Oceanwp Oceanwp
5 CVEs affecting Oceanwp Oceanwp. Latest disclosed: 2025-08-13. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-23700 | High | 7.6 | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OceanWP allows PHP Local File Inclusion.This issue affects Ocea… |
CVE-2024-5647 | Medium | 6.4 | 2025-07-03 | Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library (version 1.1.0) in various versio… |
CVE-2025-5524 | Medium | 4.9 | 2025-06-19 | The OceanWP theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Select HTML tag in all versions up to, and including, 4.0.9 due to insuffi… |
CVE-2025-8891 | Medium | 4.3 | 2025-08-13 | The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on… |
CVE-2024-2476 | Medium | 4.3 | 2024-03-29 | The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_theme_panel_pane function in all ver… |