Server-Side Request Forgery in ShopLentor WooCommerce Builder Plugin
CVE-2025-3775

6.5MEDIUM

Key Information:

Vendor

WordPress
Status
Shoplentor – WooCommerce Builder For Elementor & Gutenberg +20 Modules – All In One Solution (formerly Woolentor)
Vendor
CVE Published:
25 April 2025

What is CVE-2025-3775?

The ShopLentor – WooCommerce Builder for Elementor and Gutenberg plugin for WordPress is susceptible to a Server-Side Request Forgery flaw, allowing unauthenticated attackers to exploit the woolentor_template_proxy function. This vulnerability enables attackers to initiate web requests to arbitrary locations from the web application, leading to unauthorized access to internal services and potentially allowing query and modification of sensitive information. All versions up to and including 3.1.2 are affected.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) * <= 3.1.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/woolentor-addo...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Michael Mazzolini
JSON
.