4 matches found
CVE-2024-2946
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's QR Code Widget in all versions up to, and including, 2.8.4 due to insufficient input sanitization...
CVE-2024-2946
CVE-2024-2946 concerns ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules (formerly WooLentor). Red Hat confirms a Stored Cross-Site Scripting vulnerability in the QR Code Widget affecting all versions up to 2.8.4 due to insufficient input sanitization and output escaping on u...
CVE-2024-2946 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.4 - Authenticated (Contributor+) Stored Cross-site Scripting via QR Code Widget
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's QR Code Widget in all versions up to, and including, 2.8.4 due to insufficient input sanitization...
WordPress ShopLentor Plugin <= 2.8.4 is vulnerable to Cross Site Scripting (XSS)
Software ShopLentor Type Plugin Vulnerable versions = 2.8.4 Fixed in 2.8.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2946 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 95e2e2bf1701 Credits Phuoc Pham p3tl0v3r Required...