cleantalk
Vulnerabilities and Security Researches

Ocean Extra, CVE-2020-36760

CVE, Research URL

CVE-2020-36760

Home page URL

Security reports for Ocean Extra

Application

Ocean Extra

Published on
Jul 12, 2023
Research Description
The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5]. This is due to missing or incorrect nonce validation on the add_core_extensions_bundle_validation() function. This makes it possible for unauthenticated attackers to validate extension bundles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 2.2.3.
Status
vulnerable
Previous vulnerability researches
Ocean Extra (CVE-2025-3458) , Apr 29, 2025
Ocean Extra (CVE-2022-4974) , Nov 14, 2024
Ocean Extra (CVE-2025-3457) , Apr 29, 2025
Ocean Extra (CVE-2019-16250) , Jun 07, 2024
Ocean Extra (CVE-2021-25104) , Jun 07, 2024
New vulnerability
WP Import Export Lite (CVE-2025-5061) , Aug 05, 2025
WP Import Export Lite (CVE-2025-6207) , Aug 05, 2025
Custom Post Type UI , Aug 05, 2025
Mmm Unity Loader (CVE-2025-8399) , Aug 05, 2025
Medical Addon for Elementor (CVE-2025-8212) , Aug 05, 2025