ShopLentor
Moderate fix1 remedy
cpe:2.3:a:hasthemes:shoplentor:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 3.2.5
ShopLentor WooCommerce Builder Unauthenticated Local File Inclusion Vulnerability
Vulnerability
Patched
A local file inclusion vulnerability has been identified in the ShopLentor WooCommerce Builder for Elementor & Gutenberg plugin, in all versions through 3.2.5. The issue arises in the 'load_template' function, allowing unauthenticated attackers to include and execute arbitrary PHP files on the server. This vulnerability could be exploited to bypass access controls, access sensitive data, or execute code in cases where PHP files can be uploaded and included.
Impact
Exploitation of this vulnerability could lead to unauthorized execution of PHP code on the server, with potential consequences including bypassing access controls, accessing sensitive information, or executing malicious code.
Reproduction
The vulnerability can be reproduced by sending a request to the 'load_template' function with a crafted payload that includes a reference to a PHP file on the server. This can be done by exploiting the local file inclusion flaw to execute arbitrary PHP code.
Remediation
Users are advised to update the ShopLentor WooCommerce Builder for Elementor & Gutenberg plugin to version 3.2.6 or a newer patched version.
Added: Nov 4, 2025, 12:19 PM
Updated: Nov 4, 2025, 3:54 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
10.0exploitability
9.3remediation
7.7relevance
0.9threat
4.8urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.