Shoplentor
This hub aggregates every CVE we track for Shoplentor, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
21
CVEs tracked
2
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM18CRITICAL2HIGH1
Monthly trend
0
0
0
1
0
0
0
0
1
1
0
0
0
0
1
1
1
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Shoplentor.
- CVE-2025-12493ShopLentor <= 3.2.5 - Unauthenticated Local PHP File Inclusion via 'load_template'9.8
- CVE-2025-11823ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode6.4
- CVE-2025-58990WordPress ShopLentor Plugin <= 3.2.0 - Cross Site Scripting (XSS) Vulnerability6.5
- CVE-2025-3775ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.2 - Unauthenticated Server-Side Request Forgery via URL Parameter6.5
- CVE-2025-1527ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Flash Sale Countdown Module6.4
- CVE-2024-9538ShopLentor <= 2.9.8 - Authenticated (Contributor+) Sensitive Information Exposure via WL: FAQ Widget Elementor Template4.3
- CVE-2024-5530ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Product Horizontal Filter Widget6.4
- CVE-2024-34767WordPress ShopLentor plugin <= 2.8.7 - Cross Site Scripting (XSS) vulnerability6.5
- CVE-2024-4566ShopLentor <= 2.8.8 - Missing Authorization to WordPress Option Modification7.1
- CVE-2024-3345ShopLentor <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode6.4
- CVE-2023-6327ShopLentor (formerly WooLentor) <= 2.8.7 - Missing Authorization via purchased_new_products5.3
- CVE-2023-7067ShopLentor <= 2.8.1 - Improper Authorization via woolentor_template_store4.3
- CVE-2024-3991ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.7 - Authenticated (contributor+) Stored Cross-Site Scripting via _id6.4
- CVE-2024-1057ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4
- CVE-2024-2946ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.4 - Authenticated (Contributor+) Stored Cross-site Scripting via QR Code Widget6.4
Product normalization is registry-driven with AI assist and human review. How it works