Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin, with AI-generated Chinese analysis, references, and POCs.

This page documents vulnerability advisories associated with the ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin, a widely used WordPress extension developed by the vendor ShopLentor. The collection focuses on security weaknesses affecting this specific product, primarily covering vulnerabilities discovered and disclosed between January 2020 and the present. It aggregates data related to various weakness classes, including Cross-Site Scripting, SQL Injection, and privilege escalation issues that have been reported in the plugin’s past releases. By centralizing this information, the page allows security researchers, developers, and store administrators to efficiently track a vendor's response to security incidents and understand the context of specific weakness classes. Users can look up a product's vulnerability history to assess the stability and security maturity of the ShopLentor plugin over time. This resource serves as a historical record of security events, helping stakeholders evaluate risks associated with installing or updating this WooCommerce enhancement tool. The content is compiled from publicly available security bulletins, vendor disclosures, and independent security reports. It aims to provide a transparent view of the plugin’s security posture without endorsing or condemning the vendor. The page is updated regularly as new advisories are published or as additional historical data is verified. This approach ensures that the information remains current and useful for ongoing security assessments and compliance checks within the WordPress ecosystem.

Vendor: devitemsllc

CVE IDTitleCVSSSeverityPublished
CVE-2026-4059 ShopLentor <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute CWE-79 6.4 Medium2026-04-14
CVE-2026-1714 ShopLentor <= 3.3.2 - Unauthenticated Email Relay Abuse via 'woolentor_suggest_price_action' AJAX Action CWE-93 8.6 High2026-02-18
CVE-2025-12493 ShopLentor <= 3.2.5 - Unauthenticated Local PHP File Inclusion via 'load_template' CWE-22 9.8 Critical2025-11-04
CVE-2025-11823 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-80 6.4 Medium2025-10-25
CVE-2025-3775 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.2 - Unauthenticated Server-Side Request Forgery via URL Parameter CWE-918 6.5 Medium2025-04-25
CVE-2025-1527 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Flash Sale Countdown Module CWE-79 6.4 Medium2025-03-12
CVE-2024-9538 ShopLentor <= 2.9.8 - Authenticated (Contributor+) Sensitive Information Exposure via WL: FAQ Widget Elementor Template CWE-200 4.3 Medium2024-10-11
CVE-2024-8668 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting CWE-79 6.4 Medium2024-09-25
CVE-2024-5530 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Product Horizontal Filter Widget CWE-79 6.4 Medium2024-06-11
CVE-2024-3345 ShopLentor <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode CWE-79 6.4 Medium2024-05-21
CVE-2024-4566 ShopLentor <= 2.8.8 - Missing Authorization to WordPress Option Modification CWE-862 7.1 High2024-05-21
CVE-2023-6327 ShopLentor (formerly WooLentor) <= 2.8.7 - Missing Authorization via purchased_new_products CWE-862 5.3 Medium2024-05-09
CVE-2023-7067 ShopLentor <= 2.8.1 - Improper Authorization via woolentor_template_store CWE-862 4.3 Medium2024-05-02
CVE-2024-3991 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.7 - Authenticated (contributor+) Stored Cross-Site Scripting via _id CWE-79 6.4 Medium2024-05-02
CVE-2024-1057 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-04-20
CVE-2024-2946 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.4 - Authenticated (Contributor+) Stored Cross-site Scripting via QR Code Widget CWE-79 6.4 Medium2024-04-09
CVE-2024-1960 ShopLentor <= 2.8.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Banner Link CWE-79 6.4 Medium2024-04-09
CVE-2024-2868 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Universal Product Layout CWE-79 6.4 Medium2024-04-04

All 18 known CVE vulnerabilities affecting ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin with full Chinese analysis, references, and POCs where available.