Vulnerabilities (CVE)

Filtered by vendor Sinaextra Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-9540 1 Sinaextra 1 Sina Extension For Elementor 2024-10-30 N/A 4.3 MEDIUM
The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data.
CVE-2024-35703 1 Sinaextra 1 Sina Extension For Elementor 2024-08-29 N/A 5.4 MEDIUM
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through 3.5.3.
CVE-2024-34384 1 Sinaextra 1 Sina Extension For Elementor 2024-06-10 N/A 8.8 HIGH
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SinaExtra Sina Extension for Elementor allows PHP Local File Inclusion.This issue affects Sina Extension for Elementor: from n/a through 3.5.1.
CVE-2021-24269 1 Sinaextra 1 Sina Extension For Elementor 2024-02-28 3.5 LOW 5.4 MEDIUM
The “Sina Extension for Elementor” WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.