CVE-2022-4301

MEDIUM NUCLEI

Sunshine Photo Cart <2.9.15 - XSS

Title source: llm

Description

The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.

Nuclei Templates (1)

WordPress Sunshine Photo Cart <2.9.15 - Cross-Site Scripting

MEDIUMVERIFIEDby r3Y3r53

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/a8dca528-fb70-44f3-8149-21385039179d

Scores

CVSS v3 6.1

EPSS 0.0386

EPSS Percentile 88.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

Status published

Products (1)

sunshinephotocart/sunshine_photo_cart < 2.9.15

Published Jan 09, 2023

Tracked Since Feb 18, 2026