CVE-2025-12493

Name of the Vulnerable Software and Affected Versions ShopLentor versions prior to 3.2.6

Description The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is susceptible to Local File Inclusion in versions up to and including 3.2.5. This allows unauthenticated attackers to include and execute arbitrary .php files on the server through the load template function. Successful exploitation could lead to bypassing access controls, obtaining sensitive data, or achieving code execution if .php file uploads are permitted.

Recommendations Update ShopLentor to version 3.2.6 or later.