CVE-2025-9499
CVE-2025-9499 refers to a Stored Cross‑Site Scripting vulnerability in the WordPress Ocean Extra plugin (versions up to and including 2.4.9). The issue stems from insufficient input sanitization and output escaping in the oceanwp_library shortcode, enabling an authenticated attacker with contribu...