A vulnerability labeled as critical has been found in WP Sunshine Sunshine Photo Cart Plugin up to 3.6.7 on WordPress. The impacted element is an unknown function. The manipulation results in missing authorization. This vulnerability is reported as CVE-2026-42776 . The attack can be launched remotely. No exploit exists.