Shoplentor Security Vulnerabilities and Issues — Shoplentor CVE List

Lucene search

HasthemesShoplentor

5 matches found

CVE•added 2023/02/21 9:15 a.m.•56 views

CVE-2023-0232

The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection.

9.8CVSS9.5AI score0.00313EPSS

CVE•added 2023/02/21 9:15 a.m.•53 views

CVE-2023-0231

The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4CVSS5.3AI score0.00152EPSS

Web

CVE•added 2025/03/12 12:15 p.m.•48 views

CVE-2025-1527

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to a Stored DOM-Based Cross-Site Scripting via the plugin's Flash Sale Countdown module in all versions up to, and including, 3.1.0 due to insuffi...

6.4CVSS6AI score0.00031EPSS

CVE•added 2024/04/09 7:15 p.m.•46 views

CVE-2024-1960

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all versions up to, and including, 2.8.1 due to insufficient input ...

6.4CVSS7.6AI score0.00148EPSS

CVE•added 2024/04/04 2:15 a.m.•46 views

CVE-2024-2868

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all versions up to, and including, 2.8.3 due to ins...

6.4CVSS7.7AI score0.0025EPSS