CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50463 – WordPress Sunshine Photo Cart plugin <= 3.2.9 - Open Redirection vulnerability
https://notcve.org/view.php?id=CVE-2024-50463
24 Oct 2024 — URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.2.9. The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.2.9. This is due to insufficient validation on a redirect url. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can success... • https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-2-9-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49697 – WordPress Sunshine Photo Cart plugin <= 3.2.9 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-49697
21 Oct 2024 — Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.9. The Sunshine Photo Cart plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_galleries() function in versions up to, and including, 3.2.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to search gal... • https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-2-9-broken-access-control-vulnerability-2?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47314 – WordPress Sunshine Photo Cart plugin <= 3.2.8 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-47314
25 Sep 2024 — Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.8. The Sunshine Photo Cart plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sunshine_addon_toggle() function in versions up to, and including, 3.2.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to toggle addons... • https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-2-8-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44038 – WordPress Sunshine Photo Cart plugin <= 3.2.9 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-44038
23 Sep 2024 — Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.9. The Sunshine Photo Cart plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to perform unauthorized actions. • https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-2-9-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43971 – WordPress Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin <= 3.2.5 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-43971
28 Aug 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Sunshine Sunshine Photo Cart allows Reflected XSS.This issue affects Sunshine Photo Cart: from n/a through 3.2.5. The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated... • https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-free-client-photo-galleries-for-photographers-plugin-3-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43136 – WordPress Sunshine Photo Cart plugin <= 3.2.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-43136
07 Aug 2024 — Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.1. The Sunshine Photo Cart plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sunshine_add_to_favorites() function in versions up to, and including, 3.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above... • https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-2-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30221 – WordPress Sunshine Photo Cart plugin <= 3.1.1 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-30221
26 Mar 2024 — Deserialization of Untrusted Data vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.1.1. Deserialización de vulnerabilidad de datos no confiables en WP Sunshine Sunshine Photo Cart. Este problema afecta a Sunshine Photo Cart: desde n/a hasta 3.1.1. The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untruste... • https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-1-1-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30194 – WordPress Sunshine Photo Cart plugin <= 3.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30194
25 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Sunshine Sunshine Photo Cart allows Reflected XSS.This issue affects Sunshine Photo Cart: from n/a through 3.1.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en WP Sunshine Sunshine Photo Cart permite XSS reflejado. Este problema afecta a Sunshine Photo Cart: desde n/a hasta 3.1.1. The Sunshine Photo Cart plugin for WordPress ... • https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41796 – WordPress Sunshine Photo Cart Plugin < 3.0.0 is vulnerable to Insecure Direct Object References (IDOR)
https://notcve.org/view.php?id=CVE-2023-41796
05 Sep 2023 — Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0. Omisión de autorización a través de una vulnerabilidad de clave controlada por el usuario en WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers. Este problema afecta a Sunshine Photo Cart: Free Client Galleries for Photographers: desde n/a antes d... • https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-2-9-25-order-manipulation-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4301 – Sunshine Photo Cart < 2.9.15 - Reflected XSS
https://notcve.org/view.php?id=CVE-2022-4301
12 Dec 2022 — The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. El complemento Sunshine Photo Cart anterior de WordPress a la versión 2.9.15 no sanitiza ni escapa un parámetro antes de devolverlo a la página, lo que genera un cross-site scripting reflejado. The Sunshine Photo Cart plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'redirect_to' parameter in versions u... • https://wpscan.com/vulnerability/a8dca528-fb70-44f3-8149-21385039179d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •