CVE-2025-5482

04.06.2025, 08:15

The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords through the password reset functionality, including administrators, and leverage that to reset the user's password and gain access to their account.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Wordfence	CNA	8.8 HIGH				CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 9%

Common Weakness Enumeration

CWE-620 - Unverified Password Change
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

References

https://plugins.trac.wordpress.org/browser/sunshine-photo-cart/trunk/includes/functions/account.php#L303

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3305406%40sunshine-photo-cart%2Ftrunk&old=3261773%40sunshine-photo-cart%2Ftrunk&sfp_email=&sfph_mail=

https://www.wordfence.com/threat-intel/vulnerabilities/id/5311b43c-14dd-4bdd-b6d0-d6468b831968?source=cve