cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12624,https://securityvulnerability.io/vulnerability/CVE-2024-12624,Stored Cross-Site Scripting in Sina Extension for Elementor Plugin by WordPress,"The Sina Extension for Elementor plugin for WordPress has a vulnerability that permits stored Cross-Site Scripting (XSS) attacks through the Sina Image Differ widget. This flaw arises from inadequate input sanitization and output escaping on attributes supplied by users. As a result, authenticated attackers with contributor-level access or above can insert malicious web scripts into pages. These scripts execute whenever any user visits the affected page, potentially compromising user data and website integrity.",Wordpress,"Sina Extension For Elementor (slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)",6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-07T06:40:56.716Z,0
CVE-2024-9540,https://securityvulnerability.io/vulnerability/CVE-2024-9540,Sensitive Information Exposure Vulnerability Affects Elementor Plugin,"The Sina Extension for Elementor plugin for WordPress contains a vulnerability that allows authenticated attackers with Contributor-level access and higher to expose sensitive information. This security flaw is present in all versions up to and including 3.5.7 and is linked to the render function located in widgets/advanced/sina-modal-box.php. This vulnerability permits attackers to access private, pending, and draft Elementor template data, posing a significant risk to user data integrity and privacy.",Wordpress,Sina Extension For Elementor,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-16T08:15:00.000Z,0
CVE-2024-5036,https://securityvulnerability.io/vulnerability/CVE-2024-5036,"Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting","The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Sina Extension For Elementor (slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)",6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-20T11:06:02.167Z,0
CVE-2024-4373,https://securityvulnerability.io/vulnerability/CVE-2024-4373,Sina Extension for Elementor Vulnerable to Stored XSS via Sina Particle Layer Widget in All Versions Up to and Including 3.5.3 Due to Insufficient Input Sanitization and Output Escaping on User Supplied Attributes,"The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Sina Extension For Elementor (slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)",6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-15T01:56:55.723Z,0
CVE-2024-4333,https://securityvulnerability.io/vulnerability/CVE-2024-4333,"Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.3 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting","The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Sina Extension For Elementor (slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)",6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-14T12:50:02.482Z,0
CVE-2024-3988,https://securityvulnerability.io/vulnerability/CVE-2024-3988,Stored Cross-Site Scripting Flaw in Sina Extension for Elementor by WordPress,"The Sina Extension for Elementor plugin, which includes various widgets and templates, contains a vulnerability where insufficient input sanitization allows authenticated users with contributor-level access or higher to exploit the Sina Fancy Text Widget. This flaw can lead to the injection of arbitrary web scripts into pages that execute whenever those pages are accessed by users, posing a significant risk to site integrity and user security.",Wordpress,"Sina Extension For Elementor (slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)",6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-25T07:33:59.403Z,0
CVE-2021-24269,https://securityvulnerability.io/vulnerability/CVE-2021-24269,Sina Extension for Elementor < 3.3.12 - Contributor+ Stored XSS,"The “Sina Extension for Elementor” WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.",Wordpress,Sina Extension For Elementor,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2021-05-05T18:28:47.000Z,0
CVE-2019-15839,https://securityvulnerability.io/vulnerability/CVE-2019-15839,,The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion.,Wordpress,Sina Extension For Elementor,7.5,HIGH,0.0017600000137463212,false,,false,false,false,,false,false,2019-08-30T16:14:10.000Z,0