Stored Cross-Site Scripting in Sina Extension for Elementor by Sina

CVE-2025-1517

What is CVE-2025-1517?

The Sina Extension for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting (XSS) vulnerabilities due to inadequate sanitization and escaping of user-inputted data in key functionalities such as Fancy Text, Countdown Widget, and Login Form shortcodes. This vulnerability allows authenticated attackers with contributor-level permissions or higher to inject malicious scripts into pages, which will execute in the browsers of users accessing the affected pages, potentially compromising sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References