PT-2023-19285 · Oceanwp · Oceanwp Ocean Extra+1
Rafshanzani Suhada
·
Published
2023-04-06
·
Updated
2023-04-12
·
CVE-2023-23891
CVSS v3.1
5.5
Medium
| Vector | AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
OceanWP Ocean Extra plugin versions <= 2.1.1
Description
The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with contributor or higher privileges. It affects the OceanWP Ocean Extra plugin when the OceanWP theme is installed and activated.
Recommendations
For OceanWP Ocean Extra plugin versions <= 2.1.1, update to a version higher than 2.1.1 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality that requires contributor or higher privileges until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oceanwp
Oceanwp Ocean Extra