cleantalk
Vulnerabilities and Security Researches

Ocean Extra, CVE-2025-3472

CVE, Research URL

CVE-2025-3472

Home page URL

Security reports for Ocean Extra

Application

Ocean Extra

Published on
Apr 22, 2025
Research Description
The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes when WooCommerce is also installed and activated.
Affected versions
Min -, max 2.4.7.
Status
vulnerable
Previous vulnerability researches
1-Click Backup & Restore Database (CVE-2025-32246) , Apr 06, 2025
New vulnerability
Alt Text AI – Automatically generate image alt text for SEO and accessibility (CVE-2025-46232) , Apr 23, 2025
Seriously Simple Podcasting (CVE-2025-46261) , Apr 23, 2025
Ocean Extra (CVE-2025-3472) , Apr 23, 2025
WP-Syntax (CVE-2024-13926) , Apr 22, 2025
Simple Sitemap – Create a Responsive HTML Sitemap (CVE-2025-39413) , Apr 22, 2025