CVE-2023-0232
CVE-2023-0232 is a critical-severity vulnerability in Hasthemes Shoplentor with a CVSS 3.x base score of 9.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Critical (CVSS 3.x base score 9.8)
- EPSS exploit prediction: 3% (87th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Hasthemes Shoplentor
- Published:
- Last modified:
Description
The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection.
Frequently asked questions
- What is CVE-2023-0232?
- The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection.
- How severe is CVE-2023-0232?
- CVE-2023-0232 has a CVSS 3.x base score of 9.8, rated critical severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2023-0232 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 3% (87th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2023-0232?
- CVE-2023-0232 affects Hasthemes Shoplentor. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2023-0232?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- When was CVE-2023-0232 published?
- CVE-2023-0232 was published on 2023-02-21 and last updated on 2026-06-17.
References
- https://plugins.trac.wordpress.org/changeset/2852711/woolentor-addons/trunk/includes/helper-function.php
- https://wpscan.com/vulnerability/1885a708-0e8a-4f4c-8e26-069bebe9a518
Affected products (1)
- cpe:2.3:a:hasthemes:shoplentor:*:*:*:*:*:wordpress:*:*
More vulnerabilities in Hasthemes Shoplentor
- CVE-2025-12493 — Critical (CVSS 9.8): The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly…
- CVE-2024-4566 — High (CVSS 7.1): The ShopLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
- CVE-2025-58990 — Medium (CVSS 6.5): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevItems…
- CVE-2025-3775 — Medium (CVSS 6.5): The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly…
- CVE-2024-34767 — Medium (CVSS 6.5): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes…
- CVE-2025-11823 — Medium (CVSS 6.4): The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for…