Description
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishsuite_button' shortcode in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes like 'button_class'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
INFO
Published Date :
2024-04-20T01:56:38.442Z
Last Modified :
2026-04-08T17:17:32.080Z
Source :
Wordfence
AFFECTED PRODUCTS
The following products are affected by CVE-2024-1057 vulnerability.
| Vendors | Products |
|---|---|
| Hasthemes |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2024-1057.