Lucene search
K

4 matches found

NVD
NVD
added 2025/04/22 12:15 p.m.10 views

CVE-2025-3458

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oceangalleryid’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS0.00253EPSS
Exploits0References4
Circl
Circl
added 2025/04/22 12:3 p.m.10 views

CVE-2025-3458

creationtimestamp| type| source ---|---|--- 2025-04-22 12:03:25+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12835 2025-04-22 15:05:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnfxbozwcy2g 2025-04-22 16:43:54+00:00| seen| https://t.me/cvedetector/23513...

6.4CVSS8.7AI score0.00253EPSS
Exploits0References3
CVE
CVE
added 2025/04/22 11:12 a.m.69 views

CVE-2025-3458

CVE-2025-3458 (Ocean Extra, WordPress) : The Ocean Extra plugin (WordPress) up to version 2.4.6 is vulnerable to Stored Cross-Site Scripting via the ocean_gallery_id parameter. Exploitation requires authenticated access (Contributor level or higher) and the Classic Editor plugin. The vulnerabilit...

6.4CVSS5.8AI score0.00253EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/22 11:12 a.m.10 views

CVE-2025-3458 Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ocean_gallery_id'

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oceangalleryid’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS5.9AI score0.00253EPSS
Exploits0References4
Rows per page
Query Builder