PatchSiren

WP Sunshine CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM WP Sunshine CVE published 2026-05-25

CVE-2026-42776

A Missing Authorization vulnerability (CWE-862) in the WP Sunshine Sunshine Photo Cart WordPress plugin allows exploitation of incorrectly configured access control security levels. The vulnerability affects versions from n/a through 3.6.7. The issue was published to the CVE List on 2026-05-25 and last modified on 2026-05-26. The NVD entry currently shows a status of 'Deferred'. No known exploitation in r [truncated]