VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 15 known issues Latest disclosed Mar 22, 2026

Sina Extension for Elementor Vulnerabilities

Review known vulnerability records for the WordPress plugin Sina Extension for Elementor (`sina-extension-for-elementor`), including severity, CVE references, affected versions, and patch status.

View on WordPress.org Back to Feed
Known Records
15
High or Critical
2
Linked CVEs
15
Last Updated
Mar 22, 2026
Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Sina Extension for Elementor so operators can quickly confirm whether a disclosed issue maps to the installed slug and version range.

Patch Visibility
15 records include a published patch path.
Severity Mix
1 critical and 1 high severity finding.
Reference Workflow
Jump from the hub into the full report when you need remediation notes, CVSS vector details, or source references.
Known Vulnerabilities

Reports for Sina Extension for Elementor

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-6229
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Fancy Text Widget` And `Countdown Widget`

The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `Fancy Text Widget` And `Countdown Wid...

Published
Mar 22, 2026
Patched Release
3.7.1
Affected Versions
Versions up to 3.7.0
Next Step
Update to 3.7.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-6228
Sina Extension for Elementor <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Sina Posts`, `Sina Blog Post` and `Sina Table` Widgets

The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `Sina Posts`, `Sina Blog Post` and `Si...

Published
Jul 31, 2025
Patched Release
3.7.1
Affected Versions
Versions up to 3.7.0
Next Step
Update to 3.7.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-49262
Sina Extension for Elementor <= 3.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Sina Extension for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level acce...

Published
Jun 05, 2025
Patched Release
3.7.0
Affected Versions
Versions up to 3.6.1
Next Step
Update to 3.7.0 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-1517
Sina Extension for Elementor <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text, Countdown Widget, and Login Form Shortcodes

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text, Countdown Widget, and Login Form shortcodes in a...

Published
Feb 25, 2025
Patched Release
3.6.1
Affected Versions
Versions up to 3.6.0
Next Step
Update to 3.6.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-12624
Sina Extension for Elementor <= 3.5.91 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Sina Image Differ

The Sina Extension for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Image Differ widget in all versions up to, and including, 3.5.91 due to insufficient input sanitization and output escaping on user supplied attributes. This m...

Published
Jan 06, 2025
Patched Release
3.6.0
Affected Versions
Versions up to 3.5.91
Next Step
Update to 3.6.0 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-9540
Sina Extension for Elementor <= 3.5.7 - Authenticated (Contributor+) Sensitive Information Exposure via Sina Modal Box Widget Elementor Template

The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-l...

Published
Oct 15, 2024
Patched Release
3.5.8
Affected Versions
Versions up to 3.5.7
Next Step
Update to 3.5.8 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-5260
Sina Extension for Elementor <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via read_more_text Parameter

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘read_more_text’ parameter in all versions up to, and including, 3.5....

Published
Jul 01, 2024
Patched Release
3.5.6
Affected Versions
Versions up to 3.5.5
Next Step
Update to 3.5.6 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-5036
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.5.4 due to in...

Published
Jun 19, 2024
Patched Release
3.5.5
Affected Versions
Versions up to 3.5.4
Next Step
Update to 3.5.5 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-4373
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.3 - Authenticated (Contributor+) Stored Cross-site Scriping via 'Sina Particle Layer'

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and includ...

Published
May 14, 2024
Patched Release
3.5.4
Affected Versions
Versions up to 3.5.3
Next Step
Update to 3.5.4 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-4333
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.3 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in versions up to, and including, 3.5.3 due to insu...

Published
May 13, 2024
Patched Release
3.5.4
Affected Versions
Versions up to 3.5.3
Next Step
Update to 3.5.4 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-34384
Sina Extension for Elementor <= 3.5.1 - Authenticated (Contributor+) Local File Inclusion

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.5.1. This makes it possible for authenticate...

Published
May 03, 2024
Patched Release
3.5.2
Affected Versions
Versions up to 3.5.1
Next Step
Update to 3.5.2 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-3988
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sina Fancy Text Widget

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Fancy Text Widget in all versions up to, and including,...

Published
Apr 24, 2024
Patched Release
3.5.3
Affected Versions
Versions up to 3.5.2
Next Step
Update to 3.5.3 or newer if supported.
Open Full Report Open CVE Reference