CVE-2026-1714
Email Relay Abuse in ShopLentor WooCommerce Plugin Allows Spam
Publication date: 2026-02-18
Last updated on: 2026-02-18
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| woolentor | woolentor | to 3.3.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-93 | The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1714 is a vulnerability in the ShopLentor β WooCommerce Builder for Elementor & Gutenberg plugin for WordPress, affecting all versions up to and including 3.3.2. The issue arises because the plugin's AJAX endpoint 'woolentor_suggest_price_action' does not properly validate certain parameters ('send_to', 'product_title', 'wlmessage', and 'wlemail').
This lack of validation allows unauthenticated attackers to send arbitrary emails through the website, controlling the recipient, subject line, message content, and sender address. The vulnerability includes CRLF injection in the 'wlemail' parameter, enabling attackers to manipulate email headers and effectively turn the website into an email relay for spam or phishing campaigns.
How can this vulnerability impact me? :
This vulnerability can have significant negative impacts by allowing attackers to misuse your website as an email relay. Specifically, attackers can send spam or phishing emails appearing to come from your domain, which can damage your reputation and lead to your domain or IP being blacklisted by email providers.
Because attackers can fully control the email subject, content, and sender address, this can facilitate sophisticated phishing campaigns targeting your customers or others, potentially leading to data theft, fraud, or malware distribution.
Additionally, the vulnerability has a high CVSS score (8.6) with an impact on integrity, indicating serious risk without requiring user interaction or privileges.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability involves unauthenticated attackers exploiting the 'woolentor_suggest_price_action' AJAX endpoint to send arbitrary emails by manipulating parameters such as 'send_to', 'product_title', 'wlmessage', and 'wlemail'. Detection can focus on monitoring HTTP requests to this AJAX endpoint for suspicious or unusual email-related parameters."}, {'type': 'paragraph', 'content': "Specifically, you can look for POST requests to the URL path containing 'woolentor_suggest_price_action' with parameters that include unusual or unexpected email addresses or message content."}, {'type': 'paragraph', 'content': 'Commands to detect such activity might include using web server logs or network monitoring tools to filter requests. For example, using grep on web server logs:'}, {'type': 'list_item', 'content': "grep 'woolentor_suggest_price_action' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "grep -i 'wlemail' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "grep -i 'wlmessage' /var/log/apache2/access.log"}, {'type': 'paragraph', 'content': 'Additionally, monitoring outgoing emails for unusual volumes or unexpected sender addresses may help detect abuse caused by this vulnerability.'}] [2, 4]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include updating the ShopLentor WooCommerce Builder plugin to version 3.3.3 or later, where security improvements have been implemented.'}, {'type': 'paragraph', 'content': 'The update addresses the vulnerability by adding nonce verification, server-side token validation, strict input sanitization, and controlled email sending mechanisms to prevent unauthorized email relay abuse.'}, {'type': 'paragraph', 'content': "If updating immediately is not possible, consider temporarily disabling or restricting access to the 'woolentor_suggest_price_action' AJAX endpoint to prevent exploitation."}, {'type': 'paragraph', 'content': 'Also, monitor your system for suspicious email activity and review logs for signs of exploitation.'}] [3, 4]