Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) 3.1.0

  • Severity: medium-risk
  • Status: Fixed
  • Publication: March 11, 2025

The ShopLentor plugin for WordPress, previously known as WooLentor, has a vulnerability that allows attackers to inject harmful web scripts into pages. This can happen through the plugin’s Flash Sale Countdown feature in all versions up to 3.1.0. This can be done by attackers with contributor-level access or higher, and can cause these scripts to run whenever a user visits the affected page.

Detected in:

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) fixed vulnerable versions:
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor) fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.