Ocean Extra, CVE-2023-0749

CVE, Research URL: CVE-2023-0749
Home page URL: Security reports for Ocean Extra
Application: Ocean Extra
Published on: Mar 13, 2023
Research Description: The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones.
Affected versions: Min -, max 2.1.3.
Status: vulnerable