Lucene search
K

112 matches found

CNNVD
CNNVD
added 2024/03/29 12:0 a.m.9 views

WordPress Plugin OceanWP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.3CVSS7.8AI score0.00378EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/03/29 12:0 a.m.14 views

WordPress OceanWP Theme <= 3.5.4 is vulnerable to Local File Inclusion

Software OceanWP Type Theme Vulnerable versions = 3.5.4 Fixed in 3.5.5 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-2476 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 32c5ee7f6e9f Credits Webbernaut Required privilege Subscriber Published 2...

4.3CVSS6.8AI score0.00378EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/28 12:0 a.m.11 views

PT-2024-20537 · WordPress · Oceanwp

Name of the Vulnerable Software and Affected Versions: OceanWP theme for WordPress versions up to, and including, 3.5.4 Description: The issue allows unauthorized access to data due to a missing capability check on the load theme panel pane function. This makes it possible for authenticated...

4.3CVSS9AI score0.00378EPSS
Exploits0References4
NVD
NVD
added 2023/12/19 10:15 p.m.29 views

CVE-2023-49164

Cross-Site Request Forgery CSRF vulnerability in OceanWP Ocean Extra.This issue affects Ocean Extra: from n/a through 2.2.2...

8.8CVSS0.00286EPSS
Exploits0References1
OSV
OSV
added 2023/12/19 10:15 p.m.7 views

CVE-2023-49164

Cross-Site Request Forgery CSRF vulnerability in OceanWP Ocean Extra.This issue affects Ocean Extra: from n/a through 2.2.2...

8.8CVSS7.3AI score0.00286EPSS
Exploits0References1
Prion
Prion
added 2023/12/19 10:15 p.m.17 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in OceanWP Ocean Extra.This issue affects Ocean Extra: from n/a through 2.2.2...

6.8CVSS7.2AI score0.00286EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/19 9:41 p.m.49 views

CVE-2023-49164

The CVE describes a Cross-Site Request Forgery (CSRF) in the WordPress OceanWP Ocean Extra plugin affecting versions through 2.2.2. The vulnerability enables an attacker to induce a user to trigger unintended actions on the web application, including potential arbitrary plugin activation. Impact ...

8.8CVSS8.5AI score0.00286EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/04/06 2:15 p.m.29 views

CVE-2023-23891

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in OceanWP Ocean Extra plugin = 2.1.1 versions. Needs the OceanWP theme installed and activated...

5.5CVSS5.2AI score0.00343EPSS
Exploits1References1
OSV
OSV
added 2023/04/06 2:15 p.m.5 views

CVE-2023-23891

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in OceanWP Ocean Extra plugin = 2.1.1 versions. Needs the OceanWP theme installed and activated...

5.4CVSS7.3AI score0.00343EPSS
Exploits1References1
Prion
Prion
added 2023/04/06 2:15 p.m.23 views

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in OceanWP Ocean Extra plugin = 2.1.1 versions. Needs the OceanWP theme installed and activated...

4.9CVSS5.2AI score0.00343EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/04/06 1:54 p.m.66 views

CVE-2023-23891

The CVE-2023-23891 entry concerns the WordPress Ocean Extra plugin (OceanWP) with a Stored XSS vulnerability in versions ≤ 2.1.1 when the OceanWP theme is installed and activated. The root cause is an input handling/shortcode context that permits script injection by authenticated contributors. Af...

5.5CVSS5.2AI score0.00343EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/04/06 1:54 p.m.28 views

CVE-2023-23891 WordPress Ocean Extra Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in OceanWP Ocean Extra plugin = 2.1.1 versions. Needs the OceanWP theme installed and activated...

5.5CVSS5.4AI score0.00343EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/04/06 1:54 p.m.8 views

CVE-2023-23891 WordPress Ocean Extra Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in OceanWP Ocean Extra plugin = 2.1.1 versions. Needs the OceanWP theme installed and activated...

5.5CVSS5.6AI score0.00343EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/04/06 12:0 a.m.4 views

PT-2023-19285 · Oceanwp · Oceanwp Ocean Extra +1

Name of the Vulnerable Software and Affected Versions: OceanWP Ocean Extra plugin versions = 2.1.1 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with contributor or higher privileges. It affects the OceanWP Ocean Extra plugin whe...

5.5CVSS5.6AI score0.00343EPSS
Exploits1References4
OSV
OSV
added 2023/03/30 12:15 p.m.6 views

CVE-2023-24399

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in OceanWP Ocean Extra plugin = 2.1.2 versions...

5.4CVSS5.8AI score0.00344EPSS
Exploits0References1
NVD
NVD
added 2023/03/30 12:15 p.m.25 views

CVE-2023-24399

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in OceanWP Ocean Extra plugin = 2.1.2 versions...

5.5CVSS5.2AI score0.00344EPSS
Exploits0References1
CVE
CVE
added 2023/03/30 11:14 a.m.58 views

CVE-2023-24399

CVE-2023-24399 affects Ocean Extra (OceanWP) WordPress plugin, versions 2.1.2; Patchstack lists fixed in 2.1.3. Exploitation status not detailed in provided documents; no explicit in-the-wild exploitation information found in the connected sources. Monitor for updates and apply the patch if using...

5.5CVSS5.2AI score0.00344EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/30 12:0 a.m.6 views

PT-2023-19560 · Oceanwp · Oceanwp Ocean Extra

Name of the Vulnerable Software and Affected Versions: OceanWP Ocean Extra plugin versions = 2.1.2 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. It affects users with contributor or higher authentication levels. There is no information provided about the...

5.5CVSS5.8AI score0.00344EPSS
Exploits0References4
Patchstack
Patchstack
added 2023/02/27 12:0 a.m.11 views

WordPress OceanWP Theme <= 3.4.1 is vulnerable to Local File Inclusion

Software OceanWP Type Theme Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-23700 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 78647cd015a5 Credits Rafie Muhammad Patchstack Required privilege...

7.6CVSS7.2AI score0.00684EPSS
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2023/02/14 12:0 a.m.494 views

Ocean Extra < 2.1.3 - Subscriber+ Arbitrary Post Content Disclosure

The plugin does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones. Note: This requires the OceanWP theme to be...

6.5CVSS7AI score0.00654EPSS
Exploits2
Rows per page
Query Builder