Sunshine Photo Cart
Moderate fix1 remedy
cpe:2.3:a:sunshinephotocart:sunshine_photo_cart:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 3.4.11
Sunshine Photo Cart Privilege Escalation Vulnerability Allowing Unauthorized Password Resets
Vulnerability
Patched
A privilege escalation vulnerability has been identified in the Sunshine Photo Cart WordPress plugin, specifically in versions through 3.4.11. This vulnerability allows authenticated users with Subscriber-level access and above to exploit improper validation of user-supplied keys. By doing so, they can manipulate the password reset functionality to change passwords of any user, including administrators. This unauthorized password change enables attackers to gain access to the targeted accounts.
Impact
Exploitation of this vulnerability allows for unauthorized password changes, leading to account takeovers.
Reproduction
To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the password reset endpoint, including a user-supplied key. The lack of proper validation on the key allows the attacker to reset passwords of other users, including those with administrative privileges.
Remediation
Users are advised to update the Sunshine Photo Cart plugin to version 3.4.12 or later.
Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
5.0exploitability
6.4remediation
7.7relevance
0.2threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.