CVE-2026-34903

CWE-862Missing Authorization3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.0%
top 87.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oceanwp Ocean Extra
Timeline
PublishedApr 7

Description

Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ocean Extra: from n/a through 2.5.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

CVEListV5oceanwp/ocean_extran/a2.5.3

🔴Vulnerability Details

2
GHSA
GHSA-mhqr-7m5g-wj8v: Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels2026-04-07
CVEList
WordPress Ocean Extra plugin <= 2.5.3 - Broken Access Control vulnerability2026-04-07
CVE-2026-34903 (MEDIUM CVSS 5.4) | Missing Authorization vulnerability | cvebase.io