Ocean Extra
oceanwp
Developer
2.5.1
Latest version
500,000
Installations
Sep 16, 2025
Last updated
Vulnerability history
0 present
20 fixed
7 Mitigation rules
- Authenticated (Contributor+) Stored Cross-Site Scripting via oceanwp_library Shortcode vulnerability<= 2.4.9Aug 30, 2025
- Cross Site Scripting (XSS) vulnerability<= 2.4.8Jun 2, 2025
- Unauthenticated Arbitrary Shortcode Execution vulnerability<= 2.4.6Apr 22, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 2.4.6Apr 22, 2025
- Authenticated Cross Site Scripting (XSS) vulnerability<= 2.2.9Jul 4, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Flickr Widget vulnerability<= 2.2.8Jun 11, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 2.2.6Apr 9, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 2.2.4Feb 19, 2024
- CSRF Leading to Arbitrary Plugin Activation vulnerability<= 2.2.2Nov 29, 2023
- Reflected Cross Site Scripting (XSS) vulnerability<= 2.1.7Jul 18, 2023
- Cross Site Scripting (XSS) vulnerability<= 2.1.2Feb 15, 2023
- Subscriber+ Arbitrary Post Content Disclosure vulnerability< 2.1.3Feb 15, 2023
- Cross Site Scripting (XSS) vulnerability<= 2.1.1Feb 2, 2023
- Auth. PHP Objection Injection vulnerability<= 2.0.4Oct 10, 2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 1.9.4May 24, 2022
- Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability< 1.9.4Feb 28, 2022
- Sensitive Information Disclosure vulnerability< 1.9.4Feb 28, 2022
- Cross-Site Request Forgery (CSRF) vulnerability<= 1.6.5Sep 16, 2020
- Unauthenticated Settings change vulnerability<= 1.5.8Jul 4, 2019
- Unauthenticated CSS injection vulnerability<= 1.5.8Jul 4, 2019