CVE-2024-9538
📋 TL;DR
The ShopLentor (WooLentor) WordPress plugin has an information disclosure vulnerability that allows authenticated attackers with Contributor-level access or higher to view private, pending, and draft Elementor template data. This affects all WordPress sites using ShopLentor versions up to 2.9.8. The vulnerability exposes sensitive content that should remain confidential.
💻 Affected Systems
- ShopLentor (WooLentor) WordPress Plugin
📦 What is this software?
Shoplentor by Hasthemes
⚠️ Risk & Real-World Impact
Worst Case
Attackers could extract proprietary business templates, unpublished content, or sensitive design elements, potentially enabling intellectual property theft or competitive intelligence gathering.
Likely Case
Malicious contributors or compromised accounts could view unpublished content and templates, potentially leaking sensitive business information or upcoming marketing campaigns.
If Mitigated
With proper access controls and monitoring, impact is limited to unauthorized viewing of draft content without modification or deletion capabilities.
🎯 Exploit Status
Exploitation requires authenticated access. The vulnerability is in the 'render' function in includes/addons/wl_faq.php.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.9.9 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3164057/woolentor-addons
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'ShopLentor' or 'WooLentor'. 4. Click 'Update Now' if available. 5. Alternatively, download version 2.9.9+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the ShopLentor plugin until patched
wp plugin deactivate woolentor-addons
Restrict Contributor Access
allTemporarily elevate Contributor roles or restrict access to sensitive users only
🧯 If You Can't Patch
- Temporarily deactivate the ShopLentor plugin if business operations allow
- Implement strict access controls and monitor user activity for suspicious template viewing
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for ShopLentor/WooLentor version 2.9.8 or lowerCheck Version:
wp plugin get woolentor-addons --field=versionVerify Fix Applied:
Verify plugin version is 2.9.9 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to Elementor template endpoints
- Multiple requests to wl_faq.php render function from Contributor accounts
Network Indicators:
- HTTP requests to /wp-content/plugins/woolentor-addons/includes/addons/wl_faq.php with render parameter
SIEM Query:
source="wordpress.log" AND "wl_faq.php" AND "render" AND (user_role="contributor" OR user_role="author" OR user_role="editor")