Security Advisory

CVE-2023-0749

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-03-13 16:03:31

Last updated 2025-02-27 20:20:24

Assigner WPScan

State PUBLISHED

Description

The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones.

← Browse all CVEs View on cve.org ↗