Lucene search
K
OceanwpOcean Extra

14 matches found

CVE
CVE
added 2019/09/11 10:55 p.m.125 views

CVE-2019-16250

CVE-2019-16250 affects the WordPress plugin Ocean Extra (

7.5CVSS7.7AI score0.01364EPSS
CVE
CVE
added 2022/06/20 10:25 a.m.116 views

CVE-2021-25104

The CVE-2021-25104 issue affects the WordPress Ocean Extra plugin (versions before 1.9.5). The root cause is that generated links are not escaped when the OceanWP theme is active, leading to a Reflected Cross-Site Scripting vulnerability. The vulnerability is addressed in version 1.9.5 (remediati...

6.1CVSS6AI score0.01388EPSS
Web
CVE
CVE
added 2022/10/31 12:0 a.m.112 views

CVE-2022-3374

CVE-2022-3374 affects the WordPress Ocean Extra plugin prior to version 2.0.5. The issue is insecure deserialization: when importing a malicious Customizer Styling file, the plugin may unserialize the import content, potentially enabling PHP object injections if a high-privilege user imports such...

7.2CVSS6.9AI score0.01126EPSS
Web
CVE
CVE
added 2025/04/22 11:12 a.m.89 views

CVE-2025-3472

The CVE-2025-3472 entry concerns the Ocean Extra WordPress plugin (versions up to and including 2.4.6). The vulnerability arises from inadequate validation in handling shortcodes via do_shortcode, allowing unauthenticated attackers to execute arbitrary shortcodes when WooCommerce is installed and...

9.8CVSS6.7AI score0.01852EPSS
CVE
CVE
added 2024/02/20 6:56 p.m.81 views

CVE-2024-1277

CVE-2024-1277 affects Ocean Extra for WordPress up to version 2.2.4, enabling Stored XSS via custom fields due to insufficient input sanitization and output escaping. Exploitation requires authentication (contributor+). A fix is available in version 2.2.5; upgrade Ocean Extra to 2.2.5 or later to...

6.4CVSS6.1AI score0.00463EPSS
CVE
CVE
added 2023/03/13 4:3 p.m.75 views

CVE-2023-0749

The CVE-2023-0749 entry concerns the Ocean Extra WordPress plugin before version 2.1.3. The vulnerability arises because the plugin does not verify that a template loaded via a shortcode is actually a template, allowing any authenticated user (e.g., a subscriber) to retrieve content from arbitrar...

6.5CVSS6.4AI score0.00654EPSS
Web
CVE
CVE
added 2024/04/09 6:59 p.m.75 views

CVE-2024-3167

CVE-2024-3167 is an Ocean Extra for WordPress Stored Cross-Site Scripting via the twitter_username parameter in versions up to 2.2.6 (patch released with 2.2.7). Exploitation requires authenticated access (Contributor+), allowing injection of scripts that execute when users visit affected pages. ...

6.4CVSS5.7AI score0.00508EPSS
CVE
CVE
added 2025/04/22 11:12 a.m.69 views

CVE-2025-3458

CVE-2025-3458 (Ocean Extra, WordPress) : The Ocean Extra plugin (WordPress) up to version 2.4.6 is vulnerable to Stored Cross-Site Scripting via the ocean_gallery_id parameter. Exploitation requires authenticated access (Contributor level or higher) and the Classic Editor plugin. The vulnerabilit...

6.4CVSS5.8AI score0.00253EPSS
CVE
CVE
added 2025/04/22 11:12 a.m.68 views

CVE-2025-3457

The CVE-2025-3457 entry describes a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress Ocean Extra plugin (versions up to and including 2.4.6) that is exploitable by authenticated attackers with contributor-level access and above via the oceanwp_icon shortcode. The issue arises from...

6.4CVSS5.7AI score0.00253EPSS
CVE
CVE
added 2023/04/06 1:54 p.m.66 views

CVE-2023-23891

The CVE-2023-23891 entry concerns the WordPress Ocean Extra plugin (OceanWP) with a Stored XSS vulnerability in versions ≤ 2.1.1 when the OceanWP theme is installed and activated. The root cause is an input handling/shortcode context that permits script injection by authenticated contributors. Af...

5.5CVSS5.2AI score0.00343EPSS
CVE
CVE
added 2023/03/30 11:14 a.m.58 views

CVE-2023-24399

CVE-2023-24399 affects Ocean Extra (OceanWP) WordPress plugin, versions 2.1.2; Patchstack lists fixed in 2.1.3. Exploitation status not detailed in provided documents; no explicit in-the-wild exploitation information found in the connected sources. Monitor for updates and apply the patch if using...

5.5CVSS5.2AI score0.00344EPSS
CVE
CVE
added 2024/07/21 7:29 a.m.54 views

CVE-2024-37489

CVE-2024-37489: Stored XSS in OceanWP Ocean Extra (WordPress plugin Ocean Extra) up to version 2.2.9. Requires authentication (Authenticated XSS). Root cause: improper input neutralization during web page generation. Affected: Ocean Extra

6.5CVSS6.5AI score0.00314EPSS
CVE
CVE
added 2023/12/19 9:41 p.m.49 views

CVE-2023-49164

The CVE describes a Cross-Site Request Forgery (CSRF) in the WordPress OceanWP Ocean Extra plugin affecting versions through 2.2.2. The vulnerability enables an attacker to induce a user to trigger unintended actions on the web application, including potential arbitrary plugin activation. Impact ...

8.8CVSS8.5AI score0.00286EPSS
CVE
CVE
added 2023/07/12 7:21 a.m.34 views

CVE-2020-36760

CVE-2020-36760 affects the Ocean Extra plugin for WordPress (versions up to 1.6.5). The root cause is missing or incorrect nonce validation in the add_core_extensions_bundle_validation() function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to validate extension bun...

4.3CVSS4.2AI score0.00563EPSS