CVE-2025-3457 – WordPress Ocean Extra Stored Cross-Site Scripting Vulnerability

April 22, 2025

CVE ID : CVE-2025-3457

Published : April 22, 2025, 12:15 p.m. | 2 hours, 22 minutes ago

Description : The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘oceanwp_icon’ shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3458 – WordPress Ocean Extra Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-2092 – Checkmk GmbH Checkmk Log File Information Disclosure

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

AI is currently in its teenage years, battling raging hormones

4 ways your organization can adapt and thrive in the age of AI

Google’s new Search tool turns financial info into interactive charts – how to try it

This rugged Android phone has something I’ve never seen on competing models

Anthropic’s new AI models for classified info are already in use by US gov

Handling PostgreSQL Migrations in Node.js

Handling PostgreSQL Migrations in Node.js

How to Add Product Badges in Optimizely Configured Commerce Spire

Salesforce Health Check Assessment Unlocks ROI

Microsoft: Run PS script now if you deleted “inetpub” on Windows 11, Windows 10

Microsoft: Run PS script now if you deleted “inetpub” on Windows 11, Windows 10

Spf Permerror Troubleshooting Guide For Better Email Deliverability Today

Amap – Gather Info in Easy Way

CVE-2025-3457 – WordPress Ocean Extra Stored Cross-Site Scripting Vulnerability

Leadership, Trust, and Cyber Hygiene: NCSC’s Guide to Security Culture in Action

CISA Alert: Critical Vulnerabilities Found in CyberData SIP Emergency Intercom Devices

Satya Nadella admits Microsoft missed an opportunity as ChatGPT and Copilot gain popularity — even OpenAI’s Sam Altman “doesn’t do Google searches anymore”

CTO vs. CPO: Roles and Responsibilities of Chief Technical Officer & Chief Product Officer

CVE-2025-5245 – GNU Binutils Debug Type Samep Memory Corruption Vulnerability

I tested a robot mower with no boundary wire – here’s my buying advice after a month

Cisco debuts AI defense to combat misuse of AI tools, data leakage, and sophisticated threats — despite Sam Altman’s confidence in AI’s ability to prevent existential doom even with a 99.999999% probability

Accessibility essentials every front-end developer should know

Elon Musk comes clean about Path of Exile 2 and Diablo 4 credentials and I am shocked — SHOCKED I tell you

How to Conduct a Design Audit That Actually Improves Your Product

CVE-2025-3457 – WordPress Ocean Extra Stored Cross-Site Scripting Vulnerability

Related Posts