cbcvebase.
CVE-2023-0749
published 2023-03-13

CVE-2023-0749: The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated…

PriorityP335medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.65%
46.7th percentile
The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones.

Affected

1 ranges
VendorProductVersion rangeFixed in
oceanwpocean_extra< 2.1.32.1.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.

CVE-2023-0749 — Oceanwp Ocean Extra vulnerability | cvebase