The Sunshine Photo Cart plugin for WordPress can be exploited by unauthenticated attackers to inject malicious software into web pages. This puts users at risk of performing dangerous actions if they click on links without knowing what they are doing. Versions up to 2.9.14 of the plugin are vulnerable due to a lack of proper safeguards.