cbcvebase.

Sunshinephotocart Sunshine Photo Cart vulnerabilities

21 known vulnerabilities affecting sunshinephotocart/sunshine_photo_cart.

Total CVEs
21
CISA KEV
0
Public exploits
3
Exploited in wild
3
Severity breakdown
CRITICAL3HIGH4MEDIUM14

Vulnerabilities

Page 1 of 2
CVE-2024-30194P2MEDIUMCVSS 6.1ExploitedPoCfixed in 3.1.2≤ 3.1.12024-03-27
CVE-2024-30194 [MEDIUM] CWE-79 CVE-2024-30194: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through <= 3.1.1.
nvd
CVE-2024-43971P2MEDIUMCVSS 6.1ExploitedPoCfixed in 3.2.6≤ 3.2.52024-09-18
CVE-2024-43971 [MEDIUM] CWE-79 CVE-2024-43971: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.5.
nvd
CVE-2024-30221P2CRITICALCVSS 9.8Exploitedfixed in 3.1.2≤ 3.1.12024-03-28
CVE-2024-30221 [CRITICAL] CWE-502 CVE-2024-30221: Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-ph Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through <= 3.1.1.
nvd
CVE-2025-5482P2HIGHCVSS 8.8fixed in 3.4.122025-06-04
CVE-2025-5482 [HIGH] CWE-620 CVE-2025-5482: The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulne The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and ab
nvd
CVE-2025-31084P3CRITICALCVSS 9.8fixed in 3.4.11≤ 3.4.102025-04-01
CVE-2025-31084 [CRITICAL] CWE-502 CVE-2025-31084: Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-ph Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Object Injection.This issue affects Sunshine Photo Cart: from n/a through <= 3.4.10.
nvd
CVE-2022-4301P3MEDIUMCVSS 6.1PoCfixed in 2.9.152023-01-09
CVE-2022-4301 [MEDIUM] CWE-79 CVE-2022-4301: The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter befo The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
nvd
CVE-2024-44038P3CRITICALCVSS 9.8fixed in 3.2.10≤ 3.2.92024-11-01
CVE-2024-44038 [CRITICAL] CWE-862 CVE-2024-44038: Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart all Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.9.
nvd
CVE-2024-47314P3HIGHCVSS 8.8fixed in 3.2.9≤ 3.2.82024-11-01
CVE-2024-47314 [HIGH] CWE-862 CVE-2024-47314: Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart all Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.8.
nvd
CVE-2024-43136P3HIGHCVSS 8.8fixed in 3.2.2≤ 3.2.12024-11-01
CVE-2024-43136 [HIGH] CWE-862 CVE-2024-43136: Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.Thi Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.1.
nvd
CVE-2023-41796P4MEDIUMCVSS 6.5fixed in 3.02023-12-20
CVE-2023-41796 [MEDIUM] CWE-639 CVE-2023-41796: Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: F Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0.
nvd
CVE-2025-67973P4MEDIUMCVSS 6.5≤ 3.5.6.22026-02-20
CVE-2025-67973 [MEDIUM] CWE-862 CVE-2025-67973: Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart all Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.6.2.
nvd
CVE-2022-40692P4HIGHCVSS 8.8fixed in 2.9.142023-02-02
CVE-2022-40692 [HIGH] CWE-352 CVE-2022-40692: Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions.
nvd
CVE-2024-1294P4MEDIUMCVSS 5.3fixed in 3.12024-02-29
CVE-2024-1294 [MEDIUM] CWE-284 CVE-2024-1294: The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress is vulnerable The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.24 via the 'invoice'. This makes it possible for unauthenticated attackers to extract sensitive data including customer email and physical addresses.
nvd
CVE-2025-62892P4MEDIUMCVSS 5.3≤ 3.5.32025-10-27
CVE-2025-62892 [MEDIUM] CWE-862 CVE-2025-62892: Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart all Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.3.
nvd
CVE-2026-24994P4MEDIUMCVSS 5.3≤ 3.5.7.22026-02-03
CVE-2026-24994 [MEDIUM] CWE-862 CVE-2026-24994: Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart all Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.7.2.
nvd
CVE-2026-39564P4MEDIUMCVSS 5.3≤ 3.6.22026-04-08
CVE-2026-39564 [MEDIUM] CWE-201 CVE-2026-39564: Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Retrieve Embedded Sensitive Data.This issue affects Sunshine Photo Cart: from n/a through < 3.6.2.
nvd
CVE-2022-45826P4MEDIUMCVSS 5.4fixed in 2.9.142024-12-13
CVE-2022-45826 [MEDIUM] CWE-862 CVE-2022-45826: Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 2.9.13.
nvd
CVE-2024-50463P4MEDIUMCVSS 6.1fixed in 3.2.11≤ 3.2.92024-10-28
CVE-2024-50463 [MEDIUM] CWE-601 CVE-2024-50463: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in sunshinephotocart Sunshine Phot URL Redirection to Untrusted Site ('Open Redirect') vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.9.
nvd
CVE-2025-68535P4MEDIUMCVSS 4.3≤ 3.5.7.12025-12-24
CVE-2025-68535 [MEDIUM] CWE-862 CVE-2025-68535: Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart all Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.7.1.
nvd
CVE-2024-49697P4MEDIUMCVSS 4.3fixed in 3.2.10≤ 3.2.92024-11-19
CVE-2024-49697 [MEDIUM] CWE-862 CVE-2024-49697: Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart all Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.9.
nvd
Sunshinephotocart Sunshine Photo Cart vulnerabilities | cvebase