Primary

Context

Ocean Extra WordPress Plugin Unauthenticated Arbitrary Shortcode Execution Vulnerability

Vulnerability

Patched

A vulnerability allowing unauthenticated arbitrary shortcode execution has been identified in the Ocean Extra plugin for WordPress, affecting all versions through 2.4.6. The issue arises because the plugin does not properly validate values before executing shortcodes, allowing attackers to exploit this flaw, particularly when WooCommerce is installed and active.

Impact

Exploitation of this vulnerability allows for arbitrary shortcode execution, which could lead to various impacts depending on the executed shortcode. In this case, it could be exploited to manipulate WooCommerce cart functionalities.

Remediation

Users are advised to update the Ocean Extra plugin to version 2.4.7 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

1.3

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.5

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

1.3

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.5

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ocean Extra WordPress Plugin Unauthenticated Arbitrary Shortcode Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Ocean Extra

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating