Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OceanWP — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting OceanWP. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OceanWP is a WordPress theme designed for building responsive websites, serving as a core component for numerous online platforms. Historically, it has been associated with multiple security vulnerabilities, including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation issues, contributing to its 19 recorded CVEs. The theme's extensive customization options and third-party integrations have introduced potential attack vectors, with some vulnerabilities allowing unauthorized access or malicious code execution. While no major public security incidents have been widely documented, the consistent discovery of flaws underscores the importance of regular updates and security hardening for implementations using this theme.

Found 14 results / 19Clear Filters
Top products by OceanWP: Ocean Extra OceanWP Ocean Social Sharing
CVE IDTitleCVSSSeverityPublished
CVE-2026-34903 WordPress Ocean Extra plugin <= 2.5.3 - Broken Access Control vulnerability — Ocean ExtraCWE-862 5.4 Medium2026-04-07
CVE-2025-9499 Ocean Extra <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via oceanwp_library Shortcode — Ocean ExtraCWE-79 6.4 Medium2025-08-30
CVE-2025-49068 WordPress Ocean Extra plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability — Ocean ExtraCWE-79 6.5 Medium2025-06-06
CVE-2025-3458 Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ocean_gallery_id' — Ocean ExtraCWE-79 6.4 Medium2025-04-22
CVE-2025-3472 Ocean Extra <= 2.4.6 - Unauthenticated Arbitrary Shortcode Execution — Ocean ExtraCWE-94 6.5 Medium2025-04-22
CVE-2025-3457 Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Ocean ExtraCWE-79 6.4 Medium2025-04-22
CVE-2024-37489 WordPress Ocean Extra plugin <= 2.2.9 - Authenticated Cross Site Scripting (XSS) vulnerability — Ocean ExtraCWE-79 6.5 Medium2024-07-21
CVE-2024-5531 Ocean Extra <= 2.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flickr Widget — Ocean ExtraCWE-79 6.4 Medium2024-06-11
CVE-2024-3167 Ocean Extra <= 2.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — Ocean ExtraCWE-79 6.4 Medium2024-04-09
CVE-2024-1277 Ocean Extra <= 2.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Ocean ExtraCWE-79 6.4 Medium2024-02-20
CVE-2023-49164 WordPress Ocean Extra Plugin <= 2.2.2 is vulnerable to Cross Site Request Forgery (CSRF) — Ocean ExtraCWE-352 5.4 Medium2023-12-19
CVE-2020-36760 Ocean Extra <=1.6.5 - Cross-Site Request Forgery Bypass — Ocean ExtraCWE-352 4.3 Medium2023-07-12
CVE-2023-23891 WordPress Ocean Extra Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS) — Ocean ExtraCWE-79 5.5 Medium2023-04-06
CVE-2023-24399 WordPress Ocean Extra Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS) — Ocean ExtraCWE-79 5.5 Medium2023-03-30

This page lists every published CVE security advisory associated with OceanWP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.