Vulnerabilities > Sinaextra > Sina Extension FOR Elementor > 1.0.2

DATE CVE VULNERABILITY TITLE RISK
2025-02-26 CVE-2025-1517 Cross-site Scripting vulnerability in Sinaextra Sina Extension for Elementor
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text, Countdown Widget, and Login Form shortcodes in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
sinaextra CWE-79
5.4
2019-08-30 CVE-2019-15839 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Sinaextra Sina Extension for Elementor
The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion.
network
low complexity
sinaextra CWE-829
7.5