CVE-2025-8944
- EPSS 0.04%
- Veröffentlicht 05.09.2025 06:00:02
- Zuletzt bearbeitet 20.01.2026 21:38:27
The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod` setting.
CVE-2025-8891
- EPSS 0.02%
- Veröffentlicht 13.08.2025 03:42:03
- Zuletzt bearbeitet 18.12.2025 17:40:43
The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwp_notice_button_click() function. This makes it possible for unauthenticated att...
CVE-2025-5524
- EPSS 0.04%
- Veröffentlicht 19.06.2025 04:25:19
- Zuletzt bearbeitet 23.06.2025 20:16:59
The OceanWP theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Select HTML tag in all versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated atta...
CVE-2024-2476
- EPSS 0.19%
- Veröffentlicht 29.03.2024 07:15:44
- Zuletzt bearbeitet 21.11.2024 09:09:50
The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_theme_panel_pane function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with...