WordPress Ohio Extra plugin cross-site scripting vulnerability

WordPress Ohio Extra plugin is a free WordPress plugin designed specifically for the OceanWP theme to enhance the theme functionality and improve the site building experience. WordPress Ohio Extra plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

WordPress Plugin Ohio Extra 跨站脚本漏洞

WordPress Ohio Extra plugin is a free WordPress plugin designed specifically for the OceanWP theme to enhance the theme functionality and improve the site building experience. WordPress Ohio Extra plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

EUVD-2024-27425

Malicious code in bioql PyPI...

EUVD-2025-26881

Malicious code in bioql PyPI...

CVE-2025-8944

The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod setting...

WordPress OceanWP theme < 4.1.2 - Subscriber+ Limited Option Update vulnerability

Subscriber+ Limited Option Update vulnerability discovered by Hamit Cibo in WordPress Theme OceanWP versions 4.1.2...

CVE-2025-8944

The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod setting...

CVE-2025-8944

The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod setting...

PT-2025-36114

Name of the Vulnerable Software and Affected Versions OceanWP WordPress theme versions prior to 4.1.2 Description The OceanWP WordPress theme is susceptible to unauthorized option updates due to a missing capability check within an AJAX request handler. This allows any authenticated user, even...

WordPress OceanWP Theme < 4.1.2 is vulnerable to Settings Change

Software OceanWP Type Theme Vulnerable versions 4.1.2 Fixed in 4.1.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Settings Change CVE CVE-2025-8944 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e2cdad6661d0 Credits Hamit Cibo Required...

CVE-2025-8891

The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwpnoticebuttonclick function. This makes it possible for unauthenticated attackers to install the Ocean Extra plugin via a forge...

CVE-2025-8891

The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwpnoticebuttonclick function. This makes it possible for unauthenticated attackers to install the Ocean Extra plugin via a forge...

CVE-2025-8891

CVE-2025-8891 relates to the OceanWP WordPress theme. The affected versions are 4.0.9 through 4.1.1, where a Cross-Site Request Forgery can be exploited due to missing/incorrect nonce validation in the oceanwp_notice_button_click() function. This enables unauthenticated attackers to cause the ins...

WordPress OceanWP Theme 4.0.9 - 4.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software OceanWP Type Theme Vulnerable versions 4.0.9 - 4.1.1 Fixed in 4.1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2025-8891 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1d569e8bf081 Credits Dmitrii Ignatyev Requir...

CVE-2025-5524

The OceanWP theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Select HTML tag in all versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above,...

CVE-2025-5524

The OceanWP theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Select HTML tag in all versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above,...

CVE-2025-5524 OceanWP <= 4.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Select HTML Tag

The OceanWP theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Select HTML tag in all versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above,...

CVE-2025-5524 OceanWP <= 4.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Select HTML Tag

The OceanWP theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Select HTML tag in all versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above,...

CVE-2025-5524

CVE-2025-5524 (OceanWP) is a Stored XSS in OceanWP 4.0.9. PatchStack and PT-security entries corroborate the issue and suggest updating to resolve it; Wordfence references indicate patching in later advisories.

WordPress OceanWP Theme <= 4.0.9 is vulnerable to Cross Site Scripting (XSS)

Software OceanWP Type Theme Vulnerable versions = 4.0.9 Fixed in 4.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-5524 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID aa9ebeb90689 Credits Asaf Mozes Required privilege...