WordPress Plugin Vulnerabilities

ShopLentor < 2.8.2 - Contributor+ Stored Cross-Site Scripting via Banner Link

Description

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link due to insufficient input sanitization and output escaping on user supplied attributes.

Affects Plugins

Plugin icon
woolentor-addons
Fixed in 2.8.2

References

CVE
CVE-2024-1960
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/32b70801-d80f-40dc-8321-e12ac0b8c695

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.4 (medium)

Miscellaneous

Original Researcher
Webbernaut
Verified
No
WPVDB ID
5692f949-391a-4451-b479-8346e8458581

Timeline

Publicly Published
2024-03-14 (about 2 years ago)
Added
2024-03-18 (about 2 years ago)
Last Updated
2024-03-18 (about 2 years ago)

Other

Published
Title
Published
2025-03-24
Title
My Default Post Content <= 0.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2023-10-12
Title
WP Lightbox 2 < 3.0.6.6 - Admin+ Stored XSS
Published
2026-03-03
Title
Thecs <= 1.4.7 - Reflected Cross-Site Scripting
Published
2021-09-09
Title
On Page SEO + Whatsapp Chat Button < 1.0.2 - Reflected Cross-Site Scripting
Published
2023-01-12
Title
WP VR < 8.2.7 - Contributor+ Stored XSS