cleantalk
Vulnerabilities and Security Researches

Ocean Extra, CVE-2024-37489

CVE, Research URL

CVE-2024-37489

Home page URL

Security reports for Ocean Extra

Application

Ocean Extra

Published on
Jul 21, 2024
Research Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OceanWP Ocean Extra allows Stored XSS.This issue affects Ocean Extra: from n/a through 2.2.9.
Affected versions
Min -, max 2.3.0.
Status
vulnerable
Previous vulnerability researches
Ocean Extra (CVE-2025-3458) , Apr 29, 2025
Ocean Extra (CVE-2022-4974) , Nov 14, 2024
Ocean Extra (CVE-2025-3457) , Apr 29, 2025
Ocean Extra (CVE-2019-16250) , Jun 07, 2024
Ocean Extra (CVE-2021-25104) , Jun 07, 2024
New vulnerability
Connect to external APIs | Custom endpoints for WP (CVE-2025-54049) , Aug 05, 2025
WP Import Export Lite (CVE-2025-5061) , Aug 05, 2025
WP Import Export Lite (CVE-2025-6207) , Aug 05, 2025
Custom Post Type UI , Aug 05, 2025
Mmm Unity Loader (CVE-2025-8399) , Aug 05, 2025