CVE-2025-58990
📋 TL;DR
This stored cross-site scripting (XSS) vulnerability in the ShopLentor WordPress plugin allows attackers to inject malicious scripts into web pages that are then executed when other users view those pages. It affects all WordPress sites running ShopLentor (WooLentor Addons) versions up to 3.2.0. Attackers could steal session cookies, redirect users to malicious sites, or perform actions on behalf of authenticated users.
💻 Affected Systems
- ShopLentor (WooLentor Addons) WordPress Plugin
📦 What is this software?
Shoplentor by Hasthemes
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, take over the WordPress site, install backdoors, deface the website, or use the compromised site to attack visitors.
Likely Case
Attackers inject malicious JavaScript to steal user session cookies, redirect users to phishing sites, or perform unauthorized actions on behalf of logged-in users.
If Mitigated
With proper input validation and output encoding, malicious scripts would be neutralized before reaching users, preventing execution.
🎯 Exploit Status
Exploitation requires finding and targeting vulnerable input fields where malicious scripts can be stored and later executed. The vulnerability is stored/persistent, meaning injected scripts remain until removed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 3.2.1 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'ShopLentor' or 'WooLentor Addons'. 4. Click 'Update Now' if available. 5. Alternatively, download version 3.2.1+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Disable ShopLentor Plugin
WordPressTemporarily disable the vulnerable plugin until patching is possible
wp plugin deactivate woolentor-addons
Implement Content Security Policy
allAdd CSP headers to restrict script execution sources
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Or use WordPress CSP plugin
🧯 If You Can't Patch
- Disable the ShopLentor plugin immediately
- Implement web application firewall (WAF) rules to block XSS payloads
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > Installed Plugins for ShopLentor/WooLentor Addons versionCheck Version:
wp plugin get woolentor-addons --field=versionVerify Fix Applied:
Verify plugin version is 3.2.1 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests containing script tags or JavaScript code to ShopLentor endpoints
- Multiple failed XSS attempts in web server logs
Network Indicators:
- HTTP requests with suspicious script payloads in parameters
- Unexpected JavaScript execution from ShopLentor pages
SIEM Query:
source="web_server.log" AND ("woolentor" OR "shoplentor") AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")