4 matches found
CVE-2025-3458
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oceangalleryid’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-3458
creationtimestamp| type| source ---|---|--- 2025-04-22 12:03:25+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12835 2025-04-22 15:05:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnfxbozwcy2g 2025-04-22 16:43:54+00:00| seen| https://t.me/cvedetector/23513...
CVE-2025-3458
CVE-2025-3458 (Ocean Extra, WordPress) : The Ocean Extra plugin (WordPress) up to version 2.4.6 is vulnerable to Stored Cross-Site Scripting via the ocean_gallery_id parameter. Exploitation requires authenticated access (Contributor level or higher) and the Classic Editor plugin. The vulnerabilit...
CVE-2025-3458 Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ocean_gallery_id'
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oceangalleryid’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...