14 matches found
EUVD-2026-19594
Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ocean Extra: from n/a through 2.5.3...
CVE-2026-34903
Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ocean Extra: from n/a through 2.5.3...
EUVD-2025-17135
Malicious code in bioql PyPI...
CVE-2025-49068
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in oceanwp Ocean Extra ocean-extra allows Stored XSS.This issue affects Ocean Extra: from n/a through = 2.4.8...
CVE-2025-49068
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in oceanwp Ocean Extra ocean-extra allows Stored XSS.This issue affects Ocean Extra: from n/a through = 2.4.8...
CVE-2023-23891
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in OceanWP Ocean Extra plugin = 2.1.1 versions. Needs the OceanWP theme installed and activated...
CVE-2024-37489
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OceanWP Ocean Extra allows Stored XSS.This issue affects Ocean Extra: from n/a through 2.2.9...
CVE-2023-49164
Cross-Site Request Forgery CSRF vulnerability in OceanWP Ocean Extra.This issue affects Ocean Extra: from n/a through 2.2.2...
CVE-2023-49164
Cross-Site Request Forgery CSRF vulnerability in OceanWP Ocean Extra.This issue affects Ocean Extra: from n/a through 2.2.2...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in OceanWP Ocean Extra.This issue affects Ocean Extra: from n/a through 2.2.2...
CVE-2023-49164
The CVE describes a Cross-Site Request Forgery (CSRF) in the WordPress OceanWP Ocean Extra plugin affecting versions through 2.2.2. The vulnerability enables an attacker to induce a user to trigger unintended actions on the web application, including potential arbitrary plugin activation. Impact ...
CVE-2023-23891
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in OceanWP Ocean Extra plugin = 2.1.1 versions. Needs the OceanWP theme installed and activated...
CVE-2023-24399
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in OceanWP Ocean Extra plugin = 2.1.2 versions...
PT-2023-19560 · Oceanwp · Oceanwp Ocean Extra
Name of the Vulnerable Software and Affected Versions: OceanWP Ocean Extra plugin versions = 2.1.2 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. It affects users with contributor or higher authentication levels. There is no information provided about the...