4 matches found
CVE-2024-3345
The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode in all versions up to, and including, 2.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-3345
CVE-2024-3345 affects ShopLentor – WooCommerce Builder for Elementor & Gutenberg (formerly WooLentor). The WordPress ShopLentor plugin is vulnerable to Stored Cross-Site Scripting via the woolentorsearch shortcode due to insufficient input sanitization and output escaping on user-supplied attribu...
WordPress ShopLentor plugin <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via woolentorsearch Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin ShopLentor versions = 2.8.8...
ShopLentor < 2.8.9 - Contributor+ Stored XSS via woolentorsearch Shortcode
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to...