WordPress ShopLentor plugin <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'buttontext' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin ShopLentor versions = 3.3.5...

CVE-2025-13838

WishSuite – Wishlist for WooCommerce has a stored XSS in the button_text attribute of the wishsuite_button shortcode, affecting all versions up to and including 1.5.1. Exploitation requires authenticated access at Contributor level or higher; an attacker can inject scripts that run in pages viewe...