VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 20 known issues Latest disclosed Jan 27, 2026

Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers Vulnerabilities

Review known vulnerability records for the WordPress plugin Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers (`sunshine-photo-cart`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-67973, CVE-2026-24994 and CVE-2025-68535, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
20
High or Critical
4
Patch Coverage
100%
Last Updated
Feb 02, 2026
Priority CVE Quick Links

Fast paths into Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
20
CVE-2025-31084 Critical 3.4.11
CVE-2025-31084 Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers Vulnerability

Sunshine Photo Cart <= 3.4.10 - Unauthenticated PHP Object Injection

CVE-2024-30221 Critical 3.1.2
CVE-2024-30221 Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers Vulnerability

Sunshine Photo Cart: Free Client Photo Galleries for Photographers <= 3.1.1 - Unauthenticated PHP Object Injection

CVE-2025-5482 High 3.4.12
CVE-2025-5482 Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers Privilege Escalation

Sunshine Photo Cart <= 3.4.11 - Authenticated (Subscriber+) Privilege Escalation

CVE-2022-40692 High 2.9.14
CVE-2022-40692 Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers Cross-Site Request Forgery

Sunshine Photo Cart <= 2.9.13 - Cross-Site Request Forgery

CVE-2022-45826 Medium 2.9.14
CVE-2022-45826 Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers Authorization Bypass

Sunshine Photo Cart <= 2.9.13 - Missing Authorization

CVE-2024-50463 Medium 3.2.11
CVE-2024-50463 Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers Vulnerability

Sunshine Photo Cart <= 3.2.9 - Open Redirect

CVE-2024-43971 Medium 3.2.6
CVE-2024-43971 Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers Cross-Site Scripting

Sunshine Photo Cart <= 3.2.5 - Reflected Cross-Site Scripting

CVE-2024-30194 Medium 3.1.2
CVE-2024-30194 Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers Cross-Site Scripting

Sunshine Photo Cart <= 3.1.1 - Reflected Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
20 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
2 critical and 2 high severity findings.
Recent CVEs
CVE-2025-67973, CVE-2026-24994 and CVE-2025-68535
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-67973
CVE-2025-67973: Sunshine Photo Cart <= 3.5.6.2 - Missing Authorization

The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.6.2. This makes it possible for unauthenticated attackers to...

Published
Jan 27, 2026
Patched Release
3.5.7.1
Affected Versions
Versions up to 3.5.6.2
Next Step
Update to 3.5.7.1 or newer if supported.
Open CVE-2025-67973 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2026-24994
CVE-2026-24994: Sunshine Photo Cart <= 3.5.7.2 - Missing Authorization

The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.7.2. This makes it possible for unauthenticated attackers to...

Published
Jan 23, 2026
Patched Release
3.5.7.3
Affected Versions
Versions up to 3.5.7.2
Next Step
Update to 3.5.7.3 or newer if supported.
Open CVE-2026-24994 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-68535
CVE-2025-68535: Sunshine Photo Cart <= 3.5.7.1 - Missing Authorization

The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.7.1. This makes it possible for authenticated attackers, with...

Published
Dec 30, 2025
Patched Release
3.5.7.2
Affected Versions
Versions up to 3.5.7.1
Next Step
Update to 3.5.7.2 or newer if supported.
Open CVE-2025-68535 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-62892
CVE-2025-62892: Sunshine Photo Cart <= 3.5.3 - Missing Authorization

The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to pe...

Published
Aug 29, 2025
Patched Release
3.5.4
Affected Versions
Versions up to 3.5.3
Next Step
Update to 3.5.4 or newer if supported.
Open CVE-2025-62892 Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-5482
CVE-2025-5482: Sunshine Photo Cart <= 3.4.11 - Authenticated (Subscriber+) Privilege Escalation

The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes i...

Published
Jun 03, 2025
Patched Release
3.4.12
Affected Versions
Versions up to 3.4.11
Next Step
Update to 3.4.12 or newer if supported.
Open CVE-2025-5482 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2025-31084
CVE-2025-31084: Sunshine Photo Cart <= 3.4.10 - Unauthenticated PHP Object Injection

The Sunshine Photo Cart plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.4.10 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vu...

Published
Mar 28, 2025
Patched Release
3.4.11
Affected Versions
Versions up to 3.4.10
Next Step
Update to 3.4.11 or newer if supported.
Open CVE-2025-31084 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-50463
CVE-2024-50463: Sunshine Photo Cart <= 3.2.9 - Open Redirect

The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.2.9. This is due to insufficient validation on a redirect url. This makes it possible for unauthenticated attackers t...

Published
Oct 24, 2024
Patched Release
3.2.11
Affected Versions
Versions up to 3.2.9
Next Step
Update to 3.2.11 or newer if supported.
Open CVE-2024-50463 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-49697
CVE-2024-49697: Sunshine Photo Cart <= 3.2.9 - Missing Authorization

The Sunshine Photo Cart plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_galleries() function in versions up to, and including, 3.2.9. This makes it possible for authenticated attackers, with subscriber-level access...

Published
Oct 21, 2024
Patched Release
3.2.10
Affected Versions
Versions up to 3.2.9
Next Step
Update to 3.2.10 or newer if supported.
Open CVE-2024-49697 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-47314
CVE-2024-47314: Sunshine Photo Cart <= 3.2.8 - Missing Authorization

The Sunshine Photo Cart plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sunshine_addon_toggle() function in versions up to, and including, 3.2.8. This makes it possible for authenticated attackers, with subscriber-level access an...

Published
Sep 25, 2024
Patched Release
3.2.9
Affected Versions
Versions up to 3.2.8
Next Step
Update to 3.2.9 or newer if supported.
Open CVE-2024-47314 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-44038
CVE-2024-44038: Sunshine Photo Cart <= 3.2.9 - Missing Authorization

The Sunshine Photo Cart plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to perform unauthorized actions.

Published
Sep 23, 2024
Patched Release
3.2.10
Affected Versions
Versions up to 3.2.9
Next Step
Update to 3.2.10 or newer if supported.
Open CVE-2024-44038 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-43971
CVE-2024-43971: Sunshine Photo Cart <= 3.2.5 - Reflected Cross-Site Scripting

The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthent...

Published
Aug 28, 2024
Patched Release
3.2.6
Affected Versions
Versions up to 3.2.5
Next Step
Update to 3.2.6 or newer if supported.
Open CVE-2024-43971 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-43136
CVE-2024-43136: Sunshine Photo Cart <= 3.2.1 - Missing Authorization

The Sunshine Photo Cart plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sunshine_add_to_favorites() function in versions up to, and including, 3.2.1. This makes it possible for authenticated attackers, with subscrib...

Published
Aug 07, 2024
Patched Release
3.2.2
Affected Versions
Versions up to 3.2.1
Next Step
Update to 3.2.2 or newer if supported.
Open CVE-2024-43136 Report Open CVE Reference