CVE-2023-0749

Name of the Vulnerable Software and Affected Versions Ocean Extra WordPress plugin versions prior to 2.1.3

Description The issue allows any authenticated users, such as subscribers, to retrieve the content of arbitrary posts, including drafts, private, or password-protected ones, by not ensuring that the template loaded via a shortcode is actually a template.

Recommendations For versions prior to 2.1.3, update to version 2.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the shortcode functionality to minimize the risk of exploitation.