Shodan
Vulnerabilities
Vulnerable Software
Sunshinephotocart:  >> Sunshine Photo Cart  >> 2.2.3  Security Vulnerabilities
CVE-2025-5482
The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords through the password reset functionality, including administrators, and leverage that to reset the user's password and gain access to their account.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-06-04
CVE-2025-31084
Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart allows Object Injection. This issue affects Sunshine Photo Cart: from n/a through 3.4.10.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-04-01
CVE-2022-45826
Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 2.9.13.
CVSS Score
5.4
EPSS Score
0.0
Published
2024-12-13
CVE-2024-49697
Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.9.
CVSS Score
4.3
EPSS Score
0.0
Published
2024-11-19
CVE-2024-47314
Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.8.
CVSS Score
7.1
EPSS Score
0.004
Published
2024-11-01
CVE-2024-44038
Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.9.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-11-01
CVE-2024-43136
Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.1.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-11-01
CVE-2024-50463
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.2.9.
CVSS Score
4.7
EPSS Score
0.001
Published
2024-10-28
CVE-2024-43971
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Sunshine Sunshine Photo Cart allows Reflected XSS.This issue affects Sunshine Photo Cart: from n/a through 3.2.5.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-09-18
CVE-2024-30221
Deserialization of Untrusted Data vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.1.1.
CVSS Score
5.4
EPSS Score
0.004
Published
2024-03-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved