CVE-2024-9538

Name of the Vulnerable Software and Affected Versions ShopLentor plugin for WordPress versions prior to 2.9.9

Description The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft Elementor template data. This is possible due to the render function in includes/addons/wl faq.php.

Recommendations For versions prior to 2.9.9, update to version 2.9.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the render function in includes/addons/wl faq.php to minimize the risk of exploitation.