CVE-2025-6229

Name of the Vulnerable Software and Affected Versions Sina Extension for Elementor versions up to and including 3.7.0

Description The Sina Extension for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs due to inadequate input sanitization and output escaping in the Fancy Text Widget and Countdown Widget DOM attributes. Authenticated attackers with Contributor-level access or higher can inject malicious web scripts into pages. These scripts will then execute whenever a user accesses the compromised page.

Recommendations Update the Sina Extension for Elementor plugin to a version later than 3.7.0.