4 matches found
WordPress ShopLentor Plugin < 2.5.4 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:hasthemes:woolentor-woocommerceelementoraddons%2bbuilder";...
CVE-2023-0231 ShopLentor < 2.5.4 - Contributor+ Stored XSS
The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0231
CVE-2023-0231 affects the ShopLentor WordPress plugin up to version 2.5.4. Multiple connected sources confirm the vulnerability stems from not validating and escaping certain block options when outputting them in a page/post where a block is embedded, allowing Stored Cross-Site Scripting for user...
CVE-2023-0231 ShopLentor < 2.5.4 - Contributor+ Stored XSS
The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...