Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-6327

The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to view all products purchased in the past week, along with the users that purchased them.

Published

2024-05-14T14:33:18.653

Last Modified

2025-11-25T19:51:27.447

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hasthemes	shoplentor	< 2.8.8	Yes

References

https://plugins.trac.wordpress.org/browser/woolentor-addons/tags/2.7.4/includes/modules/sales-notification/class.sale_notification.php Product ([email protected])
https://plugins.trac.wordpress.org/changeset/3080097/woolentor-addons/trunk/includes/modules/sales-notification/class.sale_notification.php?contextall=1&old=3061864&old_path=%2Fwoolentor-addons%2Ftrunk%2Fincludes%2Fmodules%2Fsales-notification%2Fclass.sale_notification.php Patch ([email protected])
https://www.wordfence.com/threat-intel/vulnerabilities/id/263324cb-31b7-40ad-ad7d-4582e128cd75?source=cve Third Party Advisory ([email protected])
https://plugins.trac.wordpress.org/browser/woolentor-addons/tags/2.7.4/includes/modules/sales-notification/class.sale_notification.php Product (af854a3a-2127-422b-91ae-364da2661108)
https://plugins.trac.wordpress.org/changeset/3080097/woolentor-addons/trunk/includes/modules/sales-notification/class.sale_notification.php?contextall=1&old=3061864&old_path=%2Fwoolentor-addons%2Ftrunk%2Fincludes%2Fmodules%2Fsales-notification%2Fclass.sale_notification.php Patch (af854a3a-2127-422b-91ae-364da2661108)
https://www.wordfence.com/threat-intel/vulnerabilities/id/263324cb-31b7-40ad-ad7d-4582e128cd75?source=cve Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)