Vulnerabilities > Oceanwp

DATE CVE VULNERABILITY TITLE RISK
2025-04-22 CVE-2025-3457 Cross-site Scripting vulnerability in Oceanwp Ocean Extra
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'oceanwp_icon' shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
oceanwp CWE-79
5.4
2025-04-22 CVE-2025-3458 Cross-site Scripting vulnerability in Oceanwp Ocean Extra
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ocean_gallery_id’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping.
network
low complexity
oceanwp CWE-79
5.4
2025-04-22 CVE-2025-3472 Code Injection vulnerability in Oceanwp Ocean Extra
The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6.
network
low complexity
oceanwp CWE-94
critical
9.8
2024-07-21 CVE-2024-37489 Unspecified vulnerability in Oceanwp Ocean Extra
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OceanWP Ocean Extra allows Stored XSS.This issue affects Ocean Extra: from n/a through 2.2.9.
network
low complexity
oceanwp
5.4
2024-04-09 CVE-2024-3167 Cross-site Scripting vulnerability in Oceanwp Ocean Extra
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘twitter_username’ parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping.
network
low complexity
oceanwp CWE-79
6.4
2024-02-29 CVE-2024-1277 Unspecified vulnerability in Oceanwp Ocean Extra
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom fields in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping.
network
low complexity
oceanwp
5.4
2023-12-19 CVE-2023-49164 Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp Ocean Extra
Cross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra.This issue affects Ocean Extra: from n/a through 2.2.2.
network
low complexity
oceanwp CWE-352
8.8
2023-04-06 CVE-2023-23891 Unspecified vulnerability in Oceanwp Ocean Extra
Auth.
network
low complexity
oceanwp
5.4
2023-03-30 CVE-2023-24399 Unspecified vulnerability in Oceanwp Ocean Extra
Auth.
network
low complexity
oceanwp
5.4
2023-03-13 CVE-2023-0749 Unspecified vulnerability in Oceanwp Ocean Extra
The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones.
network
low complexity
oceanwp
6.5