WordPress Plugin Vulnerabilities

Sina Extension For Elementor <= 2.2.0 - LFI

Description

The Sina Extension for Elementor WordPress plugin was affected by a LFI security vulnerability.

Affects Plugins

Plugin icon
sina-extension-for-elementor
Fixed in 2.2.1

References

CVE
CVE-2019-15839
URL
https://plugins.trac.wordpress.org/changeset?reponame=&new=2109314%40sina-extension-for-elementor&old=2106674%40sina-extension-for-elementor

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
7.5 (high)

Miscellaneous

Verified
No
WPVDB ID
e78b3739-8517-4615-bb1f-db8d2d3934df

Timeline

Publicly Published
2019-06-19 (about 6 years ago)
Added
2019-06-20 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2015-04-10
Title
Fusion Engage 1.0.5 - Local File Disclosure
Published
2024-11-08
Title
WooCommerce Support Ticket System < 17.8 - Unauthenticated Arbitrary File Deletion
Published
2024-12-17
Title
WPLMS < 1.9.9.5.2 - Authenticated (Contributor+) Arbitrary Directory Deletion
Published
2025-01-23
Title
Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget < 1.7 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler()
Published
2026-04-02
Title
Perfmatters < 2.6.0 - Authenticated (Subscriber+) Arbitrary File Deletion via 'delete' Parameter