cbcvebase.
CVE-2024-43971
published 2024-09-18

CVE-2024-43971: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sunshinephotocart Sunshine Photo Cart…

PriorityP279medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.59%
43.9th percentile
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.5.

Affected

2 ranges
VendorProductVersion rangeFixed in
sunshinephotocartsunshine_photo_cart< 3.2.63.2.6
sunshinephotocartsunshine_photo_cart<= 3.2.5

Detection & IOCsextracted from sources · hover to see the quote

url/wp-admin/admin.php?page=sunshine&section=%22%20onmouseover=alert(document.domain)%3Bthis.remove()%3B%20style=position:fixed%3Bleft:0%3Btop:0%3Bwidth:100vw%3Bheight:100vh%3B
path/wp-admin/admin.php?page=sunshine&section=
  • Exploit targets the `section` query parameter on /wp-admin/admin.php?page=sunshine, injecting an unquoted attribute payload with onmouseover XSS. Look for the unencoded payload reflected verbatim in the response body.
  • Attack requires prior authentication (subscriber or higher). Detection flow: first a POST to /wp-login.php succeeds (HTTP 302 + wordpress_logged_in cookie), then the XSS request is issued. Correlate both requests from the same source.
  • Vulnerable plugin path/product identifier for asset inventory and WAF rule scoping: wordpress plugin `sunshine-photo-cart` versions up to and including 3.2.5.
  • ·Exploitation requires the attacker to be authenticated (the Nuclei template logs in first and checks for a wordpress_logged_in cookie before issuing the XSS request). Unauthenticated exploitation is not demonstrated in available sources.
  • ·The vulnerability is classified as Reflected XSS (CWE-79), meaning the payload is not stored; a victim must be socially engineered into clicking a crafted URL while authenticated to the WordPress admin panel.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.