CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50463 – WordPress Sunshine Photo Cart plugin <= 3.2.9 - Open Redirection vulnerability
https://notcve.org/view.php?id=CVE-2024-50463
24 Oct 2024 — URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.2.9. The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.2.9. This is due to insufficient validation on a redirect url. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can success... • https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-2-9-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49697 – WordPress Sunshine Photo Cart plugin <= 3.2.9 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-49697
21 Oct 2024 — Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.9. The Sunshine Photo Cart plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_galleries() function in versions up to, and including, 3.2.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to search gal... • https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-2-9-broken-access-control-vulnerability-2?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47314 – WordPress Sunshine Photo Cart plugin <= 3.2.8 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-47314
25 Sep 2024 — Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.8. The Sunshine Photo Cart plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sunshine_addon_toggle() function in versions up to, and including, 3.2.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to toggle addons... • https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-2-8-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44038 – WordPress Sunshine Photo Cart plugin <= 3.2.9 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-44038
23 Sep 2024 — Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.9. The Sunshine Photo Cart plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to perform unauthorized actions. • https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-2-9-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43971 – WordPress Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin <= 3.2.5 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-43971
28 Aug 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Sunshine Sunshine Photo Cart allows Reflected XSS.This issue affects Sunshine Photo Cart: from n/a through 3.2.5. The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated... • https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-free-client-photo-galleries-for-photographers-plugin-3-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43136 – WordPress Sunshine Photo Cart plugin <= 3.2.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-43136
07 Aug 2024 — Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.1. The Sunshine Photo Cart plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sunshine_add_to_favorites() function in versions up to, and including, 3.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above... • https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-2-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30221 – WordPress Sunshine Photo Cart plugin <= 3.1.1 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-30221
26 Mar 2024 — Deserialization of Untrusted Data vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.1.1. Deserialización de vulnerabilidad de datos no confiables en WP Sunshine Sunshine Photo Cart. Este problema afecta a Sunshine Photo Cart: desde n/a hasta 3.1.1. The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untruste... • https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-1-1-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30194 – WordPress Sunshine Photo Cart plugin <= 3.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30194
25 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Sunshine Sunshine Photo Cart allows Reflected XSS.This issue affects Sunshine Photo Cart: from n/a through 3.1.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en WP Sunshine Sunshine Photo Cart permite XSS reflejado. Este problema afecta a Sunshine Photo Cart: desde n/a hasta 3.1.1. The Sunshine Photo Cart plugin for WordPress ... • https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45826 – WordPress Sunshine Photo Cart plugin <= 2.9.13 - Auth. Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2022-45826
02 Dec 2022 — Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 2.9.13. The Sunshine Photo Cart plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the sunshine_update_image_location_ajax function in versions up to, and including, 2.9.13. This makes it possible for authenticated attackers, with subscriber-level permissions and abo... • https://patchstack.com/database/wordpress/plugin/sunshine-photo-cart/vulnerability/wordpress-sunshine-photo-cart-plugin-2-9-13-auth-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •