VYPR

ShopLentor

by WordPress

CVEs (22)

  • CVE-2025-12493CriNov 4, 2025
    risk 0.64cvss 9.8epss 0.01

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.2.5 via the 'load_template' function. This makes it…

  • CVE-2023-0232CriFeb 21, 2023
    risk 0.64cvss 9.8epss 0.03

    The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection.

  • CVE-2026-1714HigFeb 18, 2026
    risk 0.49cvss 8.6epss 0.01

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Email Relay Abuse in all versions up to, and including, 3.3.2. This is due to the lack of validation on the 'send_to', 'product_title',…

  • CVE-2025-11823MedOct 25, 2025
    risk 0.42cvss 6.4epss 0.00

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button_exist_text' parameter in the 'wishsuite_button' shortcode in all versions up to, and including,…

  • CVE-2025-3775MedApr 25, 2025
    risk 0.42cvss 6.5epss 0.00

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.2 via the woolentor_template_proxy function. This…

  • CVE-2024-8668MedSep 25, 2024
    risk 0.42cvss 6.4epss 0.00

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tooltip and countdown functionality in all versions up to, and including, 2.9.7 due…

  • CVE-2024-34767MedJun 3, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes ShopLentor allows Stored XSS.This issue affects ShopLentor: from n/a through 2.8.7.

  • CVE-2024-2946MedApr 9, 2024
    risk 0.42cvss 6.4epss 0.00

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's QR Code Widget in all versions up to, and including, 2.8.4 due to…

  • CVE-2024-4566HigMay 21, 2024
    risk 0.39cvss 7.1epss 0.00

    The ShopLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 2.8.8. This makes it possible for authenticated attackers, with contributor-level access…

  • CVE-2025-1527MedMar 12, 2025
    risk 0.35cvss 6.4epss 0.00

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to a Stored DOM-Based Cross-Site Scripting via the plugin's Flash Sale Countdown module in all versions up to, and…

  • CVE-2024-5530MedJun 11, 2024
    risk 0.35cvss 6.4epss 0.00

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including,…

  • CVE-2024-3345MedMay 21, 2024
    risk 0.35cvss 6.4epss 0.00

    The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode in all versions up to, and including, 2.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible…

  • CVE-2024-3991MedMay 2, 2024
    risk 0.35cvss 6.4epss 0.00

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute in the Horizontal Product Filter in all versions up to, and…

  • CVE-2024-1057MedApr 20, 2024
    risk 0.35cvss 6.4epss 0.00

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishsuite_button' shortcode in all versions up to, and including, 2.8.1…

  • CVE-2024-1960MedApr 9, 2024
    risk 0.35cvss 6.4epss 0.01

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all versions up to, and including, 2.8.1…

  • CVE-2024-2868MedApr 4, 2024
    risk 0.35cvss 6.4epss 0.00

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all versions up to, and…

  • CVE-2022-46798MedMar 1, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.5.1 leading to plugin settings change.

  • CVE-2023-0231MedFeb 21, 2023
    risk 0.35cvss 5.4epss 0.01

    The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

  • CVE-2024-9538MedOct 11, 2024
    risk 0.28cvss 4.3epss 0.00

    The ShopLentor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.8 via the 'render' function in includes/addons/wl_faq.php. This makes it possible for authenticated attackers, with Contributor-level access and above,…

  • CVE-2023-6327MedMay 14, 2024
    risk 0.28cvss 5.3epss 0.01

    The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to…

Page 1 of 2