Shoplentor Security Vulnerabilities and Issues — Shoplentor CVE List

Lucene search

HasthemesShoplentor

9 matches found

CVE•added 2023/02/21 9:15 a.m.•55 views

CVE-2023-0232

The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection.

9.8CVSS9.5AI score0.00313EPSS

CVE•added 2023/02/21 9:15 a.m.•52 views

CVE-2023-0231

The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4CVSS5.3AI score0.00152EPSS

CVE•added 2023/07/17 3:15 p.m.•47 views

CVE-2022-47172

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions.

8.8CVSS6.4AI score0.0006EPSS

CVE•added 2025/03/12 12:15 p.m.•47 views

CVE-2025-1527

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to a Stored DOM-Based Cross-Site Scripting via the plugin's Flash Sale Countdown module in all versions up to, and including, 3.1.0 due to insuffi...

6.4CVSS6AI score0.00049EPSS

CVE•added 2024/04/09 7:15 p.m.•45 views

CVE-2024-1960

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all versions up to, and including, 2.8.1 due to insufficient input ...

6.4CVSS7.6AI score0.00109EPSS

CVE•added 2024/04/04 2:15 a.m.•44 views

CVE-2024-2868

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all versions up to, and including, 2.8.3 due to ins...

6.4CVSS7.7AI score0.00144EPSS

CVE•added 2024/06/03 12:15 p.m.•43 views

CVE-2024-34767

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes ShopLentor allows Stored XSS.This issue affects ShopLentor: from n/a through 2.8.7.

6.5CVSS6.7AI score0.00113EPSS

CVE•added 2024/06/11 5:15 a.m.•40 views

CVE-2024-5530

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to insufficie...

6.4CVSS5.9AI score0.00265EPSS

CVE•added 2023/03/01 3:15 p.m.•35 views

CVE-2022-46798

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.5.1 leading to plugin settings change.

5.4CVSS5.5AI score0.00041EPSS