Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

oceanwp — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting oceanwp. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by oceanwp:Ocean ExtraOceanWPOcean Social Sharing
CVE IDTitleCVSSSeverityPublished
CVE-2026-34903 WordPress Ocean Extra plugin <= 2.5.3 - Broken Access Control vulnerability — Ocean ExtraCWE-862 5.4 Medium2026-04-07
CVE-2025-9499 Ocean Extra <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via oceanwp_library Shortcode — Ocean ExtraCWE-79 6.4 Medium2025-08-30
CVE-2025-8891 OceanWP <= 4.0.9 - 4.1.1 - Cross-Site Request Forgery to Ocean Extra Plugin Installation — OceanWPCWE-352 4.3 Medium2025-08-13
CVE-2025-7500 Ocean Social Sharing <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Ocean Social SharingCWE-79 6.4 Medium2025-08-02
CVE-2025-5524 OceanWP <= 4.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Select HTML Tag — OceanWPCWE-79 4.9 Medium2025-06-19
CVE-2025-49068 WordPress Ocean Extra plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability — Ocean ExtraCWE-79 6.5 Medium2025-06-06
CVE-2025-3458 Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ocean_gallery_id' — Ocean ExtraCWE-79 6.4 Medium2025-04-22
CVE-2025-3457 Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Ocean ExtraCWE-79 6.4 Medium2025-04-22
CVE-2025-3472 Ocean Extra <= 2.4.6 - Unauthenticated Arbitrary Shortcode Execution — Ocean ExtraCWE-94 6.5 Medium2025-04-22
CVE-2024-37489 WordPress Ocean Extra plugin <= 2.2.9 - Authenticated Cross Site Scripting (XSS) vulnerability — Ocean ExtraCWE-79 6.5 Medium2024-07-21
CVE-2024-5531 Ocean Extra <= 2.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flickr Widget — Ocean ExtraCWE-79 6.4 Medium2024-06-11
CVE-2023-23700 WordPress OceanWP theme <= 3.4.1 - Authenticated Local File Inclusion vulnerability — OceanWPCWE-22 7.6 High2024-05-17
CVE-2024-3167 Ocean Extra <= 2.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — Ocean ExtraCWE-79 6.4 Medium2024-04-09
CVE-2024-2476 OceanWP <= 3.5.4 - Missing Authorization to Sensitive Information Exposure via Limited Local File Inclusion — OceanWPCWE-862 4.3 Medium2024-03-29
CVE-2024-1277 Ocean Extra <= 2.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Ocean ExtraCWE-79 6.4 Medium2024-02-20
CVE-2023-49164 WordPress Ocean Extra Plugin <= 2.2.2 is vulnerable to Cross Site Request Forgery (CSRF) — Ocean ExtraCWE-352 5.4 Medium2023-12-19
CVE-2020-36760 Ocean Extra <=1.6.5 - Cross-Site Request Forgery Bypass — Ocean ExtraCWE-352 4.3 Medium2023-07-12
CVE-2023-23891 WordPress Ocean Extra Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS) — Ocean ExtraCWE-79 5.5 Medium2023-04-06
CVE-2023-24399 WordPress Ocean Extra Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS) — Ocean ExtraCWE-79 5.5 Medium2023-03-30

This page lists every published CVE security advisory associated with oceanwp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.