Oceanwp

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-8944 MEDIUM POC This Month

The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Oceanwp PHP
NVD WPScan
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-8891 MEDIUM POC PATCH Monitor

The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Oceanwp PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-8944
EPSS 0% CVSS 4.3
MEDIUM POC This Month

The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Oceanwp +1
NVD WPScan
CVE-2025-8891
EPSS 0% CVSS 4.3
MEDIUM POC PATCH Monitor

The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Oceanwp +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy