Ocean Extra@* Security Vulnerabilities and Issues — Ocean Extra@* CVE List

Lucene search

OceanwpOcean Extra*

5 matches found

CVE•added 2023/03/13 5:15 p.m.•53 views

CVE-2023-0749

The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones.

6.5CVSS6.4AI score0.00268EPSS

CVE•added 2023/04/06 2:15 p.m.•51 views

CVE-2023-23891

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin

5.5CVSS5.2AI score0.00077EPSS

CVE•added 2023/03/30 12:15 p.m.•40 views

CVE-2023-24399

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin

5.5CVSS5.2AI score0.00143EPSS

CVE•added 2023/12/19 10:15 p.m.•32 views

CVE-2023-49164

Cross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra.This issue affects Ocean Extra: from n/a through 2.2.2.

8.8CVSS6.9AI score0.00059EPSS

CVE•added 2023/07/12 8:15 a.m.•22 views

CVE-2020-36760

The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5]. This is due to missing or incorrect nonce validation on the add_core_extensions_bundle_validation() function. This makes it possible for unauthenticated attackers to validate e...

4.3CVSS4.2AI score0.00144EPSS