CVE-2021-25104 Ocean Extra < 1.9.5 - Reflected Cross-Site Scripting

2022-06-2010:25:41

CWE-79

WPScan

www.cve.org

cve-2021-25104

ocean extra

wordpress

plugin

version 1.9.5

reflected cross-site scripting

EPSS

0.001

Percentile

43.5%

JSON

The Ocean Extra WordPress plugin before 1.9.5 does not escape generated links which are then used when the OceanWP is active, leading to a Reflected Cross-Site Scripting issue

CNA Affected

[
  {
    "product": "Ocean Extra",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.9.5",
        "status": "affected",
        "version": "1.9.5",
        "versionType": "custom"
      }
    ]
  }
]