Get Started

WordPress: Unauthenticated Shortcode Execution When WooCommerce is Active in Ocean Extra Plugin

by the Hossted team
22.04.2025

In Ocean Extra plugin for WordPress versions up to and including 2.4.6 a medium severity vulnerability CVE-2025-3472 was detected. This vulnerability allows unauthenticated attackers to execute arbitrary shortcodes due to improper validation before calling do_shortcode, when WooCommerce is also installed and active. To address this issue, users should upgrade Ocean Extra plugin to versions 2.4.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3472.

Related articles
OSSpedia
OSSpedia 19 Feb 2025 WordPress: Insecure Direct Object Reference in Education Addon for Elementor Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Cross-Site Request Forgery Vulnerability in DeBounce Email Validator Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Unauthorized Access Vulnerability in Raptive Ads Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 11 Mar 2025 WordPress: Stored XSS Vulnerability in Countdown Timer Plugin Business and Enterprise Solutions CMS WOR