Sina Extension for Elementor < 3.5.8 – Authenticated (Contributor+) Sensitive Information Exposure via Sina Modal Box Widget Elementor Template | CVE 2024-9540 | Plugin Vulnerabilities

Description

The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data.

Affects Plugins

sina-extension-for-elementor

Fixed in 3.5.8

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/ab8659e1-5880-4738-99ed-e671449c6878

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Nishiv

Verified

No

WPVDB ID

ace6001a-2442-4c1e-b1c4-82e6710439b8

Timeline

Publicly Published

2024-10-15 (about 1 year ago)

Added

2024-10-15 (about 1 year ago)

Last Updated

2024-10-16 (about 1 year ago)

Other

Published

Title

Published

2025-11-26

Title

eRoom < 1.5.7 - Unauthenticated Information Exposure

Published

2025-02-13

Title

Return Refund and Exchange For WooCommerce < 4.4.6 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory

Published

2025-07-16

Title

JetBlocks For Elementor < 1.3.19 - Authenticated (Subscriber+) Information Disclsoure

Published

2024-03-11

Title

f(x) Private Site <= 1.2.1 - Sensitive Information Exposure

Published

2023-12-29

Title

Image Source Control < 2.17.1 - Sensitive Information Exposure via Log File