Log out
Get PRO

Latest

Input validation vulnerability in Ocean Extra 2.4.8

  • Severity: medium-risk
  • Status: Fixed
  • Publication: June 2, 2025

The plugin called “Ocean Extra” for WordPress has a security issue that allows for a type of cyber attack called Stored Cross-Site Scripting. This can happen in any version up to version 2.4.8. The problem is caused by not properly checking and filtering the information that is put into the plugin and the information that is shown to users. This means that someone with at least Contributor-level access to the website can add harmful code to a page, and when a user visits that page, the code will run and potentially cause harm.

Detected in:

Ocean Extra fixed vulnerable versions: >= * <= 2.4.8

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

© Really Simple Plugins
CoC 70461155
Kalmarweg 14-5
9723 JG, Groningen (NL)

Wordpress Linkedin Github

Get Started

About

Popular articles