199 matches found
Ocean Extra <= 2.4.6 - Unauthenticated Shortcode Execution
The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to supply arbitrary shortcodes in the contentrechdata parameter that is then executed. This makes it possible for...
WordPress Ocean Extra <1.9.5 - Cross-Site Scripting
WordPress Ocean Extra plugin before 1.9.5 contains a cross-site scripting vulnerability. The plugin does not escape generated links which are then used when the OceanWP theme is active. id: CVE-2021-25104 info: name: WordPress Ocean Extra 1.9.5 - Cross-Site Scripting author: Akincibor severity:...
WordPress Ocean Extra plugin <= 2.4.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Ocean Extra versions = 2.4.2...
EUVD-2026-19594
Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ocean Extra: from n/a through 2.5.3...
CVE-2026-34903
Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ocean Extra: from n/a through 2.5.3...
CVE-2026-34903 WordPress Ocean Extra plugin <= 2.5.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ocean Extra: from n/a through 2.5.3...
CVE-2026-34903
Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ocean Extra: from n/a through 2.5.3...
CVE-2026-34903
The CVE-2026-34903 entry describes a Missing Authorization vulnerability in OceanWP Ocean Extra, affecting Ocean Extra up to version 2.5.3. The issue is categorized as a Broken Access Control with CVSS 3.1 base score 5.4 (Network, Low Privileges Required, No User Interaction, Confidentiality None...
CVE-2026-34903 WordPress Ocean Extra plugin <= 2.5.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ocean Extra: from n/a through 2.5.3...
WordPress Ocean Extra plugin <= 2.5.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Ocean Extra versions = 2.5.3...
WordPress plugin Ocean Extra 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-30810
Name of the Vulnerable Software and Affected Versions OceanWP Ocean Extra versions through 2.5.3 Description An authorization issue exists in OceanWP Ocean Extra. This allows exploitation due to incorrectly configured access control security levels. Recommendations Update OceanWP Ocean Extra to a...
CVE-2019-16250
includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets CSS token sequence...
WordPress Ocean Extra plugin <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ocean_gallery_id' vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'oceangalleryid' vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ocean Extra versions = 2.4.6...
EUVD-2019-7056
Malware in sbrugna...
EUVD-2020-24201
Malware in sbrugna...
EUVD-2021-12016
Malware in sbrugna...
EUVD-2023-27974
Malicious code in bioql PyPI...
EUVD-2025-17135
Malicious code in bioql PyPI...
EUVD-2025-24542
Malicious code in bioql PyPI...