Unrated severityNVD Advisory· Published Oct 11, 2024· Updated Apr 8, 2026

ShopLentor <= 2.9.8 - Authenticated (Contributor+) Sensitive Information Exposure via WL: FAQ Widget Elementor Template

CVE-2024-9538

Description

The ShopLentor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.8 via the 'render' function in includes/addons/wl_faq.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data.

Affected products

ShopLentor/ShopLentorllm-fuzzy
Range: <=2.9.8
devitemsllc/ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Pluginv5
Range: 0
WordPress/ShopLentorwp-canonicalize

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changeset/3164057/woolentor-addonsmitre
www.wordfence.com/threat-intel/vulnerabilities/id/6b36938e-5333-4331-9bb1-34465fe03f2fmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000