78 matches found
CVE-2019-16250
includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets CSS token sequence...
EUVD-2019-7056
Malware in sbrugna...
EUVD-2020-24201
Malware in sbrugna...
EUVD-2021-12016
Malware in sbrugna...
EUVD-2025-24542
Malicious code in bioql PyPI...
EUVD-2023-27974
Malicious code in bioql PyPI...
EUVD-2023-12767
Malicious code in bioql PyPI...
EUVD-2025-28862
Malicious code in bioql PyPI...
EUVD-2025-12295
Malicious code in bioql PyPI...
EUVD-2025-12292
Malicious code in bioql PyPI...
CVE-2025-9499
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's oceanwplibrary shortcode in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-9499
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's oceanwplibrary shortcode in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-8891
The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwpnoticebuttonclick function. This makes it possible for unauthenticated attackers to install the Ocean Extra plugin via a forge...
CVE-2025-8891
The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwpnoticebuttonclick function. This makes it possible for unauthenticated attackers to install the Ocean Extra plugin via a forge...
CVE-2025-8891 OceanWP <= 4.0.9 - 4.1.1 - Cross-Site Request Forgery to Ocean Extra Plugin Installation
The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwpnoticebuttonclick function. This makes it possible for unauthenticated attackers to install the Ocean Extra plugin via a forge...
CVE-2025-8891 OceanWP <= 4.0.9 - 4.1.1 - Cross-Site Request Forgery to Ocean Extra Plugin Installation
The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwpnoticebuttonclick function. This makes it possible for unauthenticated attackers to install the Ocean Extra plugin via a forge...
PT-2025-32964
Name of the Vulnerable Software and Affected Versions: OceanWP versions 4.0.9 through 4.1.1 Description: The OceanWP theme for WordPress is susceptible to Cross-Site Request Forgery due to insufficient nonce validation within the oceanwp notice button click function. This allows unauthenticated...
WordPress OceanWP plugin <= 4.0.9 - 4.1.1 - Cross-Site Request Forgery to Ocean Extra Plugin Installation vulnerability
WordPress OceanWP plugin = 4.0.9 - 4.1.1 - Cross-Site Request Forgery to Ocean Extra Plugin Installation vulnerability discovered by Dmitrii Ignatyev in WordPress Theme OceanWP versions 4.0.9 - 4.1.1...
CVE-2025-49068 WordPress Ocean Extra plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OceanWP Ocean Extra allows Stored XSS.This issue affects Ocean Extra: from n/a through 2.4.8...
CVE-2024-5531
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flickr widget in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...