Medium 5.3
2026-04-08< 3.6.2
CVE-2026-39564
Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers
Minimum safe version
3.6.2
Update to 3.6.2 or later to address 28 fixable vulnerabilities
Latest available3.6.8 ✓
Medium 6.5
2026-02-20< 3.5.7.1
CVE-2025-67973
Medium 5.3
2026-02-03< 3.5.7.3
CVE-2026-24994
Medium 4.3
2025-12-30< 3.5.7.2
Sunshine Photo Cart <= 3.5.7.1 - Missing Authorization
Medium 5.3
2025-10-27< 3.5.4
CVE-2025-62892
High 8.8
2025-06-04< 3.4.12
Sunshine Photo Cart <= 3.4.11 - Authenticated (Subscriber+) Privilege Escalation
Critical 9.8
2025-04-01< 3.4.11
CVE-2025-31084
Medium 4.7
2024-10-28< 3.2.11
CVE-2024-50463
Medium 4.3
2024-11-19< 3.2.10
CVE-2024-49697
High 7.1
2024-11-01< 3.2.9
CVE-2024-47314
Medium 5.3
2024-11-01< 3.2.10
CVE-2024-44038
High 7.1
2024-09-17< 3.2.6
CVE-2024-43971
Medium 4.3
2024-11-01< 3.2.2
CVE-2024-43136
Medium 5.4
2024-03-28< 3.1.2
CVE-2024-30221
High 7.1
2024-03-27< 3.1.2
CVE-2024-30194
Medium 5.3
2024-02-20< 3.1
CVE-2024-1294
Medium 5.3
2023-12-20< 3.0.0
CVE-2023-41796
Medium 4.3
2023-07-12< 2.8.29
CVE-2021-4415
N/A
2023-06-07< 2.8.29
CVE-2021-4342
N/A
< 2.8.29
Various Affected Software (Various Versions) - Cross-Site Request Forgery Bypass
Medium 6.1
2023-01-09< 2.9.15
CVE-2022-4301
Medium 5.4
2024-12-13< 2.9.14
CVE-2022-45826
Medium 5.4
2023-02-02< 2.9.14
CVE-2022-40692
N/A
2022-12-12< 2.9.15
Sunshine Photo Cart <= 2.9.14 - Reflected Cross-Site Scripting
N/A
< 2.9.14
WordPress Sunshine Photo Cart Plugin <= 2.9.13 is vulnerable to Broken Access Control
N/A
< 2.9.14
WordPress Sunshine Photo Cart Plugin <= 2.9.13 is vulnerable to Cross Site Request Forgery (CSRF)
N/A
< 2.8.29
CSRF Bypass in Multiple Plugins
N/A
2021-06-21< 2.8.29
WordPress Sunshine Photo Cart plugin <= 2.8.28 - Cross-Site Request Forgery (CSRF) vulnerability