Vulnerabilities and security researches forsunshine-photo-cart sunshine-photo-cart

Direction: ascending

Jun 06, 2024

Sunshine Photo Cart: Free Client Galleries for Photographers # CVE-2021-4342

CVE, Research URL: -
Home page URL: Security reports for Sunshine Photo Cart: Free Client Galleries for Photographers
Application: Sunshine Photo Cart: Free Client Galleries for Photographers
Date: Jun 07, 2023
Research Description: Rejected reason: CVE split into individual CVE IDs for each software record.
Affected versions: Min -, max -.
Status: vulnerable

Sunshine Photo Cart: Free Client Galleries for Photographers # CVE-2022-4463

CVE, Research URL: -
Home page URL: Security reports for Sunshine Photo Cart: Free Client Galleries for Photographers
Application: Sunshine Photo Cart: Free Client Galleries for Photographers
Date: Apr 13, 2023
Research Description: Rejected reason: This candidate is unused by its CNA.
Affected versions: Min -, max -.
Status: vulnerable

Sunshine Photo Cart: Free Client Galleries for Photographers # CVE-2022-40692

CVE, Research URL: CVE-2022-40692
Home page URL: Security reports for Sunshine Photo Cart: Free Client Galleries for Photographers
Application: Sunshine Photo Cart: Free Client Galleries for Photographers
Date: Feb 03, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions.
Affected versions: Min -, max -.
Status: vulnerable

Sunshine Photo Cart: Free Client Galleries for Photographers # ac676046c1581afa4513a53255101425bd4a7404

CVE, Research URL: ac676046c1581afa4513a53255101425bd4a7404
Home page URL: Security reports for Sunshine Photo Cart: Free Client Galleries for Photographers
Application: Sunshine Photo Cart: Free Client Galleries for Photographers
Date: Jun 21, 2021
Research Description: Sunshine Photo Cart: Free Client Photo Galleries for Photographers [sunshine-photo-cart] < 2.9.14 WordPress Sunshine Photo Cart plugin <= 2.8.28 - Cross-Site Request Forgery (CSRF) vulnerability Cross-Site Request Forgery (CSRF) vulnerability discovered by Jerome Bruandet (NinTechNet) in WordPress Sunshine Photo Cart plugin (versions <= 2.8.28).
Affected versions: Min -, max -.
Status: vulnerable

Sunshine Photo Cart: Free Client Galleries for Photographers # CVE-2022-4301

CVE, Research URL: CVE-2022-4301
Home page URL: Security reports for Sunshine Photo Cart: Free Client Galleries for Photographers
Application: Sunshine Photo Cart: Free Client Galleries for Photographers
Date: Jan 10, 2023
Research Description: The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
Affected versions: Min -, max -.
Status: vulnerable

Sunshine Photo Cart: Free Client Galleries for Photographers # CVE-2024-1294

CVE, Research URL: CVE-2024-1294
Home page URL: Security reports for Sunshine Photo Cart: Free Client Galleries for Photographers
Application: Sunshine Photo Cart: Free Client Galleries for Photographers
Date: Feb 29, 2024
Research Description: The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.24 via the 'invoice'. This makes it possible for unauthenticated attackers to extract sensitive data including customer email and physical addresses.
Affected versions: Min -, max -.
Status: vulnerable

Sunshine Photo Cart: Free Client Galleries for Photographers # CVE-2021-4415

CVE, Research URL: CVE-2021-4415
Home page URL: Security reports for Sunshine Photo Cart: Free Client Galleries for Photographers
Application: Sunshine Photo Cart: Free Client Galleries for Photographers
Date: Jul 12, 2023
Research Description: The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.28 This is due to missing or incorrect nonce validation on the sunshine_products_quicksave_post() function. This makes it possible for unauthenticated attackers to save custom post data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Sunshine Photo Cart: Free Client Galleries for Photographers # CVE-2023-41796

CVE, Research URL: CVE-2023-41796
Home page URL: Security reports for Sunshine Photo Cart: Free Client Galleries for Photographers
Application: Sunshine Photo Cart: Free Client Galleries for Photographers
Date: Dec 20, 2023
Research Description: Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0.
Affected versions: Min -, max -.
Status: vulnerable

Sunshine Photo Cart: Free Client Galleries for Photographers # CVE-2024-30194

CVE, Research URL: CVE-2024-30194
Home page URL: Security reports for Sunshine Photo Cart: Free Client Galleries for Photographers
Application: Sunshine Photo Cart: Free Client Galleries for Photographers
Date: Mar 27, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Sunshine Sunshine Photo Cart allows Reflected XSS.This issue affects Sunshine Photo Cart: from n/a through 3.1.1.
Affected versions: Min -, max -.
Status: vulnerable

Sunshine Photo Cart: Free Client Galleries for Photographers # CVE-2024-30221

CVE, Research URL: CVE-2024-30221
Home page URL: Security reports for Sunshine Photo Cart: Free Client Galleries for Photographers
Application: Sunshine Photo Cart: Free Client Galleries for Photographers
Date: Mar 28, 2024
Research Description: Deserialization of Untrusted Data vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.1.1.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

Sunshine Photo Cart: Free Client Galleries for Photographers # CVE-2022-45826

CVE, Research URL: CVE-2022-45826
Home page URL: Security reports for Sunshine Photo Cart: Free Client Galleries for Photographers
Application: Sunshine Photo Cart: Free Client Galleries for Photographers
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 2.9.13.
Affected versions: Min -, max -.
Status: vulnerable

Aug 12, 2024

Sunshine Photo Cart: Free Client Galleries for Photographers # CVE-2024-43136

CVE, Research URL: CVE-2024-43136
Home page URL: Security reports for Sunshine Photo Cart: Free Client Galleries for Photographers
Application: Sunshine Photo Cart: Free Client Galleries for Photographers
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.1.
Affected versions: Min -, max -.
Status: vulnerable

Sep 01, 2024

Sunshine Photo Cart: Free Client Galleries for Photographers # CVE-2024-43971

CVE, Research URL: CVE-2024-43971
Home page URL: Security reports for Sunshine Photo Cart: Free Client Galleries for Photographers
Application: Sunshine Photo Cart: Free Client Galleries for Photographers
Date: Sep 18, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Sunshine Sunshine Photo Cart allows Reflected XSS.This issue affects Sunshine Photo Cart: from n/a through 3.2.5.
Affected versions: Min -, max -.
Status: vulnerable

Sep 28, 2024

Sunshine Photo Cart: Free Client Galleries for Photographers # CVE-2024-44038

CVE, Research URL: CVE-2024-44038
Home page URL: Security reports for Sunshine Photo Cart: Free Client Galleries for Photographers
Application: Sunshine Photo Cart: Free Client Galleries for Photographers
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.9.
Affected versions: Min -, max -.
Status: vulnerable

Sep 29, 2024

Sunshine Photo Cart: Free Client Galleries for Photographers # CVE-2024-47314

CVE, Research URL: CVE-2024-47314
Home page URL: Security reports for Sunshine Photo Cart: Free Client Galleries for Photographers
Application: Sunshine Photo Cart: Free Client Galleries for Photographers
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.8.
Affected versions: Min -, max -.
Status: vulnerable

Oct 25, 2024

Sunshine Photo Cart: Free Client Galleries for Photographers # CVE-2024-49697

CVE, Research URL: CVE-2024-49697
Home page URL: Security reports for Sunshine Photo Cart: Free Client Galleries for Photographers
Application: Sunshine Photo Cart: Free Client Galleries for Photographers
Date: Nov 19, 2024
Research Description: Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.9.
Affected versions: Min -, max -.
Status: vulnerable

Oct 27, 2024

Sunshine Photo Cart: Free Client Galleries for Photographers # CVE-2024-50463

CVE, Research URL: CVE-2024-50463
Home page URL: Security reports for Sunshine Photo Cart: Free Client Galleries for Photographers
Application: Sunshine Photo Cart: Free Client Galleries for Photographers
Date: Oct 28, 2024
Research Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.2.9.
Affected versions: Min -, max -.
Status: vulnerable

Apr 02, 2025

Sunshine Photo Cart: Free Client Galleries for Photographers # CVE-2025-31084

CVE, Research URL: CVE-2025-31084
Home page URL: Security reports for Sunshine Photo Cart: Free Client Galleries for Photographers
Application: Sunshine Photo Cart: Free Client Galleries for Photographers
Date: Apr 01, 2025
Research Description: Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart allows Object Injection. This issue affects Sunshine Photo Cart: from n/a through 3.4.10.
Affected versions: Min -, max -.
Status: vulnerable

Jun 13, 2025

Sunshine Photo Cart: Free Client Galleries for Photographers # CVE-2025-5482

CVE, Research URL: CVE-2025-5482
Home page URL: Security reports for Sunshine Photo Cart: Free Client Galleries for Photographers
Application: Sunshine Photo Cart: Free Client Galleries for Photographers
Date: Jun 04, 2025
Research Description: The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords through the password reset functionality, including administrators, and leverage that to reset the user's password and gain access to their account.
Affected versions: Min -, max -.
Status: vulnerable