CVE-2025-1527 identifies a stored DOM-based Cross-Site Scripting vulnerability in the ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules plugin for WordPress, formerly known as WooLentor. The vulnerability resides in the Flash Sale Countdown module, which fails to properly sanitize and escape user-supplied input attributes before rendering them in web pages. This improper neutralization of input (CWE-79) allows authenticated users with contributor-level access or higher to inject arbitrary JavaScript code into pages. When other users visit these pages, the injected scripts execute in their browsers, potentially leading to session hijacking, privilege escalation, or unauthorized actions on behalf of the victim. The vulnerability affects all versions up to and including 3.1.0. Exploitation does not require user interaction but does require authenticated access with contributor or higher privileges, which limits the attack surface to some extent. The CVSS 3.1 base score of 6.4 reflects a medium severity, with network attack vector, low attack complexity, privileges required, no user interaction, and a scope change due to impact on other users. No public exploits or active exploitation have been reported yet. The vulnerability highlights the importance of rigorous input validation and output encoding in WordPress plugins, especially those handling dynamic content and user inputs. Organizations using this plugin in e-commerce environments should assess their exposure and remediate promptly to prevent potential compromise of customer data and site integrity.

The primary impact of CVE-2025-1527 is the potential for attackers with contributor-level access to inject malicious scripts that execute in the browsers of site visitors or administrators. This can lead to theft of session cookies, user credentials, or other sensitive information, enabling further compromise of user accounts or site administration. The integrity of the website content can be undermined by unauthorized script execution, potentially leading to defacement or fraudulent transactions in e-commerce contexts. Although availability is not directly affected, the loss of confidentiality and integrity can damage organizational reputation, result in regulatory penalties, and erode customer trust. Since the vulnerability requires authenticated access, the risk is higher in environments with many contributors or where account credentials are weak or compromised. The widespread use of WordPress and WooCommerce, especially in small to medium-sized businesses globally, increases the potential impact. Attackers could leverage this vulnerability to pivot to more severe attacks, including privilege escalation or persistent backdoors. The lack of known exploits in the wild suggests a window of opportunity for organizations to remediate before active exploitation occurs.

1. Upgrade the ShopLentor plugin to a version that addresses this vulnerability once released by the vendor. Monitor vendor announcements for patches. 2. Until a patch is available, restrict contributor-level and higher access to trusted users only, minimizing the risk of malicious input injection. 3. Implement Web Application Firewall (WAF) rules to detect and block suspicious script injection patterns targeting the Flash Sale Countdown module. 4. Conduct regular security audits and code reviews of customizations or third-party plugins to ensure proper input validation and output encoding. 5. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the browser. 6. Educate site administrators and contributors about the risks of XSS and the importance of secure content management practices. 7. Monitor site logs and user activity for unusual behavior that may indicate exploitation attempts. 8. Consider disabling or removing the Flash Sale Countdown module if it is not essential to reduce the attack surface. 9. Use security plugins that can detect and alert on suspicious changes or injections in WordPress environments. These targeted steps go beyond generic advice by focusing on access control, monitoring, and layered defenses specific to the affected module and plugin.