Does Sina Extension for Elementor have any unpatched vulnerabilities?

No. All known vulnerabilities in Sina Extension for Elementor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Sina Extension for Elementor compatible with WordPress 6.9.4?

According to WordPress.org data, Sina Extension for Elementor 3.7.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Sina Extension for Elementor compatible with PHP 7.0+?

Sina Extension for Elementor requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Sina Extension for Elementor updated?

Sina Extension for Elementor was last updated on Feb 2, 2026. Frequent updates are generally a positive security signal.

What is Sina Extension for Elementor's security score?

Sina Extension for Elementor has a WP-Safety security score of 89/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sina Extension for Elementor Security & Risk Analysis

wordpress.org/plugins/sina-extension-for-elementor

A collection of high-quality features including Header, Footer and Theme Builder. 58 Custom elements with 100+ ready templates and more.

50K active installs v3.7.4 PHP 7.0+ WP 4.8+ Updated Feb 2, 2026

elementor-addonelementor-addonselementor-extensionelementor-templateselementor-widget

A · Safe

CVEs total14

Unpatched0

Last CVEJul 31, 2025

Plugin page Download

Safety Verdict

Is Sina Extension for Elementor Safe to Use in 2026?

Generally Safe

Score 89/100

Sina Extension for Elementor has a strong security track record. Known vulnerabilities have been patched promptly.

14 known CVEsLast CVE: Jul 31, 2025Updated 2mo ago

Risk Assessment

The "sina-extension-for-elementor" plugin exhibits a mixed security posture. While static analysis reveals a commendable focus on prepared SQL statements and a high percentage of properly escaped output, significant concerns arise from the attack surface. A substantial 12 out of 15 AJAX handlers lack authentication checks, presenting a wide opening for potential unauthorized actions if vulnerabilities exist within these handlers. The absence of critical or high severity taint flows is a positive sign, suggesting that at least in the analyzed code paths, sensitive data is not being directly manipulated in dangerous ways. However, the plugin's vulnerability history is a major red flag. With a total of 14 known CVEs, including a past critical vulnerability and a history of XSS, information exposure, and RFI, this plugin has a demonstrated track record of being a target and having exploitable weaknesses. The fact that there are currently no unpatched CVEs is positive, but the historical pattern suggests a continued need for vigilance and potential for future undiscovered vulnerabilities.

In conclusion, while the current static analysis shows some good security practices like prepared statements and output escaping, the large number of unprotected AJAX endpoints and the extensive history of critical and high-severity vulnerabilities necessitate a cautious approach. The plugin's past suggests a propensity for security flaws, making it a potentially high-risk component despite some positive static analysis findings. The burden of proof lies on the plugin to demonstrate sustained security over time and across all its components.

Key Concerns

Large attack surface without authentication
12 AJAX handlers without auth checks
History of critical CVEs
History of high CVEs
History of PHP Remote File Inclusion
History of Cross-site Scripting
History of Exposure of Sensitive Information
Bundled libraries (Select2, DataTables)

Vulnerabilities

Sina Extension for Elementor Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

1 CVE in 2021

2021

8 CVEs in 2024

2024

4 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

14 total CVEs

CVE-2025-6228medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Sina Extension for Elementor <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Sina Posts`, `Sina Blog Post` and `Sina Table` Widgets

Jul 31, 2025 Patched in 3.7.1 (1d)

CVE-2025-49262medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Sina Extension for Elementor <= 3.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jun 5, 2025 Patched in 3.7.0 (7d)

CVE-2025-1517medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Sina Extension for Elementor <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text, Countdown Widget, and Login Form Shortcodes

Feb 25, 2025 Patched in 3.6.1 (1d)

CVE-2024-12624medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Sina Extension for Elementor <= 3.5.91 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Sina Image Differ

Jan 6, 2025 Patched in 3.6.0 (1d)

CVE-2024-9540medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

Sina Extension for Elementor <= 3.5.7 - Authenticated (Contributor+) Sensitive Information Exposure via Sina Modal Box Widget Elementor Template

Oct 15, 2024 Patched in 3.5.8 (1d)

CVE-2024-5260medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Sina Extension for Elementor <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via read_more_text Parameter

Jul 1, 2024 Patched in 3.5.6 (1d)

CVE-2024-5036medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

Jun 19, 2024 Patched in 3.5.5 (1d)

CVE-2024-4373medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.3 - Authenticated (Contributor+) Stored Cross-site Scriping via 'Sina Particle Layer'

May 14, 2024 Patched in 3.5.4 (30d)

CVE-2024-4333medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 13, 2024 Patched in 3.5.4 (2d)

CVE-2024-34384high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Sina Extension for Elementor <= 3.5.1 - Authenticated (Contributor+) Local File Inclusion

May 3, 2024 Patched in 3.5.2 (5d)

CVE-2024-3988medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sina Fancy Text Widget

Apr 24, 2024 Patched in 3.5.3 (1d)

CVE-2024-29935medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Sina Extension for Elementor <= 3.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 25, 2024 Patched in 3.5.1 (8d)

CVE-2021-24269medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Sina Extension for Elementor <= 3.3.11 - Stored Cross-Site Scripting

Apr 13, 2021 Patched in 3.3.12 (1015d)

CVE-2019-15839critical · 9.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Sina Extension for Elementor < 2.2.1 - Local File Inclusion

Jun 19, 2019 Patched in 2.2.1 (1679d)

Code Analysis

Analyzed Mar 16, 2026

Sina Extension for Elementor Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

151

1047 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2DataTables

SQL Query Safety

100% prepared1 total queries

Output Escaping

87% escaped1198 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

ajax_contact (inc\sina-ext-hooks.php:107)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

12 unprotected

Sina Extension for Elementor Attack Surface

Entry Points15

Unprotected12

AJAX Handlers 15

authwp_ajax_sina_ext_save_templateadmin\sina-ext-theme-builder.php:1

authwp_ajax_sina_ext_get_templateadmin\sina-ext-theme-builder.php:1

authwp_ajax_sina_ext_get_posts_by_queryadmin\sina-ext-theme-builder.php:1

authwp_ajax_sina_mc_subscribeinc\sina-ext-base.php:123

noprivwp_ajax_sina_mc_subscribeinc\sina-ext-base.php:124

authwp_ajax_sina_contactinc\sina-ext-base.php:126

noprivwp_ajax_sina_contactinc\sina-ext-base.php:127

authwp_ajax_sina_logininc\sina-ext-base.php:129

noprivwp_ajax_sina_logininc\sina-ext-base.php:130

authwp_ajax_sina_load_more_postsinc\sina-ext-base.php:132

noprivwp_ajax_sina_load_more_postsinc\sina-ext-base.php:133

authwp_ajax_sina_user_counterinc\sina-ext-base.php:135

noprivwp_ajax_sina_user_counterinc\sina-ext-base.php:136

authwp_ajax_sina_visit_counterinc\sina-ext-base.php:138

noprivwp_ajax_sina_visit_counterinc\sina-ext-base.php:139

WordPress Hooks 39

actionadmin_menuadmin\sina-ext-settings.php:170

actionadmin_menuadmin\sina-ext-settings.php:171

actionadmin_initadmin\sina-ext-settings.php:172

actionadmin_enqueue_scriptsadmin\sina-ext-settings.php:173

actionelementor/initadmin\sina-ext-templates.php:1

actionelementor/editor/after_enqueue_scriptsadmin\sina-ext-templates.php:1

actionelementor/ajax/register_actionsadmin\sina-ext-templates.php:1

actionelementor/editor/footeradmin\sina-ext-templates.php:1

actionadmin_enqueue_scriptsadmin\sina-ext-theme-builder.php:1

actioninitadmin\sina-ext-theme-builder.php:1

actionadmin_footeradmin\sina-ext-theme-builder.php:1

actionget_headeradmin\sina-ext-theme-builder.php:1

actionget_footeradmin\sina-ext-theme-builder.php:1

actionsina_ext_header_builder_contentadmin\sina-ext-theme-builder.php:1

actionsina_ext_footer_builder_contentadmin\sina-ext-theme-builder.php:1

actionsina_ext_archive_builder_contentadmin\sina-ext-theme-builder.php:1

actionsina_ext_single_builder_contentadmin\sina-ext-theme-builder.php:1

actionsina_ext_others_builder_contentadmin\sina-ext-theme-builder.php:1

filterparse_queryadmin\sina-ext-theme-builder.php:1

filtertemplate_includeadmin\sina-ext-theme-builder.php:1

filterbody_classadmin\sina-ext-theme-builder.php:1

filterposts_searchadmin\sina-ext-theme-builder.php:6

actionadmin_initinc\sina-ext-base.php:120

actionadmin_post_sina_ext_rollbackinc\sina-ext-base.php:121

filterwoocommerce_add_to_cart_fragmentsinc\sina-ext-base.php:149

actionelementor/controls/registerinc\sina-ext-controls-extend.php:44

actionelementor/element/common/_section_style/before_section_endinc\sina-ext-controls-extend.php:45

actionelementor/widget/render_contentinc\sina-ext-controls-extend.php:46

actionelementor/preview/enqueue_scriptsinc\sina-ext-controls-extend.php:47

actionadmin_noticesinc\sina-ext-func.php:147

actionadmin_noticesinc\sina-ext-func.php:153

actionadmin_noticesinc\sina-ext-func.php:159

actionelementor/elements/categories_registeredinc\sina-ext-func.php:164

actionelementor/widgets/registerinc\sina-ext-func.php:167

actionelementor/frontend/after_register_stylesinc\sina-ext-func.php:170

actionelementor/frontend/after_register_scriptsinc\sina-ext-func.php:173

actionwp_logoutinc\sina-ext-hooks.php:310

actionplugins_loadedsina-extension-for-elementor.php:167

actioninitsina-extension-for-elementor.php:177

Maintenance & Trust

Sina Extension for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 2, 2026

PHP min version7.0

Downloads930K

Community Trust

Rating98/100

Number of ratings35

Active installs50K

Alternatives

Sina Extension for Elementor Alternatives

Easy Elementor Addons – Addons Pack for Elementor Page Builder

easy-elementor-addons

Level up with Easy Elementor Addons – adds powerful widgets and sleek design tools to your favorite Elementor page builder.

1K 7 CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 35 CVEs

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

Elementor templates, Header footer builder, Elementor Post Grid, Woocommerce Grid builder, Slider, Forms, Gallery, Nav menu addons, Elementor widgets.

600K 1 unpatched

Unlimited Elements For Elementor

unlimited-elements-for-elementor

Elementor all-in-one addons pack with the best widgets for Elementor, offering 100+ free widgets, templates, and tools to create stunning websites!

300K 29 CVEs

Developer Profile

Sina Extension for Elementor Developer Profile

shaonsina

1 plugin · 50K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

197 days

View full developer profile

Detection Fingerprints

How We Detect Sina Extension for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sina-extension-for-elementor/assets/css/sina-extension-elementor.css/wp-content/plugins/sina-extension-for-elementor/assets/js/sina-extension-elementor.js/wp-content/plugins/sina-extension-for-elementor/assets/js/elementor-frontend.js

Script Paths

/wp-content/plugins/sina-extension-for-elementor/assets/js/elementor-frontend.js

Version Parameters

sina-extension-for-elementor/assets/css/sina-extension-elementor.css?ver=sina-extension-for-elementor/assets/js/sina-extension-elementor.js?ver=sina-extension-for-elementor/assets/js/elementor-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

sina-extension-for-elementor

Data Attributes

data-sina-tab-iddata-sina-tab-type

JS Globals

window.Sina_Extension

FAQ