Scripting (XSS)]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.25 [CVE-2024-2664, Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Premium Addons for Elementor Plugin <= 4.10.24 is vulnerable to Cross Site Scripting (XSS)]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.28 [CVE-2024-2665, Premium Addons for Elementor <= 4.10.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button, WordPress Premium Addons for Elementor Plugin <= 4.10.27 is vulnerable to Cross Site Scripting (XSS)]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.25 [CVE-2024-2666, Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting, WordPress Premium Addons for Elementor Plugin <= 4.10.24 is vulnerable to Cross Site Scripting (XSS)]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.26 [CVE-2024-32791, WordPress Premium Addons for Elementor Plugin <= 4.10.25 is vulnerable to Cross Site Scripting (XSS), Premium Addons for Elementor <= 4.10.25 - Authenticated (Contributor+) Stored Cross-Site Scripting]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.29 [CVE-2024-3647, Premium Addons for Elementor <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'arrow_style']
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.29 [CVE-2024-3885, Premium Addons for Elementor <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Premium Addons for Elementor Plugin <= 4.10.28 is vulnerable to Cross Site Scripting (XSS)]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.31 [CVE-2024-4203, Premium Addons for Elementor <= 4.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Premium Addons for Elementor Plugin <= 4.10.30 is vulnerable to Cross Site Scripting (XSS)]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.32 [CVE-2024-4378, Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Menu and Shape Divider, WordPress Premium Addons for Elementor Plugin <= 4.10.31 is vulnerable to Cross Site Scripting (XSS)]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.32 [CVE-2024-4376, Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.32 [CVE-2024-4205, Premium Addons for Elementor <= 4.10.31 - Missing Authorization to Information Disclosure, WordPress Premium Addons for Elementor Plugin <= 4.10.31 is vulnerable to Broken Access Control]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.32 [CVE-2024-4379, Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Global Tooltip]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.34 [CVE-2024-5553, Premium Addons for Elementor <= 4.10.33 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting, WordPress Premium Addons for Elementor Plugin <= 4.10.33 is vulnerable to Cross Site Scripting (XSS)]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.36 [CVE-2024-6340, Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget, WordPress Premium Addons for Elementor Plugin <= 4.10.35 is vulnerable to Cross Site Scripting (XSS)]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.36 [CVE-2024-6434, Premium Addons for Elementor <= 4.10.35 - Regular Expressions Denial of Service, WordPress Premium Addons for Elementor Plugin <= 4.10.35 is vulnerable to Denial of Service Attack]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.35 [CVE-2024-37922, WordPress Premium Addons for Elementor Plugin <= 4.10.34 is vulnerable to Cross Site Scripting (XSS), Premium Addons for Elementor <= 4.10.34 - Authenticated (Contributor+) Stored Cross-Site Scripting]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.37 [CVE-2024-6495, Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget, WordPress Premium Addons for Elementor Plugin <= 4.10.36 is vulnerable to Cross Site Scripting (XSS)]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.39 [CVE-2024-6824, Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update, WordPress Premium Addons for Elementor Plugin <= 4.10.38 is vulnerable to Broken Access Control]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.53 [CVE-2024-8681, Premium Addons for Elementor <= 4.10.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Media Grid Widget, WordPress Premium Addons for Elementor Plugin <= 4.10.52 is vulnerable to Cross Site Scripting (XSS)]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.5.2 [CVE-2021-4445]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.61 [CVE-2024-10266, Premium Addons for Elementor <= 4.10.60 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Video Box Widget, WordPress Premium Addons for Elementor Plugin <= 4.10.60 is vulnerable to Cross Site Scripting (XSS)]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.57 [CVE-2024-56225, WordPress Premium Addons for Elementor Plugin <= 4.10.56 is vulnerable to Broken Access Control, Premium Addons for Elementor <= 4.10.56 - Missing Authorization]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.11.9 [CVE-2025-4774, Premium Addons for Elementor <= 4.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget, EUVD-2025-17660]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.10.70 [CVE-2024-11937, Premium Addons for Elementor <= 4.10.69 - Authenticated (Contributor+) Stored Cross-Site Scripting, EUVD-2024-54726]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.11.54 [CVE-2025-14163, Premium Addons for Elementor <= 4.11.53 - Cross-Site Request Forgery via 'insert_inner_template']
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.11.54 [CVE-2025-14155, Premium Addons for Elementor <= 4.11.53 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'get_template_content']
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.11.54 [CVE-2025-68494, Premium Addons for Elementor <= 4.11.53 - Unauthenticated Information Exposure]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.11.64 [CVE-2025-69300, Premium Addons for Elementor <= 4.11.63 - Missing Authorization to Authenticated (Subscriber+) Settings Update]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.11.71 [CVE-2026-4790, Premium Addons for Elementor <= 4.11.70 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_svg' Parameter, EUVD-2026-26783]
- Premium Addons for Elementor – Powerful Elementor Templates & Widgets [premium-addons-for-elementor] < 4.11.85 [CVE-2026-12141, Premium Addons for Elementor <= 4.11.84 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'premium_tooltip_text' Parameter]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Elementor Website Builder – more than just a page builder — 10000000+ active installs — max PHP 8.4
- Ultimate Addons for Elementor — 2000000+ active installs — max PHP 8.4
- Essential Addons for Elementor – Popular Elementor Templates & Widgets — 2000000+ active installs — max PHP 8.4
- Starter Templates – AI-Powered Templates for Elementor & Gutenberg — 1000000+ active installs — max PHP 8.4
- ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor — 1000000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.