Ocean Extra
oceanwp
Developer
2.5.5
Latest version
500,000
Installations
No date
Last updated
Vulnerability history
0 present
21 patched
7 Mitigation rules
- Authenticated (Contributor+) Stored Cross-Site Scripting via 'ocean_gallery_id' vulnerability<= 2.4.631/12/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via oceanwp_library Shortcode vulnerability<= 2.4.930/08/2025
- Cross Site Scripting (XSS) vulnerability<= 2.4.802/06/2025
- Unauthenticated Arbitrary Shortcode Execution vulnerability<= 2.4.622/04/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 2.4.622/04/2025
- Authenticated Cross Site Scripting (XSS) vulnerability<= 2.2.904/07/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Flickr Widget vulnerability<= 2.2.811/06/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 2.2.609/04/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 2.2.419/02/2024
- CSRF Leading to Arbitrary Plugin Activation vulnerability<= 2.2.229/11/2023
- Reflected Cross Site Scripting (XSS) vulnerability<= 2.1.718/07/2023
- Cross Site Scripting (XSS) vulnerability<= 2.1.215/02/2023
- Subscriber+ Arbitrary Post Content Disclosure vulnerability< 2.1.315/02/2023
- Cross Site Scripting (XSS) vulnerability<= 2.1.102/02/2023
- Auth. PHP Objection Injection vulnerability<= 2.0.410/10/2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 1.9.424/05/2022
- Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability< 1.9.428/02/2022
- Sensitive Information Disclosure vulnerability< 1.9.428/02/2022
- Cross-Site Request Forgery (CSRF) vulnerability<= 1.6.516/09/2020
- Unauthenticated Settings change vulnerability<= 1.5.804/07/2019
- Unauthenticated CSS injection vulnerability<= 1.5.804/07/2019