ByteOS Network

CVE Vulnerability Details :

CVE-2022-40692

PUBLISHED

More Info Official Page

Assigner-Patchstack

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-02 Feb, 2023 | 15:58

▼CVE Numbering Authority (CNA)

WordPress Sunshine Photo Cart Plugin <= 2.9.13 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions.

Affected Products

Vendor

WP Sunshine

Product

Sunshine Photo Cart

Collection URL

https://wordpress.org/plugins

Package Name

sunshine-photo-cart

Default Status

unaffected

Versions

Affected

From n/a through 2.9.13 (custom)
- -> unaffectedfrom2.9.14

Problem Types

Type	CWE ID	Description
CWE	CWE-352	CWE-352 Cross-Site Request Forgery (CSRF)

Type: CWE

CWE ID: CWE-352

Description: CWE-352 Cross-Site Request Forgery (CSRF)

Metrics

Version	Base score	Base severity	Vector
3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Version: 3.1

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-62	CAPEC-62 Cross Site Request Forgery

CAPEC ID: CAPEC-62

Description: CAPEC-62 Cross Site Request Forgery

Solutions

Update to 2.9.14 or higher version.

Credits

finder

Lana Codes (Patchstack Alliance)

References

Hyperlink	Resource
https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-2-9-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-2-9-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

Resource:

vdb-entry

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References