Sunshinephotocart Sunshine Photo Cart
By the Year
In 2024 there have been 0 vulnerabilities in Sunshinephotocart Sunshine Photo Cart . Last year Sunshine Photo Cart had 5 security vulnerabilities published. Right now, Sunshine Photo Cart is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 5 | 6.43 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Sunshine Photo Cart vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Sunshinephotocart Sunshine Photo Cart Security Vulnerabilities
Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers:
CVE-2023-41796
6.5 - Medium
- December 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0.
Insecure Direct Object Reference / IDOR
The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to
CVE-2021-4415
4.3 - Medium
- July 12, 2023
The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.28 This is due to missing or incorrect nonce validation on the sunshine_products_quicksave_post() function. This makes it possible for unauthenticated attackers to save custom post data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Session Riding
** REJECT ** CVE split into individual CVE IDs for each software record.
CVE-2021-4342
- June 07, 2023
** REJECT ** CVE split into individual CVE IDs for each software record.
Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions.
CVE-2022-40692
8.8 - High
- February 02, 2023
Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions.
Session Riding
The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter before outputting it back in the page
CVE-2022-4301
6.1 - Medium
- January 09, 2023
The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Sunshinephotocart Sunshine Photo Cart or by Sunshinephotocart? Click the Watch button to subscribe.
