cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9538,https://securityvulnerability.io/vulnerability/CVE-2024-9538,Sensitive Information Exposure Vulnerability in ShopLentor Plugin,"The ShopLentor plugin for WordPress has a vulnerability that allows authenticated attackers with Contributor-level access or higher to extract sensitive information. This issue arises from the 'render' function located in the includes/addons/wl_faq.php file. All versions of the plugin up to and including 2.9.8 are affected, making it crucial for users to take immediate action to secure their sites, particularly in protecting private, pending, and draft Elementor template data from unauthorized access.",Wordpress,Shoplentor – WooCommerce Builder For Elementor & Gutenberg +12 Modules – All In One Solution (formerly Woolentor),4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-11T11:01:55.139Z,0
CVE-2024-8668,https://securityvulnerability.io/vulnerability/CVE-2024-8668,Stored Cross-Site Scripting Vulnerability in ShopLentor WooCommerce Builder,"The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tooltip and countdown functionality in all versions up to, and including, 2.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Shoplentor – WooCommerce Builder For Elementor & Gutenberg +12 Modules – All In One Solution (formerly Woolentor),5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-09-25T04:30:27.952Z,0
CVE-2024-5530,https://securityvulnerability.io/vulnerability/CVE-2024-5530,Stored Cross-Site Scripting Vulnerability in ShopLentor Plugin,"The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Shoplentor – WooCommerce Builder For Elementor & Gutenberg +12 Modules – All In One Solution (formerly Woolentor),6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-11T04:32:12.795Z,0
CVE-2024-3345,https://securityvulnerability.io/vulnerability/CVE-2024-3345,Stored Cross-Site Scripting Vulnerability in ShopLentor Plugin,"The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode in all versions up to, and including, 2.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Shoplentor – WooCommerce Builder For Elementor & Gutenberg +12 Modules – All In One Solution (formerly Woolentor),6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-21T08:31:04.853Z,0
CVE-2024-4566,https://securityvulnerability.io/vulnerability/CVE-2024-4566,Unauthorized modification of data possible in ShopLentor plugin due to missing capability check,"The ShopLentor plugin for WordPress contains a significant vulnerability that allows unauthorized modification of data due to a crucial missing capability check in the ajax_dismiss function. This issue affects all versions up to and including 2.8.8. Authenticated attackers with contributor-level access or higher can exploit this vulnerability to set arbitrary WordPress options to 'true'. Furthermore, if the WooCommerce plugin is deactivated or the default WordPress admin dashboard is made accessible to authenticated users, even attackers with subscriber or customer-level access can leverage this security gap. As a result, this vulnerability poses a serious threat to the integrity of WordPress sites utilizing the ShopLentor plugin.",Wordpress,Shoplentor – WooCommerce Builder For Elementor & Gutenberg +12 Modules – All In One Solution (formerly Woolentor),7.1,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-21T08:31:04.348Z,0
CVE-2023-6327,https://securityvulnerability.io/vulnerability/CVE-2023-6327,Unauthorized Access to Purchased Products Data in ShopLentor Plugin,"The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to view all products purchased in the past week, along with the users that purchased them.",Wordpress,Shoplentor – WooCommerce Builder For Elementor & Gutenberg +12 Modules – All In One Solution (formerly Woolentor),5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-14T14:33:00.000Z,0
CVE-2023-7067,https://securityvulnerability.io/vulnerability/CVE-2023-7067,Unauthorized Data Modification in ShopLentor Plugin for WordPress,"The ShopLentor plugin for WordPress, specifically versions up to and including 2.8.1, is susceptible to unauthorized modification of data due to an inadequate capability check on the 'woolentor_template_store' function. Authenticated attackers with contributor access or higher can exploit this flaw, allowing them to manipulate the nonce linked to this function and set a blank template as the default. This exposes websites using this plugin to potential data integrity issues.",Wordpress,Shoplentor – WooCommerce Builder For Elementor & Gutenberg +12 Modules – All In One Solution (formerly Woolentor),4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:20.896Z,0
CVE-2024-3991,https://securityvulnerability.io/vulnerability/CVE-2024-3991,Stored Cross-Site Scripting Vulnerability in WooCommerce Builder Plugin by WordPress,"The ShopLentor plugin for WordPress, specifically the Horizontal Product Filter module, exhibits a stored cross-site scripting vulnerability due to inadequate input sanitization and lack of output escaping. This flaw allows authenticated attackers with contributor-level access or higher to craft malicious web scripts that get executed when users navigate to pages containing the injected scripts. The vulnerability affects all versions of the plugin up to and including 2.8.7, making it critical for site administrators to address this issue to safeguard their websites from potential exploitation.",Wordpress,Shoplentor – WooCommerce Builder For Elementor & Gutenberg +12 Modules – All In One Solution (formerly Woolentor),6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:08.334Z,0
CVE-2024-2946,https://securityvulnerability.io/vulnerability/CVE-2024-2946,Stored Cross-Site Scripting Vulnerability in ShopLentor Plugin,"The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's QR Code Widget in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Shoplentor – WooCommerce Builder For Elementor & Gutenberg +12 Modules – All In One Solution (formerly Woolentor),6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-09T18:59:25.791Z,0
CVE-2024-1960,https://securityvulnerability.io/vulnerability/CVE-2024-1960,Stored Cross-Site Scripting Vulnerability in ShopLentor Plugin,"The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Shoplentor – WooCommerce Builder For Elementor & Gutenberg +12 Modules – All In One Solution (formerly Woolentor),6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-09T18:58:42.909Z,0