cleantalk
Vulnerabilities and Security Researches

OceanWP, CVE-2024-2476

CVE, Research URL

CVE-2024-2476

Home page URL

Security reports for OceanWP

Application

OceanWP

Published on
Mar 29, 2024
Research Description
The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_theme_panel_pane function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose sensitive information such as system/environment data and API keys.
Affected versions
Min -, max 3.5.5.
Status
vulnerable
Previous vulnerability researches
OceanWP (CVE-2024-2476) , Jun 10, 2024
OceanWP (CVE-2023-23700) , Jun 10, 2024
OceanWP (CVE-2025-5524) , Jul 02, 2025
Oceanwp sticky header (CVE-2022-35730) , Jun 07, 2024
New vulnerability
Elementor Website Builder – More than Just a Page Builder (CVE-2024-50555) , Jul 03, 2025
Off-Canvas Sidebars & Menus (Slidebars) (CVE-2025-49290) , Jul 03, 2025
Accept Stripe Payments Using Contact Form 7 (CVE-2025-53309) , Jul 03, 2025
Opal Estate Pro – Property Management and Submission (CVE-2025-6934) , Jul 03, 2025
TM Replace Howdy (CVE-2025-49972) , Jul 03, 2025