112 matches found
WordPress Plugin OceanWP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress OceanWP Theme <= 3.5.4 is vulnerable to Local File Inclusion
Software OceanWP Type Theme Vulnerable versions = 3.5.4 Fixed in 3.5.5 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-2476 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 32c5ee7f6e9f Credits Webbernaut Required privilege Subscriber Published 2...
PT-2024-20537 · WordPress · Oceanwp
Name of the Vulnerable Software and Affected Versions: OceanWP theme for WordPress versions up to, and including, 3.5.4 Description: The issue allows unauthorized access to data due to a missing capability check on the load theme panel pane function. This makes it possible for authenticated...
CVE-2023-49164
Cross-Site Request Forgery CSRF vulnerability in OceanWP Ocean Extra.This issue affects Ocean Extra: from n/a through 2.2.2...
CVE-2023-49164
Cross-Site Request Forgery CSRF vulnerability in OceanWP Ocean Extra.This issue affects Ocean Extra: from n/a through 2.2.2...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in OceanWP Ocean Extra.This issue affects Ocean Extra: from n/a through 2.2.2...
CVE-2023-49164
The CVE describes a Cross-Site Request Forgery (CSRF) in the WordPress OceanWP Ocean Extra plugin affecting versions through 2.2.2. The vulnerability enables an attacker to induce a user to trigger unintended actions on the web application, including potential arbitrary plugin activation. Impact ...
CVE-2023-23891
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in OceanWP Ocean Extra plugin = 2.1.1 versions. Needs the OceanWP theme installed and activated...
CVE-2023-23891
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in OceanWP Ocean Extra plugin = 2.1.1 versions. Needs the OceanWP theme installed and activated...
Cross site scripting
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in OceanWP Ocean Extra plugin = 2.1.1 versions. Needs the OceanWP theme installed and activated...
CVE-2023-23891
The CVE-2023-23891 entry concerns the WordPress Ocean Extra plugin (OceanWP) with a Stored XSS vulnerability in versions ≤ 2.1.1 when the OceanWP theme is installed and activated. The root cause is an input handling/shortcode context that permits script injection by authenticated contributors. Af...
CVE-2023-23891 WordPress Ocean Extra Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in OceanWP Ocean Extra plugin = 2.1.1 versions. Needs the OceanWP theme installed and activated...
CVE-2023-23891 WordPress Ocean Extra Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in OceanWP Ocean Extra plugin = 2.1.1 versions. Needs the OceanWP theme installed and activated...
PT-2023-19285 · Oceanwp · Oceanwp Ocean Extra +1
Name of the Vulnerable Software and Affected Versions: OceanWP Ocean Extra plugin versions = 2.1.1 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with contributor or higher privileges. It affects the OceanWP Ocean Extra plugin whe...
CVE-2023-24399
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in OceanWP Ocean Extra plugin = 2.1.2 versions...
CVE-2023-24399
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in OceanWP Ocean Extra plugin = 2.1.2 versions...
CVE-2023-24399
CVE-2023-24399 affects Ocean Extra (OceanWP) WordPress plugin, versions 2.1.2; Patchstack lists fixed in 2.1.3. Exploitation status not detailed in provided documents; no explicit in-the-wild exploitation information found in the connected sources. Monitor for updates and apply the patch if using...
PT-2023-19560 · Oceanwp · Oceanwp Ocean Extra
Name of the Vulnerable Software and Affected Versions: OceanWP Ocean Extra plugin versions = 2.1.2 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. It affects users with contributor or higher authentication levels. There is no information provided about the...
WordPress OceanWP Theme <= 3.4.1 is vulnerable to Local File Inclusion
Software OceanWP Type Theme Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-23700 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 78647cd015a5 Credits Rafie Muhammad Patchstack Required privilege...
Ocean Extra < 2.1.3 - Subscriber+ Arbitrary Post Content Disclosure
The plugin does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones. Note: This requires the OceanWP theme to be...