WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Ultimate Addons for Elementor (UAE) safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Ultimate Addons for Elementor (UAE) WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: header-footer-elementor
  • Requires PHP: 7.4+
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • Ultimate Addons for Elementor [header-footer-elementor] < 1.5.8 [CVE-2021-24256, Elementor Header & Footer Builder <= 1.5.7 - Stored Cross-Site Scripting, Elementor - Header, Footer &amp; Blocks Template &lt; 1.5.8 - Contributor+ Stored XSS]
  • Ultimate Addons for Elementor [header-footer-elementor] < 1.5.8 [WordPress Elementor – Header, Footer & Blocks Template plugin <= 1.5.7 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities]
  • Ultimate Addons for Elementor [header-footer-elementor] < 1.6.25 [CVE-2024-1237, Elementor Header & Footer Builder <= 1.6.24 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.24 is vulnerable to Cross Site Scripting (XSS), Elementor Header &amp; Footer Builder &lt; 1.6.25 - Contributor+ Stored Cross-Site Scripting]
  • Ultimate Addons for Elementor [header-footer-elementor] < 1.6.29 [CVE-2024-4634, WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.28 is vulnerable to Cross Site Scripting (XSS), Elementor Header & Footer Builder <= 1.6.28 - Authenticated (Contributor+) Stored Cross-Site Scripting]
  • Ultimate Addons for Elementor [header-footer-elementor] < 1.6.27 [CVE-2024-2619, WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.26 is vulnerable to Content Injection, Elementor Header & Footer Builder <= 1.6.26 - Authenticated (Author+) HTML Injection]
+ 9 more known vulnerabilities
  • Ultimate Addons for Elementor [header-footer-elementor] < 1.6.26.1 [CVE-2024-2618, Elementor Header & Footer Builder <= 1.6.26 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.26 is vulnerable to Cross Site Scripting (XSS)]
  • Ultimate Addons for Elementor [header-footer-elementor] < 1.6.36 [CVE-2024-5757, WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.35 is vulnerable to Cross Site Scripting (XSS), Elementor Header & Footer Builder <= 1.6.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Title Widget]
  • Ultimate Addons for Elementor [header-footer-elementor] < 1.6.36 [CVE-2024-33933, WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.35 is vulnerable to Cross Site Scripting (XSS), Elementor – Header, Footer & Blocks Template <= 1.6.35 - Authenticated (Contributor+) Stored Cross-Site Scripting]
  • Ultimate Addons for Elementor [header-footer-elementor] < 1.6.44 [CVE-2024-10050, Elementor Header & Footer Builder <= 1.6.43 - Authenticated (Contributor+) Information Disclosure via Shortcode, WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.43 is vulnerable to Sensitive Data Exposure]
  • Ultimate Addons for Elementor [header-footer-elementor] < 1.6.46 [CVE-2024-10325, WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.45 is vulnerable to Cross Site Scripting (XSS), Elementor Header & Footer Builder <= 1.6.45 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload]
  • Ultimate Addons for Elementor [header-footer-elementor] < 1.6.47 [CVE-2024-11230, Elementor Header & Footer Builder <= 1.6.46 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title Widget, WordPress Elementor – Header, Footer & Blocks Template Plugin <= 1.6.46 is vulnerable to Cross Site Scripting (XSS)]
  • Ultimate Addons for Elementor [header-footer-elementor] < 2.4.7 [CVE-2025-8488, Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) <= 2.4.6 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update, EUVD-2025-23431]
  • Ultimate Addons for Elementor [header-footer-elementor] < 2.5.0 [CVE-2025-60448, EUVD-2025-32492]
  • Ultimate Addons for Elementor [header-footer-elementor] < 2.5.0 [Ultimate Addons for Elementor Lite < 2.5.0 - Author+ Stored XSS, Ultimate Addons for Elementor Lite <= 2.4.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.