WordPress Plugin Vulnerabilities

Ocean Extra < 2.1.3 - Subscriber+ Arbitrary Post Content Disclosure

Description

The plugin does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones.

Proof of Concept

Affects Plugins

Plugin icon
ocean-extra
Fixed in 2.1.3

References

CVE
CVE-2023-0749

Classification

Type
IDOR
OWASP top 10
A5: Broken Access Control
CWE
CWE-639
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Erwan LR (WPScan)
Submitter website
https://wpscan.com
Verified
Yes
WPVDB ID
9caa8d2e-383b-47d7-8d21-d2ed6b1664cb

Timeline

Publicly Published
2023-02-14 (about 2 years ago)
Added
2023-02-14 (about 2 years ago)
Last Updated
2023-02-14 (about 2 years ago)

Other

Published
Title
Published
2023-06-23
Title
JS Help Desk - Best Help Desk & Support < 2.7.8 - Subscriber+ Ticket Manipulation via IDOR
Published
2025-02-13
Title
Return Refund and Exchange For WooCommerce < 4.4.6 - Subscriber+ IDOR
Published
2024-12-04
Title
AnyWhere Elementor < 1.2.12 - Authenticated (Contributor+) Post Disclosure
Published
2024-08-12
Title
WP Job Portal < 2.1.9 - Subscriber+ Insecure Direct Object Reference
Published
2025-09-09
Title
WPGYM - Wordpress Gym Management System <= 67.7.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover