Oceanwp

Ocean Extra

17 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4

CVE-2025-9499

  • EPSS 0.04%
  • Veröffentlicht 30.08.2025 04:25:05
  • Zuletzt bearbeitet 02.09.2025 15:55:35

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's oceanwp_library shortcode in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping on user supplied attri...

6.5

CVE-2025-49068

  • EPSS 0.05%
  • Veröffentlicht 06.06.2025 11:32:21
  • Zuletzt bearbeitet 06.06.2025 14:06:58

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OceanWP Ocean Extra allows Stored XSS.This issue affects Ocean Extra: from n/a through 2.4.8.

9.8

CVE-2025-3472

  • EPSS 15.37%
  • Veröffentlicht 22.04.2025 11:12:21
  • Zuletzt bearbeitet 30.04.2025 14:01:15

The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do...

5.4

CVE-2025-3458

  • EPSS 0.16%
  • Veröffentlicht 22.04.2025 11:12:21
  • Zuletzt bearbeitet 30.04.2025 14:05:12

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ocean_gallery_id’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for ...

5.4

CVE-2025-3457

  • EPSS 0.18%
  • Veröffentlicht 22.04.2025 11:12:20
  • Zuletzt bearbeitet 30.04.2025 14:07:52

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'oceanwp_icon' shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attrib...

5.4

CVE-2024-37489

  • EPSS 0.14%
  • Veröffentlicht 21.07.2024 08:15:03
  • Zuletzt bearbeitet 21.11.2024 09:23:55

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OceanWP Ocean Extra allows Stored XSS.This issue affects Ocean Extra: from n/a through 2.2.9.

6.4

CVE-2024-5531

  • EPSS 0.31%
  • Veröffentlicht 11.06.2024 09:15:17
  • Zuletzt bearbeitet 21.11.2024 09:47:52

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flickr widget in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it ...

6.4

CVE-2024-3167

  • EPSS 0.2%
  • Veröffentlicht 09.04.2024 19:15:39
  • Zuletzt bearbeitet 21.11.2024 09:29:03

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘twitter_username’ parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for auth...

5.4

CVE-2024-1277

  • EPSS 0.2%
  • Veröffentlicht 29.02.2024 01:43:46
  • Zuletzt bearbeitet 04.03.2025 12:24:19

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom fields in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attac...

8.8

CVE-2023-49164

  • EPSS 0.06%
  • Veröffentlicht 19.12.2023 22:15:08
  • Zuletzt bearbeitet 21.11.2024 08:32:57

Cross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra.This issue affects Ocean Extra: from n/a through 2.2.2.