Executive Summary

CVE-2026-1714 is a vulnerability in the ShopLentor – WooCommerce Builder for Elementor & Gutenberg plugin for WordPress, affecting all versions up to and including 3.3.2. The issue arises because the plugin's AJAX endpoint 'woolentor_suggest_price_action' does not properly validate certain parameters ('send_to', 'product_title', 'wlmessage', and 'wlemail').

This lack of validation allows unauthenticated attackers to send arbitrary emails through the website, controlling the recipient, subject line, message content, and sender address. The vulnerability includes CRLF injection in the 'wlemail' parameter, enabling attackers to manipulate email headers and effectively turn the website into an email relay for spam or phishing campaigns.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have significant negative impacts by allowing attackers to misuse your website as an email relay. Specifically, attackers can send spam or phishing emails appearing to come from your domain, which can damage your reputation and lead to your domain or IP being blacklisted by email providers.

Because attackers can fully control the email subject, content, and sender address, this can facilitate sophisticated phishing campaigns targeting your customers or others, potentially leading to data theft, fraud, or malware distribution.

Additionally, the vulnerability has a high CVSS score (8.6) with an impact on integrity, indicating serious risk without requiring user interaction or privileges.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability involves unauthenticated attackers exploiting the 'woolentor_suggest_price_action' AJAX endpoint to send arbitrary emails by manipulating parameters such as 'send_to', 'product_title', 'wlmessage', and 'wlemail'. Detection can focus on monitoring HTTP requests to this AJAX endpoint for suspicious or unusual email-related parameters."}, {'type': 'paragraph', 'content': "Specifically, you can look for POST requests to the URL path containing 'woolentor_suggest_price_action' with parameters that include unusual or unexpected email addresses or message content."}, {'type': 'paragraph', 'content': 'Commands to detect such activity might include using web server logs or network monitoring tools to filter requests. For example, using grep on web server logs:'}, {'type': 'list_item', 'content': "grep 'woolentor_suggest_price_action' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "grep -i 'wlemail' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "grep -i 'wlmessage' /var/log/apache2/access.log"}, {'type': 'paragraph', 'content': 'Additionally, monitoring outgoing emails for unusual volumes or unexpected sender addresses may help detect abuse caused by this vulnerability.'}] [2, 4]

Useful 0 Not Useful 0

Mitigation Strategies

[{'type': 'paragraph', 'content': 'Immediate mitigation steps include updating the ShopLentor WooCommerce Builder plugin to version 3.3.3 or later, where security improvements have been implemented.'}, {'type': 'paragraph', 'content': 'The update addresses the vulnerability by adding nonce verification, server-side token validation, strict input sanitization, and controlled email sending mechanisms to prevent unauthorized email relay abuse.'}, {'type': 'paragraph', 'content': "If updating immediately is not possible, consider temporarily disabling or restricting access to the 'woolentor_suggest_price_action' AJAX endpoint to prevent exploitation."}, {'type': 'paragraph', 'content': 'Also, monitor your system for suspicious email activity and review logs for signs of exploitation.'}] [3, 4]

Useful 0 Not Useful 0