CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2476 – OceanWP <= 3.5.4 - Missing Authorization to Sensitive Information Exposure via Limited Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-2476
28 Mar 2024 — The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_theme_panel_pane function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose sensitive information such as system/environment data and API keys. El tema OceanWP para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacidad en la función load_... • https://github.com/killerbees19/CVE-2024-24760 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23700 – WordPress OceanWP theme <= 3.4.1 - Authenticated Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2023-23700
27 Feb 2023 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OceanWP allows PHP Local File Inclusion.This issue affects OceanWP: from n/a through 3.4.1. La limitación inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido ("Path Traversal") en OceanWP permite la inclusión de archivos locales PHP. Este problema afecta a OceanWP: desde n/a hasta 3.4.1. The OceanWP theme for WordPress is vulnerable to Local File Inclusion in versions up to, and includi... • https://patchstack.com/database/vulnerability/oceanwp/wordpress-oceanwp-theme-3-4-1-authenticated-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •