Hasthemes

Shoplentor

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-12493

  • EPSS 0.37%
  • Veröffentlicht 04.11.2025 11:19:27
  • Zuletzt bearbeitet 26.11.2025 14:41:39

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.2.5 via the 'load_template' funct...

5.4

CVE-2025-11823

  • EPSS 0.05%
  • Veröffentlicht 25.10.2025 04:22:44
  • Zuletzt bearbeitet 26.11.2025 14:42:57

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button_exist_text' parameter in the 'wishsuite_button' shortcode in all versio...

5.4

CVE-2025-58990

  • EPSS 0.02%
  • Veröffentlicht 09.09.2025 16:33:07
  • Zuletzt bearbeitet 26.11.2025 17:20:12

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasTech ShopLentor allows Stored XSS. This issue affects ShopLentor: from n/a through 3.2.0.

6.5

CVE-2025-3775

  • EPSS 0.53%
  • Veröffentlicht 25.04.2025 04:23:04
  • Zuletzt bearbeitet 26.11.2025 17:32:55

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.2 via the woolentor_temp...

5.4

CVE-2025-1527

  • EPSS 0.08%
  • Veröffentlicht 12.03.2025 11:13:32
  • Zuletzt bearbeitet 24.03.2025 17:50:57

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to a Stored DOM-Based Cross-Site Scripting via the plugin's Flash Sale Countdown module in all ve...

6.5

CVE-2024-9538

  • EPSS 0.5%
  • Veröffentlicht 11.10.2024 13:15:19
  • Zuletzt bearbeitet 25.11.2025 20:13:03

The ShopLentor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.8 via the 'render' function in includes/addons/wl_faq.php. This makes it possible for authenticated attackers, with Contribu...

5.4

CVE-2024-5530

  • EPSS 0.36%
  • Veröffentlicht 11.06.2024 05:15:53
  • Zuletzt bearbeitet 25.11.2025 20:33:09

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versi...

5.4

CVE-2024-34767

  • EPSS 0.14%
  • Veröffentlicht 03.06.2024 12:15:09
  • Zuletzt bearbeitet 25.11.2025 20:37:46

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes ShopLentor allows Stored XSS.This issue affects ShopLentor: from n/a through 2.8.7.

5.4

CVE-2024-3345

  • EPSS 0.36%
  • Veröffentlicht 21.05.2024 09:15:08
  • Zuletzt bearbeitet 25.11.2025 19:55:15

The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode in all versions up to, and including, 2.8.8 due to insufficient input sanitization and output escaping on user supplied attrib...

7.1

CVE-2024-4566

  • EPSS 0.29%
  • Veröffentlicht 21.05.2024 09:15:08
  • Zuletzt bearbeitet 25.11.2025 20:43:45

The ShopLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 2.8.8. This makes it possible for authenticated attackers, wit...