CVE-2025-11823 is a stored Cross-Site Scripting (XSS) vulnerability identified in the ShopLentor – WooCommerce Builder for Elementor & Gutenberg plugin, formerly known as WooLentor. This WordPress plugin integrates WooCommerce with page builders Elementor and Gutenberg, providing enhanced e-commerce functionalities. The vulnerability exists in all versions up to and including 3.2.4, specifically in the handling of the 'button_exist_text' parameter within the 'wishsuite_button' shortcode. Due to insufficient input sanitization and output escaping, authenticated users with Contributor-level permissions or higher can inject arbitrary JavaScript code into pages. When other users access these pages, the injected scripts execute in their browsers, potentially leading to session hijacking, credential theft, defacement, or further exploitation such as pivoting within the network. The CVSS 3.1 base score is 6.4, reflecting medium severity, with an attack vector of network, low attack complexity, requiring privileges (Contributor or above), no user interaction, and scope changed due to impact on other users. No known exploits have been reported in the wild yet, but the vulnerability poses a significant risk to websites relying on this plugin for e-commerce functionality. The vulnerability stems from a common web security weakness classified as CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page), which is a basic form of stored XSS. This type of vulnerability is particularly dangerous in multi-user environments like WordPress sites where contributors can add content that is viewed by others. The plugin's widespread use in European e-commerce sites built on WooCommerce and Elementor/Gutenberg increases the potential impact. Mitigation currently relies on patching the plugin once available, restricting contributor permissions, and deploying security controls such as web application firewalls (WAFs) that can detect and block XSS payloads.

For European organizations, especially those operating e-commerce websites using WordPress with WooCommerce and the ShopLentor plugin, this vulnerability can lead to significant security risks. Successful exploitation allows attackers with contributor-level access to inject malicious scripts that execute in the browsers of site visitors and administrators, potentially resulting in session hijacking, theft of sensitive customer data, unauthorized actions on behalf of users, and website defacement. This can damage brand reputation, lead to regulatory non-compliance (e.g., GDPR breaches due to data exposure), and cause financial losses. Since WooCommerce is widely used across Europe, particularly in countries with strong e-commerce markets like Germany, the UK, France, and the Netherlands, the risk is amplified. Additionally, the vulnerability's exploitation could be a stepping stone for more advanced attacks within an organization's network. The medium CVSS score reflects a moderate but tangible threat that requires timely attention to prevent exploitation.

1. Monitor for and apply official patches or updates from the plugin vendor as soon as they are released to address CVE-2025-11823. 2. Temporarily restrict Contributor-level permissions to trusted users only, or review and limit the ability to use the 'wishsuite_button' shortcode until patched. 3. Implement strict input validation and output encoding on all user-generated content, especially parameters like 'button_exist_text', to prevent script injection. 4. Deploy a Web Application Firewall (WAF) with rules specifically targeting stored XSS patterns and known WordPress plugin vulnerabilities. 5. Conduct regular security audits and code reviews of custom shortcodes and plugins to identify similar weaknesses. 6. Educate content contributors about the risks of injecting untrusted content and enforce content submission policies. 7. Enable Content Security Policy (CSP) headers to restrict script execution sources, mitigating the impact of injected scripts. 8. Monitor logs and user activity for suspicious behavior indicative of exploitation attempts. 9. Consider isolating or sandboxing user-generated content areas to limit script execution scope. 10. Maintain regular backups and incident response plans to quickly recover from potential compromises.