The Ocean Extra plugin for WordPress has a security vulnerability in versions 1.6.5 and earlier. This vulnerability allows unauthenticated attackers to validate extension bundles through a fake request if they can trick a site administrator into clicking on a link. The vulnerability is caused by a missing or incorrect nonce validation on the add_core_extensions_bundle_validation() function.