Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Ocean Extra — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in Ocean Extra, with AI-generated Chinese analysis, references, and POCs.

Vendor: Unknown

CVE IDTitleCVSSSeverityPublished
CVE-2026-34903 WordPress Ocean Extra plugin <= 2.5.3 - Broken Access Control vulnerability CWE-862 5.4 Medium2026-04-07
CVE-2025-9499 Ocean Extra <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via oceanwp_library Shortcode CWE-79 6.4 Medium2025-08-30
CVE-2025-49068 WordPress Ocean Extra plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2025-06-06
CVE-2025-3458 Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ocean_gallery_id' CWE-79 6.4 Medium2025-04-22
CVE-2025-3457 Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2025-04-22
CVE-2025-3472 Ocean Extra <= 2.4.6 - Unauthenticated Arbitrary Shortcode Execution CWE-94 6.5 Medium2025-04-22
CVE-2024-37489 WordPress Ocean Extra plugin <= 2.2.9 - Authenticated Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2024-07-21
CVE-2024-5531 Ocean Extra <= 2.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flickr Widget CWE-79 6.4 Medium2024-06-11
CVE-2024-3167 Ocean Extra <= 2.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-04-09
CVE-2024-1277 Ocean Extra <= 2.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-02-20
CVE-2023-49164 WordPress Ocean Extra Plugin <= 2.2.2 is vulnerable to Cross Site Request Forgery (CSRF) CWE-352 5.4 Medium2023-12-19
CVE-2020-36760 Ocean Extra <=1.6.5 - Cross-Site Request Forgery Bypass CWE-352 4.3 Medium2023-07-12
CVE-2023-23891 WordPress Ocean Extra Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS) CWE-79 5.5 Medium2023-04-06
CVE-2023-24399 WordPress Ocean Extra Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS) CWE-79 5.5 Medium2023-03-30
CVE-2023-0749 Ocean Extra < 2.1.3 - Subscriber+ Arbitrary Post Content Disclosure 6.5 -2023-03-13
CVE-2022-3374 Ocean Extra < 2.0.5 - Admin+ PHP Objection Injection CWE-502 7.2 -2022-10-31
CVE-2021-25104 Ocean Extra < 1.9.5 - Reflected Cross-Site Scripting CWE-79 6.1 -2022-06-20

All 17 known CVE vulnerabilities affecting Ocean Extra with full Chinese analysis, references, and POCs where available.