Reflected XSS Vulnerability in Sunshine Photo Cart
CVE-2024-43971

7.1HIGH

Key Information:

Vendor: WordPress
Status: Sunshine Photo Cart
Vendor: CVE Published:; 18 September 2024

What is CVE-2024-43971?

The Sunshine Photo Cart plugin by WP Sunshine features a vulnerability that allows for reflected cross-site scripting (XSS) attacks. This flaw is due to improper handling of user input during web page generation, putting users at risk of malicious script execution when they interact with compromised instances of the plugin.

Affected Version(s)

Sunshine Photo Cart 0 <= 3.2.5

References

https://patchstack.com/database/Wordpress/Plugin/sunshine...

vdb-entry

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2024

CVE-2024-43971 Data

JSON