Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin, with AI-generated Chinese analysis, references, and POCs.

Vendor: devitemsllc

CVE IDTitleCVSSSeverityPublished
CVE-2026-4059 ShopLentor <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute CWE-79 6.4 Medium2026-04-14
CVE-2026-1714 ShopLentor <= 3.3.2 - Unauthenticated Email Relay Abuse via 'woolentor_suggest_price_action' AJAX Action CWE-93 8.6 High2026-02-18
CVE-2025-12493 ShopLentor <= 3.2.5 - Unauthenticated Local PHP File Inclusion via 'load_template' CWE-22 9.8 Critical2025-11-04
CVE-2025-11823 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-80 6.4 Medium2025-10-25
CVE-2025-3775 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.2 - Unauthenticated Server-Side Request Forgery via URL Parameter CWE-918 6.5 Medium2025-04-25
CVE-2025-1527 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Flash Sale Countdown Module CWE-79 6.4 Medium2025-03-12
CVE-2024-9538 ShopLentor <= 2.9.8 - Authenticated (Contributor+) Sensitive Information Exposure via WL: FAQ Widget Elementor Template CWE-200 4.3 Medium2024-10-11
CVE-2024-8668 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting CWE-79 6.4 Medium2024-09-25
CVE-2024-5530 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Product Horizontal Filter Widget CWE-79 6.4 Medium2024-06-11
CVE-2024-3345 ShopLentor <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode CWE-79 6.4 Medium2024-05-21
CVE-2024-4566 ShopLentor <= 2.8.8 - Missing Authorization to WordPress Option Modification CWE-862 7.1 High2024-05-21
CVE-2023-6327 ShopLentor (formerly WooLentor) <= 2.8.7 - Missing Authorization via purchased_new_products CWE-862 5.3 Medium2024-05-09
CVE-2023-7067 ShopLentor <= 2.8.1 - Improper Authorization via woolentor_template_store CWE-862 4.3 Medium2024-05-02
CVE-2024-3991 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.7 - Authenticated (contributor+) Stored Cross-Site Scripting via _id CWE-79 6.4 Medium2024-05-02
CVE-2024-1057 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-04-20
CVE-2024-2946 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.4 - Authenticated (Contributor+) Stored Cross-site Scripting via QR Code Widget CWE-79 6.4 Medium2024-04-09
CVE-2024-1960 ShopLentor <= 2.8.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Banner Link CWE-79 6.4 Medium2024-04-09
CVE-2024-2868 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Universal Product Layout CWE-79 6.4 Medium2024-04-04

All 18 known CVE vulnerabilities affecting ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin with full Chinese analysis, references, and POCs where available.