CVE-2026-1714 is a vulnerability classified under CWE-93 (Improper Neutralization of CRLF Sequences) affecting the ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin for WordPress. The vulnerability arises from insufficient validation of the 'send_to', 'product_title', 'wlmessage', and 'wlemail' parameters in the 'woolentor_suggest_price_action' AJAX endpoint. Specifically, the 'wlemail' parameter is vulnerable to CRLF injection, which allows an attacker to manipulate email headers by injecting carriage return and line feed characters. This manipulation enables the attacker to control the email's sender address, subject line, and message body. Because the endpoint is accessible without authentication and requires no user interaction, an unauthenticated attacker can exploit this flaw to use the compromised website as an open email relay. This can facilitate large-scale spam or phishing campaigns originating from legitimate domains, severely impacting the website's reputation and deliverability. The vulnerability affects all versions up to and including 3.3.2 of the plugin. The CVSS v3.1 score of 8.6 reflects the high impact on integrity and the ease of exploitation without any privileges or user interaction. Although no known exploits have been reported in the wild yet, the potential for abuse is considerable given the nature of the vulnerability and the widespread use of WooCommerce plugins in e-commerce sites.

For European organizations, this vulnerability poses significant risks, especially for those operating e-commerce websites using WordPress with the ShopLentor plugin. Exploitation can lead to the organization's domain being used to send spam or phishing emails, resulting in blacklisting by email providers and damage to brand reputation. This can disrupt legitimate email communications, reduce customer trust, and potentially lead to regulatory scrutiny under GDPR if customer data or communications are compromised indirectly. Additionally, the misuse of the website as an email relay can increase server load and bandwidth consumption, potentially affecting availability. The integrity of email communications is compromised, which can facilitate further phishing attacks targeting customers or partners. Organizations in sectors such as retail, finance, and services that rely heavily on WooCommerce for online sales are particularly vulnerable. The cross-border nature of email abuse means that the impact can extend beyond the immediate victim to affect partners and customers across Europe.

Immediate mitigation steps include updating the ShopLentor plugin to a patched version once released by the vendor. Until a patch is available, organizations should consider disabling the 'woolentor_suggest_price_action' AJAX endpoint or the entire ShopLentor plugin if feasible. Implementing strict input validation and sanitization on all email-related parameters, especially 'wlemail', to prevent CRLF injection is critical. Web application firewalls (WAFs) should be configured to detect and block suspicious requests containing CRLF sequences or unusual email header manipulations. Monitoring outgoing email traffic for unusual patterns or spikes can help detect exploitation attempts early. Organizations should also review email server configurations to prevent unauthorized relay and ensure SPF, DKIM, and DMARC records are correctly set to reduce the impact of spoofed emails. Regular security audits and plugin vulnerability assessments should be conducted to identify and remediate similar issues proactively. Finally, educating website administrators about the risks of outdated plugins and the importance of timely updates is essential.