CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1294 – Sunshine Photo Cart: Free Client Galleries for Photographers <= 3.0.24 - Unauthenticated Sensitive Information Exposure via Invoice
https://notcve.org/view.php?id=CVE-2024-1294
12 Feb 2024 — The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.24 via the 'invoice'. This makes it possible for unauthenticated attackers to extract sensitive data including customer email and physical addresses. El complemento Sunshine Photo Cart: Free Client Galleries for Photographers para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 3.0.2... • https://plugins.trac.wordpress.org/browser/sunshine-photo-cart/tags/3.0.24/includes/admin/sunshine-order.php#L894 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41796 – WordPress Sunshine Photo Cart Plugin < 3.0.0 is vulnerable to Insecure Direct Object References (IDOR)
https://notcve.org/view.php?id=CVE-2023-41796
05 Sep 2023 — Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0. Omisión de autorización a través de una vulnerabilidad de clave controlada por el usuario en WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers. Este problema afecta a Sunshine Photo Cart: Free Client Galleries for Photographers: desde n/a antes d... • https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-2-9-25-order-manipulation-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4301 – Sunshine Photo Cart < 2.9.15 - Reflected XSS
https://notcve.org/view.php?id=CVE-2022-4301
12 Dec 2022 — The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. El complemento Sunshine Photo Cart anterior de WordPress a la versión 2.9.15 no sanitiza ni escapa un parámetro antes de devolverlo a la página, lo que genera un cross-site scripting reflejado. The Sunshine Photo Cart plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'redirect_to' parameter in versions u... • https://wpscan.com/vulnerability/a8dca528-fb70-44f3-8149-21385039179d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40692 – WordPress Sunshine Photo Cart Plugin <= 2.9.13 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-40692
02 Dec 2022 — Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions. The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.13. This is due to missing or incorrect nonce validation on the sunshine_update_image_location_ajax function. This makes it possible for unauthenticated attackers to change image file paths, via forged request granted they can trick a site administrator into performing an ac... • https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-2-9-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4415 – Sunshine Photo Cart <= 2.8.28 - Cross-Site Request Forgery Bypass
https://notcve.org/view.php?id=CVE-2021-4415
21 Jun 2021 — The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.28 This is due to missing or incorrect nonce validation on the sunshine_products_quicksave_post() function. This makes it possible for unauthenticated attackers to save custom post data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El plugin Sunshine Photo Cart para WordPress es vulnerable a ataques de tipo Cro... • https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks • CWE-352: Cross-Site Request Forgery (CSRF) •