cleantalk
Vulnerabilities and Security Researches

Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor T, CVE-2025-6228

CVE, Research URL

CVE-2025-6228

Home page URL

Security reports for Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor T

Application

Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor T

Published on
Aug 01, 2025
Research Description
The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `Sina Posts`, `Sina Blog Post` and `Sina Table` widgets in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 3.7.1.
Status
vulnerable
Previous vulnerability researches
Year Make Model Search for WooCommerce (CVE-2025-48265) , Jun 04, 2025
New vulnerability
My Reservation System (CVE-2025-7022) , Aug 02, 2025
Connector for Gravity Forms and Google Sheets (CVE-2025-54682) , Aug 02, 2025
Content Egg (CVE-2025-47536) , Aug 02, 2025
Smart Slider 3 (CVE-2025-6348) , Aug 02, 2025
Realtyna Organic IDX plugin + WPL Real Estate (CVE-2025-54052) , Aug 02, 2025