CVE-2026-1714

Name of the Vulnerable Software and Affected Versions ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress versions prior to 3.3.3

Description The ShopLentor plugin is susceptible to Email Relay Abuse due to insufficient validation of input parameters. Specifically, the send to, product title, wlmessage, and wlemail parameters within the woolentor suggest price action API endpoint are not properly validated. This allows unauthenticated attackers to leverage the website as an email relay for malicious purposes, such as spam or phishing campaigns. Attackers gain full control over the email subject line, message content, and sender address through CRLF injection within the wlemail parameter.

Recommendations Versions prior to 3.3.3 should be updated to version 3.3.3 or later.