Hasthemes

Shoplentor

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2023-6327

  • EPSS 0.41%
  • Veröffentlicht 14.05.2024 14:33:18
  • Zuletzt bearbeitet 25.11.2025 19:51:27

The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to, and including, 2.8.7. This makes it possible for una...

5.4

CVE-2024-3991

  • EPSS 0.2%
  • Veröffentlicht 02.05.2024 17:15:33
  • Zuletzt bearbeitet 26.11.2025 12:56:39

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute in the Horizontal Product Filter in all vers...

4.3

CVE-2023-7067

  • EPSS 0.11%
  • Veröffentlicht 02.05.2024 17:15:09
  • Zuletzt bearbeitet 26.11.2025 13:04:34

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentor_template...

5.4

CVE-2024-1057

  • EPSS 0.13%
  • Veröffentlicht 20.04.2024 02:15:06
  • Zuletzt bearbeitet 26.11.2025 13:06:59

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishsuite_button' shortcode in all versions up t...

5.4

CVE-2024-2946

  • EPSS 0.2%
  • Veröffentlicht 09.04.2024 19:15:38
  • Zuletzt bearbeitet 26.11.2025 13:22:10

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's QR Code Widget in all versions up to, and includi...

5.4

CVE-2024-1960

  • EPSS 0.15%
  • Veröffentlicht 09.04.2024 19:15:21
  • Zuletzt bearbeitet 06.05.2025 15:21:55

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all versions up to...

6.4

CVE-2024-2868

  • EPSS 0.26%
  • Veröffentlicht 04.04.2024 02:15:07
  • Zuletzt bearbeitet 02.10.2025 01:35:05

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in al...

5.4

CVE-2023-0231

Exploit
  • EPSS 0.36%
  • Veröffentlicht 21.02.2023 09:15:12
  • Zuletzt bearbeitet 12.03.2025 17:15:37

The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cro...

9.8

CVE-2023-0232

Exploit
  • EPSS 0.83%
  • Veröffentlicht 21.02.2023 09:15:12
  • Zuletzt bearbeitet 12.03.2025 21:15:40

The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection.