VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 25 known issues Latest disclosed Apr 13, 2026

ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin Vulnerabilities

Review known vulnerability records for the WordPress plugin ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin (`woolentor-addons`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-4059, CVE-2026-1714 and CVE-2025-12493, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
25
High or Critical
4
Patch Coverage
100%
Last Updated
Apr 13, 2026
Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
25 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
2 critical and 2 high severity findings.
Recent CVEs
CVE-2026-4059, CVE-2026-1714 and CVE-2025-12493
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-4059
ShopLentor <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute

The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the woolentor_quickview_button shortcode's button_text attribute in all versions up to, and including, 3.3.5. This is due to insufficient input sanitization and missing output escaping on user-su...

Published
Apr 13, 2026
Patched Release
3.3.6
Affected Versions
Versions up to 3.3.5
Next Step
Update to 3.3.6 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2026-1714
ShopLentor <= 3.3.2 - Unauthenticated Email Relay Abuse via 'woolentor_suggest_price_action' AJAX Action

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Email Relay Abuse in all versions up to, and including, 3.3.2. This is due to the lack of validation on the 'send_to', 'product_title', 'wlmessag...

Published
Feb 17, 2026
Patched Release
3.3.3
Affected Versions
Versions up to 3.3.2
Next Step
Update to 3.3.3 or newer if supported.
Open Full Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2025-12493
ShopLentor <= 3.2.5 - Unauthenticated Local PHP File Inclusion via 'load_template'

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.2.5 via the 'load_template' function. This makes it possible fo...

Published
Nov 03, 2025
Patched Release
3.2.6
Affected Versions
Versions up to 3.2.5
Next Step
Update to 3.2.6 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-11823
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button_exist_text' parameter in the 'wishsuite_button' shortcode in all versions up to, and including, 3.2.4...

Published
Oct 24, 2025
Patched Release
3.2.5
Affected Versions
Versions up to 3.2.4
Next Step
Update to 3.2.5 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-58990
ShopLentor <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inj...

Published
Sep 09, 2025
Patched Release
3.2.1
Affected Versions
Versions up to 3.2.0
Next Step
Update to 3.2.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-3775
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.2 - Unauthenticated Server-Side Request Forgery via URL Parameter

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.2 via the woolentor_template_proxy function. This make...

Published
Apr 24, 2025
Patched Release
3.1.3
Affected Versions
Versions up to 3.1.2
Next Step
Update to 3.1.3 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-1527
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Flash Sale Countdown Module

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to a Stored DOM-Based Cross-Site Scripting via the plugin's Flash Sale Countdown module in all versions up to, and including, 3...

Published
Mar 11, 2025
Patched Release
3.1.1
Affected Versions
Versions up to 3.1.0
Next Step
Update to 3.1.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-9538
ShopLentor <= 2.9.8 - Authenticated (Contributor+) Sensitive Information Exposure via WL: FAQ Widget Elementor Template

The ShopLentor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.8 via the 'render' function in includes/addons/wl_faq.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

Published
Oct 10, 2024
Patched Release
2.9.9
Affected Versions
Versions up to 2.9.8
Next Step
Update to 2.9.9 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-8668
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tooltip and countdown functionality in all versions up to, and including, 2.9.7 due to i...

Published
Sep 24, 2024
Patched Release
2.9.8
Affected Versions
Versions up to 2.9.7
Next Step
Update to 2.9.8 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-5530
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Product Horizontal Filter Widget

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9....

Published
Jun 10, 2024
Patched Release
2.9.1
Affected Versions
Versions up to 2.9.0
Next Step
Update to 2.9.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-4566
ShopLentor <= 2.8.8 - Missing Authorization to WordPress Option Modification

The ShopLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 2.8.8. This makes it possible for authenticated attackers, with contributor-level access and...

Published
May 20, 2024
Patched Release
2.8.9
Affected Versions
Versions up to 2.8.8
Next Step
Update to 2.8.9 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-3345
ShopLentor <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode

The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode in all versions up to, and including, 2.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

Published
May 20, 2024
Patched Release
2.8.9
Affected Versions
Versions up to 2.8.8
Next Step
Update to 2.8.9 or newer if supported.
Open Full Report Open CVE Reference