Sinaextra Sina Extension For Elementor

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Sinaextra Sina Extension For Elementor.

By the Year

In 2026 there have been 0 vulnerabilities in Sinaextra Sina Extension For Elementor. Last year, in 2025 Sina Extension For Elementor had 3 security vulnerabilities published. Right now, Sina Extension For Elementor is on track to have less security vulnerabilities in 2026 than it did last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	3	6.07
2024	9	6.21
2023	0	0.00
2022	0	0.00
2021	1	5.40
2020	0	0.00
2019	1	7.50

It may take a day or so for new Sina Extension For Elementor vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Sinaextra Sina Extension For Elementor Security Vulnerabilities

Sina Extension for Elementor Stored XSS <v3.6.1
CVE-2025-49262 5.4 - Medium - June 06, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shaonsina Sina Extension for Elementor allows Stored XSS. This issue affects Sina Extension for Elementor: from n/a through 3.6.1.

XSS

Stored XSS in Sina Extension for Elementor 3.6.0 via Shortcodes
CVE-2025-1517 6.4 - Medium - February 26, 2025

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text, Countdown Widget, and Login Form shortcodes in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

XSS

Sina Extension for Elementor 3.5.91 XSS via Image Differ widget
CVE-2024-12624 6.4 - Medium - January 07, 2025

The Sina Extension for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Image Differ widget in all versions up to, and including, 3.5.91 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

XSS

Sina Ext Elementor <=3.5.7 Sensitive Info Exposure via render()
CVE-2024-9540 4.3 - Medium - October 16, 2024

The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data.

Information Disclosure

Stored XSS via read_more_text in Sina Extension for Elementor <=3.5.5
CVE-2024-5260 6.4 - Medium - July 02, 2024

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the read_more_text parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

XSS

Sina Extension for Elementor <=3.5.4 XSS via URL param
CVE-2024-5036 6.4 - Medium - June 20, 2024

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 3.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

XSS

Sina Extension for Elementor <=3.5.3 Stored XSS via Improper Input Neutralization
CVE-2024-35703 5.4 - Medium - June 08, 2024

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through 3.5.3.

XSS

Sina Extension for Elementor LFI Path Traversal before 3.5.2
CVE-2024-34384 8.8 - High - June 04, 2024

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SinaExtra Sina Extension for Elementor allows PHP Local File Inclusion.This issue affects Sina Extension for Elementor: from n/a through 3.5.1.

Directory traversal

Sina Extension for Elementor v3.5.3: Stored XSS in Particle Layer
CVE-2024-4373 6.4 - Medium - May 15, 2024

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-35703 is likely a duplicate of this issue.

XSS

Sina Extension for Elementor 3.5.3 DOM XSS via unsanitized params
CVE-2024-4333 6.4 - Medium - May 14, 2024

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

XSS

Sina Elementor Extension v3.5.2 Stored XSS via Fancy Text Widget
CVE-2024-3988 6.4 - Medium - April 25, 2024

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Fancy Text Widget in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

XSS

XSS in Sina Extension for Elementor ( v3.5.0)
CVE-2024-29935 5.4 - Medium - March 27, 2024

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through 3.5.0.

XSS

The Sina Extension for Elementor WordPress Plugin before 3.3.12 has several widgets
CVE-2021-24269 5.4 - Medium - May 05, 2021

The Sina Extension for Elementor WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

XSS

The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion.
CVE-2019-15839 7.5 - High - August 30, 2019

The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion.

Directory traversal

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Sinaextra Sina Extension For Elementor or by Sinaextra? Click the Watch button to subscribe.

Sinaextra
Vendor

Sinaextra Sina Extension For Elementor
Product

Sinaextra Sina Extension For Elementor

Don't miss out!

By the Year

Recent Sinaextra Sina Extension For Elementor Security Vulnerabilities

Sina Extension for Elementor Stored XSS <v3.6.1 CVE-2025-49262 5.4 - Medium - June 06, 2025

Stored XSS in Sina Extension for Elementor 3.6.0 via Shortcodes CVE-2025-1517 6.4 - Medium - February 26, 2025

Sina Extension for Elementor 3.5.91 XSS via Image Differ widget CVE-2024-12624 6.4 - Medium - January 07, 2025

Sina Ext Elementor <=3.5.7 Sensitive Info Exposure via render() CVE-2024-9540 4.3 - Medium - October 16, 2024

Stored XSS via read_more_text in Sina Extension for Elementor <=3.5.5 CVE-2024-5260 6.4 - Medium - July 02, 2024

Sina Extension for Elementor <=3.5.4 XSS via URL param CVE-2024-5036 6.4 - Medium - June 20, 2024

Sina Extension for Elementor <=3.5.3 Stored XSS via Improper Input Neutralization CVE-2024-35703 5.4 - Medium - June 08, 2024

Sina Extension for Elementor LFI Path Traversal before 3.5.2 CVE-2024-34384 8.8 - High - June 04, 2024

Sina Extension for Elementor v3.5.3: Stored XSS in Particle Layer CVE-2024-4373 6.4 - Medium - May 15, 2024

Sina Extension for Elementor 3.5.3 DOM XSS via unsanitized params CVE-2024-4333 6.4 - Medium - May 14, 2024

Sina Elementor Extension v3.5.2 Stored XSS via Fancy Text Widget CVE-2024-3988 6.4 - Medium - April 25, 2024

XSS in Sina Extension for Elementor ( v3.5.0) CVE-2024-29935 5.4 - Medium - March 27, 2024

The Sina Extension for Elementor WordPress Plugin before 3.3.12 has several widgets CVE-2021-24269 5.4 - Medium - May 05, 2021

The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion. CVE-2019-15839 7.5 - High - August 30, 2019