WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Premium Addons For Elementor safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Premium Addons For Elementor WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: premium-addons-for-elementor
  • Requires PHP: 7.4+
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.2.8 [CVE-2021-24257, Premium Addons for Elementor <=4.2.7 Contributor+ Stored Cross-Site Scripting, Premium Addons for Elementor &lt; 4.2.8 - Contributor+ Stored Cross-Site Scripting (XSS)]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.5.2 [WordPress Premium Addons for Elementor plugin <= 4.5.1 - Arbitrary Blog Option Update vulnerability]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.2.8 [WordPress Premium Addons for Elementor plugin <= 4.2.7 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.5.2 [Premium Addons for Elementor <= 4.5.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.5.2 [Premium Addons for Elementor &lt; 4.5.2 - Subscriber+ Arbitrary Blog Option Update]
+ 37 more known vulnerabilities
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.17 [CVE-2024-24831, Premium Addons for Elementor <= 4.10.16 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Premium Addons for Elementor Plugin <= 4.10.16 is vulnerable to Cross Site Scripting (XSS), Premium Addons for Elementor &lt; 4.10.17 - Authenticated (Contributor+) Stored Cross-Site Scripting]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.19 [CVE-2024-0326, Premium Addons for Elementor <= 4.10.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via onClick Events, WordPress Premium Addons for Elementor Plugin <= 4.10.18 is vulnerable to Cross Site Scripting (XSS), Premium Addons for Elementor <= 4.10.17 - Authenticated(Contributor+) Stored Cross-Site Scripting via Link Wrapper, Premium Addons for Elementor &lt; 4.10.19 - Contributor+ Stored Cross-Site Scripting]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.19 [CVE-2024-1242, Premium Addons for Elementor <= 4.10.18 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Premium Addons for Elementor Plugin <= 4.10.18 is vulnerable to Cross Site Scripting (XSS), Premium Addons for Elementor &lt; 4.10.19 - Contributor+ Stored Cross-Site Scripting]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.22 [CVE-2024-1680, Premium Addons for Elementor <= 4.10.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Banner, Team Members, and Image Scroll Widgets, WordPress Premium Addons for Elementor Plugin <= 4.10.21 is vulnerable to Cross Site Scripting (XSS), Premium Addons for Elementor &lt; 4.10.22 - Contributor+ Stored XSS]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.24 [CVE-2024-2399, Premium Addons for Elementor <= 4.10.23 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Premium Addons for Elementor Plugin <= 4.10.23 is vulnerable to Cross Site Scripting (XSS), Premium Addons for Elementor (Free &lt; 4.10.24, Pro &lt; 2.9.14) - Contributor+ Stored XSS]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.17 [CVE-2024-29106, WordPress Premium Addons for Elementor Plugin <= 4.10.16 is vulnerable to Cross Site Scripting (XSS)]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.23 [CVE-2024-31278, WordPress Premium Addons for Elementor Plugin <= 4.10.22 is vulnerable to Sensitive Data Exposure, Premium Addons for Elementor <= 4.10.22 - Authenticated (Contributor+) Sensitive Information Exposure]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.17 [CVE-2024-0376, Premium Addons for Elementor <= 4.10.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link Widget, WordPress Premium Addons for Elementor Plugin <= 4.10.16 is vulnerable to Cross Site Scripting (XSS)]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.25 [CVE-2024-2664, Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Premium Addons for Elementor Plugin <= 4.10.24 is vulnerable to Cross Site Scripting (XSS)]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.28 [CVE-2024-2665, Premium Addons for Elementor <= 4.10.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button, WordPress Premium Addons for Elementor Plugin <= 4.10.27 is vulnerable to Cross Site Scripting (XSS)]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.25 [CVE-2024-2666, Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting, WordPress Premium Addons for Elementor Plugin <= 4.10.24 is vulnerable to Cross Site Scripting (XSS)]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.26 [CVE-2024-32791, WordPress Premium Addons for Elementor Plugin <= 4.10.25 is vulnerable to Cross Site Scripting (XSS), Premium Addons for Elementor <= 4.10.25 - Authenticated (Contributor+) Stored Cross-Site Scripting]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.29 [CVE-2024-3647, Premium Addons for Elementor <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'arrow_style']
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.29 [CVE-2024-3885, Premium Addons for Elementor <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Premium Addons for Elementor Plugin <= 4.10.28 is vulnerable to Cross Site Scripting (XSS)]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.31 [CVE-2024-4203, Premium Addons for Elementor <= 4.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Premium Addons for Elementor Plugin <= 4.10.30 is vulnerable to Cross Site Scripting (XSS)]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.32 [CVE-2024-4378, Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Menu and Shape Divider, WordPress Premium Addons for Elementor Plugin <= 4.10.31 is vulnerable to Cross Site Scripting (XSS)]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.32 [CVE-2024-4376, Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.32 [CVE-2024-4205, Premium Addons for Elementor <= 4.10.31 - Missing Authorization to Information Disclosure, WordPress Premium Addons for Elementor Plugin <= 4.10.31 is vulnerable to Broken Access Control]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.32 [CVE-2024-4379, Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Global Tooltip]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.34 [CVE-2024-5553, Premium Addons for Elementor <= 4.10.33 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting, WordPress Premium Addons for Elementor Plugin <= 4.10.33 is vulnerable to Cross Site Scripting (XSS)]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.36 [CVE-2024-6340, Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget, WordPress Premium Addons for Elementor Plugin <= 4.10.35 is vulnerable to Cross Site Scripting (XSS)]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.36 [CVE-2024-6434, Premium Addons for Elementor <= 4.10.35 - Regular Expressions Denial of Service, WordPress Premium Addons for Elementor Plugin <= 4.10.35 is vulnerable to Denial of Service Attack]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.35 [CVE-2024-37922, WordPress Premium Addons for Elementor Plugin <= 4.10.34 is vulnerable to Cross Site Scripting (XSS), Premium Addons for Elementor <= 4.10.34 - Authenticated (Contributor+) Stored Cross-Site Scripting]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.37 [CVE-2024-6495, Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget, WordPress Premium Addons for Elementor Plugin <= 4.10.36 is vulnerable to Cross Site Scripting (XSS)]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.39 [CVE-2024-6824, Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update, WordPress Premium Addons for Elementor Plugin <= 4.10.38 is vulnerable to Broken Access Control]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.53 [CVE-2024-8681, Premium Addons for Elementor <= 4.10.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Media Grid Widget, WordPress Premium Addons for Elementor Plugin <= 4.10.52 is vulnerable to Cross Site Scripting (XSS)]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.5.2 [CVE-2021-4445]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.61 [CVE-2024-10266, Premium Addons for Elementor <= 4.10.60 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Video Box Widget, WordPress Premium Addons for Elementor Plugin <= 4.10.60 is vulnerable to Cross Site Scripting (XSS)]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.57 [CVE-2024-56225, WordPress Premium Addons for Elementor Plugin <= 4.10.56 is vulnerable to Broken Access Control, Premium Addons for Elementor <= 4.10.56 - Missing Authorization]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.11.9 [CVE-2025-4774, Premium Addons for Elementor <= 4.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget, EUVD-2025-17660]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.10.70 [CVE-2024-11937, Premium Addons for Elementor <= 4.10.69 - Authenticated (Contributor+) Stored Cross-Site Scripting, EUVD-2024-54726]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.11.54 [CVE-2025-14163, Premium Addons for Elementor <= 4.11.53 - Cross-Site Request Forgery via 'insert_inner_template']
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.11.54 [CVE-2025-14155, Premium Addons for Elementor <= 4.11.53 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'get_template_content']
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.11.54 [CVE-2025-68494, Premium Addons for Elementor <= 4.11.53 - Unauthenticated Information Exposure]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.11.64 [CVE-2025-69300, Premium Addons for Elementor <= 4.11.63 - Missing Authorization to Authenticated (Subscriber+) Settings Update]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.11.71 [CVE-2026-4790, Premium Addons for Elementor <= 4.11.70 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_svg' Parameter, EUVD-2026-26783]
  • Premium Addons for Elementor &#8211; Powerful Elementor Templates &amp; Widgets [premium-addons-for-elementor] < 4.11.85 [CVE-2026-12141, Premium Addons for Elementor <= 4.11.84 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'premium_tooltip_text' Parameter]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.