CVE-2025-11823 is a stored cross-site scripting vulnerability identified in the ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules plugin for WordPress, formerly known as WooLentor. The vulnerability exists due to improper neutralization of script-related HTML tags (CWE-80) in the 'button_exist_text' parameter within the 'wishsuite_button' shortcode. This flaw allows authenticated users with Contributor-level privileges or higher to inject arbitrary JavaScript code that is stored persistently and executed in the context of any user visiting the affected page. The root cause is insufficient input sanitization and lack of proper output escaping, which fails to prevent malicious script injection. The vulnerability affects all versions up to and including 3.2.4. The CVSS v3.1 score is 6.4, reflecting medium severity, with an attack vector of network, low attack complexity, requiring privileges (Contributor or above), no user interaction, and a scope change. The impact includes potential confidentiality and integrity breaches, such as session hijacking, unauthorized actions on behalf of users, or defacement. No public exploit code or active exploitation has been reported yet. The vulnerability is significant because Contributor-level users are common in WordPress environments, and the plugin is widely used in WooCommerce-based e-commerce sites. The lack of a patch link indicates that a fix may not yet be publicly available, emphasizing the need for immediate mitigation steps.

For European organizations, particularly those operating e-commerce platforms using WordPress with the ShopLentor plugin, this vulnerability poses a risk of unauthorized script execution leading to data theft, session hijacking, and potential defacement. Confidential customer data and transaction integrity could be compromised, undermining trust and regulatory compliance such as GDPR. The requirement for Contributor-level access lowers the barrier for exploitation compared to vulnerabilities needing administrator privileges, increasing the attack surface. The scope change in the CVSS vector indicates that the vulnerability can affect resources beyond the initially compromised component, potentially impacting multiple users and site functionalities. Given the widespread use of WooCommerce in Europe, especially in countries with large e-commerce markets like Germany, the UK, France, Italy, and Spain, the threat could have broad implications. Although no known exploits are currently active, the vulnerability's presence in a critical e-commerce plugin makes it a likely target for attackers once exploit code becomes available.

1. Monitor official channels from devitemsllc for a security patch and apply updates immediately upon release. 2. Until a patch is available, restrict Contributor-level access strictly to trusted users and review user roles to minimize unnecessary privileges. 3. Implement Web Application Firewall (WAF) rules to detect and block suspicious input patterns targeting the 'button_exist_text' parameter and the 'wishsuite_button' shortcode. 4. Conduct a thorough audit of existing content using the shortcode to identify and remove any injected malicious scripts. 5. Employ additional input validation and output encoding at the application or server level to neutralize script tags and attributes. 6. Educate site administrators and content contributors about the risks of XSS and safe content practices. 7. Regularly back up website data to enable recovery in case of compromise. 8. Use security plugins that provide real-time monitoring and alerting for suspicious activities related to shortcode usage. 9. Consider isolating or sandboxing user-generated content areas to limit script execution impact. 10. Review and tighten Content Security Policy (CSP) headers to restrict script sources and mitigate XSS impact.