Browse all 3 CVE security advisories affecting WP Sunshine. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WP Sunshine is a WordPress plugin designed for managing business listings and directories. Historically, it has been vulnerable to multiple security issues including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities. These flaws often stem from insufficient input validation and improper access controls. The plugin has accumulated three CVEs, with some versions allowing unauthenticated attackers to execute arbitrary code or manipulate database queries. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities suggests potential risks for sites running outdated versions. Regular updates and careful implementation are recommended due to the plugin's history of security shortcomings.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-45826 | WordPress Sunshine Photo Cart plugin <= 2.9.13 - Auth. Broken Access Control vulnerability — Sunshine Photo CartCWE-862 | 5.4 | Medium | 2024-12-13 |
| CVE-2023-41796 | WordPress Sunshine Photo Cart Plugin < 3.0.0 is vulnerable to Insecure Direct Object References (IDOR) — Sunshine Photo Cart: Free Client Galleries for PhotographersCWE-639 | 5.3 | Medium | 2023-12-20 |
| CVE-2022-40692 | WordPress Sunshine Photo Cart Plugin <= 2.9.13 is vulnerable to Cross Site Request Forgery (CSRF) — Sunshine Photo CartCWE-352 | 5.4 | Medium | 2023-02-02 |
This page lists every published CVE security advisory associated with WP Sunshine. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.