5 matches found
CVE-2023-0749
The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones...
WordPress Ocean Extra Plugin < 2.1.3 Authentication Bypass Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oceanwp:oceanextra"; ifdescription...
CVE-2023-0749
The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones...
CVE-2023-0749
The CVE-2023-0749 entry concerns the Ocean Extra WordPress plugin before version 2.1.3. The vulnerability arises because the plugin does not verify that a template loaded via a shortcode is actually a template, allowing any authenticated user (e.g., a subscriber) to retrieve content from arbitrar...
WordPress Ocean Extra Plugin < 2.1.3 is vulnerable to Sensitive Data Exposure
Software Ocean Extra Type Plugin Vulnerable versions 2.1.3 Fixed in 2.1.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0749 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 4139d2fa0b6a Credits Erwan LR WPScan Required...