CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40692 – WordPress Sunshine Photo Cart Plugin <= 2.9.13 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-40692
02 Dec 2022 — Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions. The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.13. This is due to missing or incorrect nonce validation on the sunshine_update_image_location_ajax function. This makes it possible for unauthenticated attackers to change image file paths, via forged request granted they can trick a site administrator into performing an ac... • https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-2-9-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45826 – WordPress Sunshine Photo Cart plugin <= 2.9.13 - Auth. Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2022-45826
02 Dec 2022 — Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 2.9.13. The Sunshine Photo Cart plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the sunshine_update_image_location_ajax function in versions up to, and including, 2.9.13. This makes it possible for authenticated attackers, with subscriber-level permissions and abo... • https://patchstack.com/database/wordpress/plugin/sunshine-photo-cart/vulnerability/wordpress-sunshine-photo-cart-plugin-2-9-13-auth-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4415 – Sunshine Photo Cart <= 2.8.28 - Cross-Site Request Forgery Bypass
https://notcve.org/view.php?id=CVE-2021-4415
21 Jun 2021 — The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.28 This is due to missing or incorrect nonce validation on the sunshine_products_quicksave_post() function. This makes it possible for unauthenticated attackers to save custom post data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El plugin Sunshine Photo Cart para WordPress es vulnerable a ataques de tipo Cro... • https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks • CWE-352: Cross-Site Request Forgery (CSRF) •