Lucene search
WPScanCVELIST:CVE-2023-0749HistoryMar 13, 2023 - 4:03 p.m.
CVE-2023-0749 Ocean Extra < 2.1.3 - Subscriber+ Arbitrary Post Content Disclosure
2023-03-1316:03:31
WPScan
www.cve.org
1
wordpress
ocean extra
vulnerability
authenticated users
arbitrary posts
EPSS
0.001
Percentile
30.4%
The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Ocean Extra",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2.1.3"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
nvd
nvd
CVE-2023-0749
2023-03-13 17:15:12
prion
prion
Buffer overflow
2023-03-13 17:15:00
openvas
openvas
WordPress Ocean Extra Plugin < 2.1.3 Authentication Bypass Vulnerability
2023-03-15 00:00:00
wpexploit
wpexploit
Ocean Extra < 2.1.3 - Subscriber+ Arbitrary Post Content Disclosure
2023-02-14 00:00:00
wpvulndb
wpvulndb
Ocean Extra < 2.1.3 - Subscriber+ Arbitrary Post Content Disclosure
2023-02-14 00:00:00
cve
cve
CVE-2023-0749
2023-03-13 17:15:12
wordfence
wordfence