CVE-2025-3775 – ShopLentor WooCommerce Builder SSRF Vulnerability

April 25, 2025

CVE ID : CVE-2025-3775

Published : April 25, 2025, 5:15 a.m. | 2 hours, 15 minutes ago

Description : The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.2 via the woolentor_template_proxy function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application, and can be used to query and modify information from internal services.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46599 – K3s Kubernetes Kubelet ReadWritePort Remote Authentication Bypass

Next Article CVE-2025-3752 – Able Player WordPress Stored Cross-Site Scripting Vulnerability

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

Minecraft Vibrant Visuals finally has a release date and it’s dropping with the Happy Ghasts

QAQ-QQ-AI-QUEST

QAQ-QQ-AI-QUEST

JS Dark Arts: Abusing prototypes and the Result type

Helpful Git Aliases To Maximize Developer Productivity

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

CVE-2025-3775 – ShopLentor WooCommerce Builder SSRF Vulnerability

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

Paragon Spyware used to Spy on European Journalists

CVE-2025-3611 – Mattermost System Manager Access Control Enforcement Vulnerability

CVE-2025-4973 – Workreap WordPress Theme Authentication Bypass Vulnerability

CVE-2025-47905 – Varnish Cache HTTP/1 Chunk Boundary CRLF Injection

FoalTS framework – version 5 is released

Microsoft says AI agents will make every employee an “agent boss” — after Bill Gates claimed AI will replace humans in most jobs

Windows 11 is getting AI Actions in File Explorer — here’s how to try them right now

Google boss says AI isn’t a winner-takes-all competition: “I think all of us are going to do well in this scenario”

Assassin’s Creed Shadows is the best-selling game of March 2025 in the US

CVE-2025-3775 – ShopLentor WooCommerce Builder SSRF Vulnerability

Related Posts