Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2026/06/05 7:28 p.m.11 views

CVE-2026-4059

The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the woolentorquickviewbutton shortcode's buttontext attribute in all versions up to, and including, 3.3.5. This is due to insufficient input sanitization and missing output escaping on user-supplied shortcode...

6.4CVSS5.7AI score0.00296EPSS
Exploits0References1
cvelist
cvelist
added 2026/04/14 3:37 a.m.29 views

CVE-2026-4059 ShopLentor <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute

The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the woolentorquickviewbutton shortcode's buttontext attribute in all versions up to, and including, 3.3.5. This is due to insufficient input sanitization and missing output escaping on user-supplied shortcode...

6.4CVSS0.00296EPSS
Exploits0References7
cve
cve
added 2026/04/14 3:37 a.m.14 views

CVE-2026-4059

CVE-2026-4059 (ShopLentor WordPress plugin) is a Stored Cross-Site Scripting vulnerability affecting all versions up to 3.3.5. The issue arises from insufficient input sanitization and missing output escaping on the woolentor_quickview_button shortcode’s button_text attribute, allowing authentica...

6.4CVSS5.9AI score0.00296EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/04/14 3:37 a.m.2 views

CVE-2026-4059

The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the woolentorquickviewbutton shortcode's buttontext attribute in all versions up to, and including, 3.3.5. This is due to insufficient input sanitization and missing output escaping on user-supplied shortcode...

6.4CVSS5.9AI score0.00296EPSS
Exploits0References8
Rows per page
Query Builder