Skip to main content

CVE-2023-0749

Severity Medium
Score 6.5/10

Summary

The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • NONE

References

Advisory Timeline

  • Published