Shoplentor

3 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-12493 CRITICAL This Week

The ShopLentor - WooCommerce Builder for Elementor & Gutenberg +21 Modules - All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure RCE Path Traversal PHP +1
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-3775 MEDIUM This Month

The ShopLentor - WooCommerce Builder for Elementor & Gutenberg +20 Modules - All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF Shoplentor PHP
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-1527 MEDIUM PATCH This Month

The ShopLentor - WooCommerce Builder for Elementor & Gutenberg +20 Modules - All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to a Stored DOM-Based Cross-Site Scripting via. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Shoplentor PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-12493
EPSS 0% CVSS 9.8
CRITICAL This Week

The ShopLentor - WooCommerce Builder for Elementor & Gutenberg +21 Modules - All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure RCE +3
NVD
CVE-2025-3775
EPSS 1% CVSS 6.5
MEDIUM This Month

The ShopLentor - WooCommerce Builder for Elementor & Gutenberg +20 Modules - All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF Shoplentor +1
NVD
CVE-2025-1527
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The ShopLentor - WooCommerce Builder for Elementor & Gutenberg +20 Modules - All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to a Stored DOM-Based Cross-Site Scripting via. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Shoplentor +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy