9 matches found
CVE-2025-6229 Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Fancy Text Widget` And `Countdown Widget`
The Sina Extension for Elementor Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Fancy Text Widget And Countdown Widget DOM attributes in...
CVE-2025-6229
The Sina Extension for Elementor plugin for WordPress (Header Builder, Footer Builder, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) is affected by a Stored Cross-Site Scripting vulnerability in all versions up to 3.7.0. The root cause is in...
CVE-2024-34384
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in SinaExtra Sina Extension for Elementor allows PHP Local File Inclusion.This issue affects Sina Extension for Elementor: from n/a through 3.5.1...
CVE-2025-6228 Sina Extension for Elementor <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Sina Posts`, `Sina Blog Post` and `Sina Table` Widgets
The Sina Extension for Elementor Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Sina Posts, Sina Blog Post and Sina Table widgets in all...
CVE-2024-3988
The Sina Extension for Elementor Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Fancy Text Widget in all versions up to, and including, 3.5.2 due to...
CVE-2024-5036
The Sina Extension for Elementor Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.5.4 due to insufficient input...
CVE-2024-34384
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in SinaExtra Sina Extension for Elementor allows PHP Local File Inclusion.This issue affects Sina Extension for Elementor: from n/a through 3.5.1...
CVE-2024-29935
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through 3.5.0...
WordPress sina-extension-for-elementor plugin path traversal vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. sina-extension-for-elementor is a webpage builder plugin used in it. A path traversal vulnerability exists in versions of the WordPres...