Oceanwp: >> Ocean Extra >> 1.7.0 Security Vulnerabilities
The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog.
CVSS Score
7.2
EPSS Score
0.002
Published
2022-10-31
The Ocean Extra WordPress plugin before 1.9.5 does not escape generated links which are then used when the OceanWP is active, leading to a Reflected Cross-Site Scripting issue
CVSS Score
6.1
EPSS Score
0.034
Published
2022-06-20
Page 2