CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47172 – WordPress WooLentor Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47172
05 Jul 2023 — Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions. The WooLentor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the process_data function. This makes it possible for unauthenticated attackers to change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Cross-Site Re... • https://patchstack.com/database/vulnerability/woolentor-addons/wordpress-shoplentor-plugin-2-6-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46798 – WordPress WooLentor Plugin <= 2.5.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46798
06 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.5.1 leading to plugin settings change. The ShopLentor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on the 'templates_ajax_request' function. This makes it possible for unauthenticated attackers to update post metadata such as titles and id numbers via a forged request granted they can trick a site administrator i... • https://patchstack.com/database/vulnerability/woolentor-addons/wordpress-woolentor-plugin-2-5-1-csrf-leading-to-plugin-settings-change-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24262 – WooLentor - WooCommerce Elementor Addons + Builder < 1.8.6 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2021-24262
13 Apr 2021 — The “WooLentor – WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. El Plugin de WordPress "WooLentor - WooCommerce Elementor Addons + Builder" versiones anteriores a 1.8.6, presenta un widget que es vulnerable a un ataque de tipo Cross-Site Scripting (XSS) almacenado por usuarios con menos privilegios, como los contribuyentes, todo por medio de un... • https://wpscan.com/vulnerability/d6d16357-2bc3-4053-8274-d0275026e56b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •