CVE-2023-49164

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
8.8HIGH
EPSS
0.1%
top 81.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oceanwp Ocean Extra
Timeline
PublishedDec 19
Latest updateDec 20

Description

Cross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra.This issue affects Ocean Extra: from n/a through 2.2.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

NVDoceanwp/ocean_extra< 2.2.3
CVEListV5oceanwp/ocean_extran/a2.2.2

🔴Vulnerability Details

2
GHSA
GHSA-3654-wj8m-9hfq: Cross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra2023-12-20
CVEList
WordPress Ocean Extra Plugin <= 2.2.2 is vulnerable to Cross Site Request Forgery (CSRF)2023-12-19
CVE-2023-49164 (HIGH CVSS 8.8) | Cross-Site Request Forgery (CSRF) v | cvebase.io