Stored Cross-Site Scripting in Sina Extension for Elementor by WordPress
CVE-2025-6228
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 1 August 2025
What is CVE-2025-6228?
The Sina Extension for Elementor, which includes a variety of widgets such as Header Builder, Footer Builder, and others, has a vulnerability that allows for Stored Cross-Site Scripting (XSS). This issue arises from inadequate input sanitization and output escaping within the Sina Posts
, Sina Blog Post
and Sina Table
widgets. Authenticated attackers with Contributor-level access and higher can exploit this vulnerability to inject arbitrary web scripts. These scripts execute in the context of unsuspecting users accessing affected pages, posing significant risks to security and user data.
Affected Version(s)
Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) * <= 3.7.0