CVE-2026-4059

The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the woolentorquickviewbutton shortcode's buttontext attribute in all versions up to, and including, 3.3.5. This is due to insufficient input sanitization and missing output escaping on user-supplied shortcode...

CVE-2026-4059

CVE-2026-4059 (ShopLentor WordPress plugin) is a Stored Cross-Site Scripting vulnerability affecting all versions up to 3.3.5. The issue arises from insufficient input sanitization and missing output escaping on the woolentor_quickview_button shortcode’s button_text attribute, allowing authentica...

CVE-2026-4059

The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the woolentorquickviewbutton shortcode's buttontext attribute in all versions up to, and including, 3.3.5. This is due to insufficient input sanitization and missing output escaping on user-supplied shortcode...

CVE-2026-4059 ShopLentor <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute

The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the woolentorquickviewbutton shortcode's buttontext attribute in all versions up to, and including, 3.3.5. This is due to insufficient input sanitization and missing output escaping on user-supplied shortcode...

CVE-2026-1714

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Email Relay Abuse in all versions up to, and including, 3.3.2. This is due to the lack of validation on the 'sendto', 'producttitle', 'wlmessage', and 'wlemail'...

CVE-2026-1714 ShopLentor <= 3.3.2 - Unauthenticated Email Relay Abuse via 'woolentor_suggest_price_action' AJAX Action

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Email Relay Abuse in all versions up to, and including, 3.3.2. This is due to the lack of validation on the 'sendto', 'producttitle', 'wlmessage', and 'wlemail'...

CVE-2021-24262

The “WooLentor – WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...

WordPress plugin ShopLentor 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2023-7067

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentortemplatestore' function in all versions up to, and...

CVE-2023-7067

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentortemplatestore' function in all versions up to, and...

WordPress plugin ShopLentor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress ShopLentor plugin <= 2.8.1 - Improper Authorization via woolentor_template_store vulnerability

Improper Authorization via woolentortemplatestore vulnerability discovered by Lucio Sá in WordPress Plugin ShopLentor versions = 2.8.1...

CVE-2022-47172 WordPress WooLentor Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in HasThemes ShopLentor plugin = 2.6.2 versions...

CVE-2022-47172 WordPress WooLentor Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in HasThemes ShopLentor plugin = 2.6.2 versions...

CVE-2022-46798 WordPress WooLentor Plugin <= 2.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in HasThemes ShopLentor plugin = 2.5.1 leading to plugin settings change...

CVE-2022-46798 WordPress WooLentor Plugin <= 2.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in HasThemes ShopLentor plugin = 2.5.1 leading to plugin settings change...

CVE-2021-24262

The “WooLentor – WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...

CVE-2021-24262 WooLentor - WooCommerce Elementor Addons + Builder < 1.8.6 - Contributor+ Stored XSS

The “WooLentor – WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...

CVE-2021-24262

The CVE concerns the WordPress plugin WooLentor – WooCommerce Elementor Addons + Builder (versions before 1.8.6). A widget, specifically the product title widget, is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users (e.g., contributors) via a flaw in the allowed input for ...

WordPress 插件跨站脚本漏洞

WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress WooLentorCWooCommerce Elementor Addons+Builder versions prior to 1.8.6. An attacker can exploit this vulnerability to launch a cross-site scripting attack...