Server-Side Request Forgery in ShopLentor WooCommerce Builder Plugin
CVE-2025-3775

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Shoplentor – WooCommerce Builder For Elementor & Gutenberg +20 Modules – All In One Solution (formerly Woolentor)
Vendor: CVE Published:; 25 April 2025

What is CVE-2025-3775?

The ShopLentor – WooCommerce Builder for Elementor and Gutenberg plugin for WordPress is susceptible to a Server-Side Request Forgery flaw, allowing unauthenticated attackers to exploit the woolentor_template_proxy function. This vulnerability enables attackers to initiate web requests to arbitrary locations from the web application, leading to unauthorized access to internal services and potentially allowing query and modification of sensitive information. All versions up to and including 3.1.2 are affected.

Affected Version(s)

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) * <= 3.1.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/woolentor-addo...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2025
Vulnerability Reserved
Apr 17, 2025

Credit

Michael Mazzolini