Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

oceanwp

Source -

NVDADP

CNA CVEs -

0

ADP CVEs -

1

CISA CVEs -

0

NVD CVEs -

2
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2025-8944
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.86%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 06:00
Updated-20 Jan, 2026 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OceanWP < 4.1.2 - Subscriber+ Limited Option Update

The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod` setting.

Action-Not Available
Vendor-oceanwpUnknown
Product-oceanwpOceanWP
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-8891
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 8.81%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 03:42
Updated-18 Dec, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OceanWP <= 4.0.9 - 4.1.1 - Cross-Site Request Forgery to Ocean Extra Plugin Installation

The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwp_notice_button_click() function. This makes it possible for unauthenticated attackers to install the Ocean Extra plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-oceanwpoceanwp
Product-oceanwpOceanWP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-23700
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.62% / 70.17%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 06:30
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress OceanWP theme <= 3.4.1 - Authenticated Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OceanWP allows PHP Local File Inclusion.This issue affects OceanWP: from n/a through 3.4.1.

Action-Not Available
Vendor-OceanWPoceanwp
Product-OceanWPoceanwp
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')