VYPR

Shoplentor

by Hasthemes

CVEs (16)

  • CVE-2025-58990MedSep 9, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevItems ShopLentor woolentor-addons allows Stored XSS.This issue affects ShopLentor: from n/a through <= 3.2.0.

  • CVE-2024-2946MedApr 9, 2024
    risk 0.42cvss 6.4epss 0.00

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's QR Code Widget in all versions up to, and including, 2.8.4 due to…

  • CVE-2024-4566HigMay 21, 2024
    risk 0.39cvss 7.1epss 0.00

    The ShopLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 2.8.8. This makes it possible for authenticated attackers, with contributor-level access…

  • CVE-2024-5530MedJun 11, 2024
    risk 0.35cvss 6.4epss 0.00

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including,…

  • CVE-2024-3345MedMay 21, 2024
    risk 0.35cvss 6.4epss 0.00

    The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode in all versions up to, and including, 2.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible…

  • CVE-2024-3991MedMay 2, 2024
    risk 0.35cvss 6.4epss 0.00

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute in the Horizontal Product Filter in all versions up to, and…

  • CVE-2024-1057MedApr 20, 2024
    risk 0.35cvss 6.4epss 0.00

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishsuite_button' shortcode in all versions up to, and including, 2.8.1…

  • CVE-2024-1960MedApr 9, 2024
    risk 0.35cvss 6.4epss 0.01

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all versions up to, and including, 2.8.1…

  • CVE-2024-2868MedApr 4, 2024
    risk 0.35cvss 6.4epss 0.00

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all versions up to, and…

  • CVE-2023-6327MedMay 14, 2024
    risk 0.27cvss 5.3epss 0.01

    The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to…

  • CVE-2023-7067MedMay 2, 2024
    risk 0.21cvss 4.3epss 0.00

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentor_template_store' function in all…

  • CVE-2024-34767Jun 3, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes ShopLentor allows Stored XSS.This issue affects ShopLentor: from n/a through 2.8.7.

  • CVE-2022-47172Jul 17, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions.

  • CVE-2022-46798Mar 1, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.5.1 leading to plugin settings change.

  • CVE-2023-0232Feb 21, 2023
    risk 0.00cvss epss 0.03

    The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection.

  • CVE-2023-0231Feb 21, 2023
    risk 0.00cvss epss 0.01

    The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.