112 matches found
Ocean Extra < 2.1.3 - Subscriber+ Arbitrary Post Content Disclosure
The plugin does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones. Note: This requires the OceanWP theme to be...
CVE-2022-35730
Cross-Site Request Forgery CSRF vulnerability in Oceanwp sticky header plugin = 1.0.8 on WordPress...
CVE-2022-35730
Cross-Site Request Forgery CSRF vulnerability in Oceanwp sticky header plugin = 1.0.8 on WordPress...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Oceanwp sticky header plugin = 1.0.8 on WordPress...
CVE-2022-35730 WordPress Oceanwp sticky header plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Oceanwp sticky header plugin = 1.0.8 on WordPress...
CVE-2022-35730 WordPress Oceanwp sticky header plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Oceanwp sticky header plugin = 1.0.8 on WordPress...
CVE-2022-35730
CVE-2022-35730 affects the WordPress Oceanwp sticky header plugin: versions ≤ 1.0.8 are without CSRF protections in multiple areas, enabling CSRF-style actions by authenticated users. The vulnerability’s documentation notes remediation by upgrading to a version newer than 1.0.8, though Patchstack...
WordPress plugin Oceanwp sticky header 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
PT-2022-22953 · WordPress · Oceanwp Sticky Header Plugin
Name of the Vulnerable Software and Affected Versions: Oceanwp sticky header plugin version 1.0.8 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Oceanwp sticky header plugin on WordPress. This issue allows for malicious requests to be made on behalf of the user witho...
WordPress Oceanwp sticky header plugin <= 1.0.8 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to a header style change discovered by Rasi Afeef Patchstack Alliance in WordPress Oceanwp sticky header plugin versions = 1.0.8. Solution No patched version is available. No reply from the vendor...
CVE-2021-25104
The Ocean Extra WordPress plugin before 1.9.5 does not escape generated links which are then used when the OceanWP is active, leading to a Reflected Cross-Site Scripting issue...
Ocean Extra < 1.9.5 - Reflected Cross-Site Scripting
The plugin does not escape generated links which are then used when the OceanWP theme is active, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/?step=demo=owpsetup"...