Ocean Product Sharing
Monthly
Stored XSS in OceanWP's Ocean Product Sharing WordPress plugin (all versions through 2.2.2) allows administrator-level attackers to persist malicious JavaScript into plugin configuration or product sharing fields. When other authenticated users or site visitors load affected product pages, the injected scripts execute in their browsers, enabling session cookie theft, credential harvesting, or unauthorized UI manipulation. No public exploit code has been identified and no active exploitation is confirmed (not in CISA KEV) at time of analysis; real-world risk is constrained by the PR:H requirement.
Stored XSS in OceanWP's Ocean Product Sharing WordPress plugin (all versions through 2.2.2) allows administrator-level attackers to persist malicious JavaScript into plugin configuration or product sharing fields. When other authenticated users or site visitors load affected product pages, the injected scripts execute in their browsers, enabling session cookie theft, credential harvesting, or unauthorized UI manipulation. No public exploit code has been identified and no active exploitation is confirmed (not in CISA KEV) at time of analysis; real-world risk is constrained by the PR:H requirement.