cleantalk
Vulnerabilities and Security Researches

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor), CVE-2021-24262

CVE, Research URL

CVE-2021-24262

Home page URL

Security reports for ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)

Application

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)

Published on
May 06, 2021
Research Description
The “WooLentor – WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
Affected versions
Min -, max 1.8.6.
Status
vulnerable
Previous vulnerability researches
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2024-8668) , Sep 26, 2024
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2025-3775) , Apr 26, 2025
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2025-1527) , Mar 12, 2025
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2024-5530) , Jun 13, 2024
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2024-9538) , Oct 11, 2024
New vulnerability
Create custom forms for WordPress with a smart form plugin for smart businesses – Form builder for WordPress (CVE-2025-2801) , Apr 27, 2025
Integração entre Eduzz e Woocommerce (CVE-2025-3906) , Apr 27, 2025
Xelion Webchat (CVE-2025-3058) , Apr 27, 2025
Breeze Display (CVE-2025-3749) , Apr 27, 2025
Add Google +1 (Plus one) social share Button (CVE-2025-3866) , Apr 27, 2025