cleantalk
Vulnerabilities and Security Researches

Sunshine Photo Cart: Free Client Galleries for Photographers, CVE-2025-5482

CVE, Research URL

CVE-2025-5482

Home page URL

Security reports for Sunshine Photo Cart: Free Client Galleries for Photographers

Application

Sunshine Photo Cart: Free Client Galleries for Photographers

Published on
Jun 04, 2025
Research Description
The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords through the password reset functionality, including administrators, and leverage that to reset the user's password and gain access to their account.
Affected versions
Min -, max 3.4.12.
Status
vulnerable
Previous vulnerability researches
Featured Image Plus (CVE-2025-4431) , Jun 10, 2025
New vulnerability
Sunshine Photo Cart: Free Client Galleries for Photographers (CVE-2025-5482) , Jun 13, 2025
OpenSheetMusicDisplay (CVE-2025-5235) , Jun 13, 2025
Arconix Shortcodes (CVE-2025-47673) , Jun 12, 2025
Slim SEO – Fast & Automated WordPress SEO Plugin (CVE-2025-4611) , Jun 12, 2025
AutomatorWP – The #1 automator plugin for no-code automation in WordPress (CVE-2025-48280) , Jun 11, 2025