PT-2026-43156 · WordPress · Sunshine Photo Cart

Dave Jong

·

Published

2026-05-25

·

Updated

2026-05-26

·

CVE-2026-42776

CVSS v3.1

6.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions Sunshine Photo Cart versions prior to 3.6.8
Description A missing authorization issue in the WP Sunshine Sunshine Photo Cart plugin allows for the exploitation of incorrectly configured access control security levels. This is a broken access control flaw where the system fails to properly verify if a user has the necessary permissions to perform certain actions.
Recommendations Update to a version newer than 3.6.7.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-42776

Affected Products

Sunshine Photo Cart