Skip to main content

Ocean Product Sharing

1 CVEs product

Monthly

CVE-2026-56007 MEDIUM This Month

Stored XSS in OceanWP's Ocean Product Sharing WordPress plugin (all versions through 2.2.2) allows administrator-level attackers to persist malicious JavaScript into plugin configuration or product sharing fields. When other authenticated users or site visitors load affected product pages, the injected scripts execute in their browsers, enabling session cookie theft, credential harvesting, or unauthorized UI manipulation. No public exploit code has been identified and no active exploitation is confirmed (not in CISA KEV) at time of analysis; real-world risk is constrained by the PR:H requirement.

XSS Ocean Product Sharing
NVD
CVSS 3.1
5.9
EPSS
0.1%
EPSS 0% CVSS 5.9
MEDIUM This Month

Stored XSS in OceanWP's Ocean Product Sharing WordPress plugin (all versions through 2.2.2) allows administrator-level attackers to persist malicious JavaScript into plugin configuration or product sharing fields. When other authenticated users or site visitors load affected product pages, the injected scripts execute in their browsers, enabling session cookie theft, credential harvesting, or unauthorized UI manipulation. No public exploit code has been identified and no active exploitation is confirmed (not in CISA KEV) at time of analysis; real-world risk is constrained by the PR:H requirement.

XSS Ocean Product Sharing
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy