5.3

CVE-2024-1294

Sunshine Photo Cart: Free Client Galleries for Photographers <= 3.0.24 - Unauthenticated Sensitive Information Exposure via Invoice

Sunshine Photo Cart: Free Client Galleries for Photographers <= 3.0.24 - Unauthenticated Sensitive Information Exposure via Invoice

The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.24 via the 'invoice'. This makes it possible for unauthenticated attackers to extract sensitive data including customer email and physical addresses.
Mögliche Gegenmaßnahme
Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers: Update to version 3.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunshinephotocartSunshine Photo Cart SwPlatformwordpress Version < 3.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers
Version *-3.0.24
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.68% 0.474
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@wordfence.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://plugins.trac.wordpress.org/browser/sunshine-photo-cart/tags/3.0.24/includes/admin/sunshine-order.php#L894
Product
https://plugins.trac.wordpress.org/changeset/3033429/sunshine-photo-cart/trunk/includes/admin/sunshine-order.php
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/da76d034-3e9a-4f3f-a314-48e776028369?source=cve
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/da76d034-3e9a-4f3f-a314-48e776028369
Third Party Advisory