ShopLentor

DevItems

Developer

3.3.0

Latest version

100,000

Installations

No date

Last updated

WordPress Plugin

No VDP

Claim ownership

Report vulnerability

Vulnerabilities

Security Contributors

Vulnerability history

0 present

22 fixed

5 Mitigation rules

Unauthenticated Local PHP File Inclusion via 'load_template' vulnerability
<= 3.2.5
Nov 4, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
<= 3.2.4
Oct 25, 2025
Cross Site Scripting (XSS) Vulnerability
<= 3.2.0
Sep 9, 2025
Unauthenticated Server-Side Request Forgery via URL Parameter vulnerability
<= 3.1.2
Apr 24, 2025
Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Flash Sale Countdown Module vulnerability
<= 3.1.0
Mar 11, 2025
Authenticated (Contributor+) Sensitive Information Exposure via WL: FAQ Widget Elementor Template vulnerability
<= 2.9.8
Oct 11, 2024
Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability
<= 2.9.7
Sep 25, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via WL Product Horizontal Filter Widget vulnerability
<= 2.9.0
Jun 11, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode vulnerability
<= 2.8.8
May 21, 2024
Missing Authorization to WordPress Option Modification vulnerability
<= 2.8.8
May 21, 2024
Cross Site Scripting (XSS) vulnerability
<= 2.8.7
May 17, 2024
Missing Authorization via purchased_new_products vulnerability
<= 2.8.7
May 3, 2024
Authenticated (contributor+) Stored Cross-Site Scripting via _id vulnerability
<= 2.8.7
May 3, 2024
Improper Authorization via woolentor_template_store vulnerability
<= 2.8.1
Apr 19, 2024
Authenticated (Contributor+) Stored Cross-site Scripting via QR Code Widget vulnerability
<= 2.8.4
Apr 5, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via WL Universal Product Layout vulnerability
<= 2.8.3
Apr 4, 2024
Authenticated(Contributor+) Stored Cross-Site Scripting via Banner Link vulnerability
<= 2.8.1
Mar 14, 2024
Cross Site Request Forgery (CSRF) vulnerability
<= 2.6.2
Jul 5, 2023
CSRF Leading to Plugin Settings Change Vulnerability
<= 2.5.1
Feb 6, 2023
Contributor+ Stored XSS Vulnerability
< 2.5.4
Jan 30, 2023
PHP Object Injection Vulnerability
< 2.5.4
Jan 30, 2023
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
<= 1.8.5
Apr 13, 2021