CVE-2024-3991
📋 TL;DR
This stored XSS vulnerability in the ShopLentor WordPress plugin allows authenticated attackers with contributor-level access or higher to inject malicious scripts into web pages. When users visit compromised pages, the scripts execute in their browsers, potentially stealing session cookies, redirecting users, or performing actions on their behalf. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules (formerly WooLentor)
📦 What is this software?
Shoplentor by Hasthemes
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, take over the WordPress site, deface pages, redirect users to malicious sites, or install backdoors for persistent access.
Likely Case
Attackers with contributor accounts inject malicious scripts that steal user session cookies, redirect visitors to phishing pages, or display unwanted advertisements.
If Mitigated
With proper input validation and output escaping, the vulnerability is eliminated, preventing script injection entirely.
🎯 Exploit Status
Exploitation requires contributor-level WordPress access. The vulnerability is straightforward to exploit once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.8.8
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3080097/woolentor-addons/trunk/includes/addons/wl_product_horizontal_filter.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find ShopLentor/WooLentor plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 2.8.8+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Remove Contributor Access
allTemporarily restrict contributor-level user creation and review existing contributor accounts for suspicious activity.
Disable Horizontal Product Filter
allDeactivate the vulnerable Horizontal Product Filter module if not essential for site functionality.
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to mitigate XSS impact
- Monitor and audit contributor-level user activities and plugin modifications
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for ShopLentor/WooLentor version. If version is 2.8.7 or lower, you are vulnerable.Check Version:
wp plugin list --name=*woolentor* --field=version (if WP-CLI installed)Verify Fix Applied:
After updating, verify plugin version shows 2.8.8 or higher in WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to wp-admin with _id parameter modifications
- Multiple page edits by contributor users in short time
Network Indicators:
- Unexpected script tags in Horizontal Product Filter pages
- External JavaScript loading from unfamiliar domains
SIEM Query:
source="wordpress.log" AND ("_id" AND "script" OR "onclick" OR "javascript:")🔗 References
- https://plugins.trac.wordpress.org/changeset/3080097/woolentor-addons/trunk/includes/addons/wl_product_horizontal_filter.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/563d44cd-5f5a-4914-8312-c554085b0821?source=cve
- https://plugins.trac.wordpress.org/changeset/3080097/woolentor-addons/trunk/includes/addons/wl_product_horizontal_filter.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/563d44cd-5f5a-4914-8312-c554085b0821?source=cve
