The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover

WORDPRESS

04-06-2025 09:57

CVE-2025-5482 Vulnerabilidad documentada

8.8 HIGH

Tags

#wordpress

#plugin

#reset

#change

#admin

#attackers

#authenticated

#arbitrary

#vulnerable

#privilege escalation

#privilege

#pass

#password

#attack

#access

Descripción

The Sunshine Photo Cart: Free Client Galleries for Photographers plugin WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This due the not properly validating a user-supplied key. makes it possible authenticated attackers, with Subscriber-level access above, change arbitrary user's passwords through password reset functionality, including administrators, leverage that gain their account.

https://plugins.trac.wordpress.org/browser/sunshine-photo-cart/trunk/includes/functions/account.php#L303

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3305406 40sunshine-photo-cart 2Ftrunk&old=3261773 40sunshine-photo-cart 2Ftrunk&sfp_email=&sfph_mail=

https://www.wordfence.com/threat-intel/vulnerabilities/id/5311b43c-14dd-4bdd-b6d0-d6468b831968?source=cve

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-5482

Resultados similares

Coincidentes en almenos en 50% de los tags

06-06-2025 CVE-2025-2935
The Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms plugin for WordPress is vuln...
Ver información

06-06-2025 CVE-2025-1778
The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability ch...
Ver información