CVE-2023-23891

MEDIUM5.5Cross-site scripting

JSON export Create alert

Description

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin <= 2.1.1 versions. Needs the OceanWP theme installed and activated.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Affected products

OceanWP / Ocean Extran/a – 2.1.1

References

MISChttps://patchstack.com/database/vulnerability/ocean-extra/wordpress-ocean-extra-plugin-2-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve