Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-07-11
CVE-2025-5482 - Sunshine Photo Cart Plugin
The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords through the password reset functionality, including administrators, and leverage that to reset the user's password and gain access to their account.
PLUGIN
Sunshine Photo Cart
CVE-2025-5482
Risk Score
Threat Entry
Updated 2025-02-28
CVE-2024-1294 - Sunshine Photo Cart Plugin
The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.24 via the 'invoice'. This makes it possible for unauthenticated attackers to extract sensitive data including customer email and physical addresses.
PLUGIN
Sunshine Photo Cart
CVE-2024-1294
Risk Score
Threat Entry
Updated 2026-04-08
CVE-2021-4415 - Sunshine Photo Cart Plugin
The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.28 This is due to missing or incorrect nonce validation on the sunshine_products_quicksave_post() function. This makes it possible for unauthenticated attackers to save custom post data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Sunshine Photo Cart
CVE-2021-4415
Risk Score