OceanWP Security & Risk Analysis

OceanWP is the perfect theme for your project. Lightweight and highly extendable, it will enable you to create almost any type of website such a blog, portfolio, business website and WooCommerce storefront with a beautiful & professional design. Very fast, responsive, RTL & trans...

v4.1.5 500K active installs oceanwp Updated Feb 16, 2026

A · Safe

CVEs total5

Unpatched0

Last CVEAug 15, 2025

Theme page

Is OceanWP Safe to Use in 2026?

Generally Safe

Score 94/100

OceanWP has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Aug 15, 2025Updated 1mo ago

OceanWP Security Vulnerabilities 5

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2024

2024

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

5 total CVEs

CVE-2025-8944medium · 4.3Missing Authorization

OceanWP <= 4.1.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update

Aug 15, 2025 Patched in 4.1.2 (42d)

CVE-2025-8891medium · 4.3Cross-Site Request Forgery (CSRF)

OceanWP <= 4.0.9 - 4.1.1 - Cross-Site Request Forgery to Ocean Extra Plugin Installation

Aug 12, 2025 Patched in 4.1.2 (10d)

CVE-2025-5524medium · 4.9Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

OceanWP <= 4.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Select HTML Tag

Jun 18, 2025 Patched in 4.1.0 (1d)

CVE-2024-2476medium · 4.3Missing Authorization

OceanWP <= 3.5.4 - Missing Authorization to Sensitive Information Exposure via Limited Local File Inclusion

Mar 28, 2024 Patched in 3.5.5 (1d)

CVE-2023-23700high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

OceanWP <= 3.4.1 - Authenticated (Subscriber+) Local File Inclusion

Feb 27, 2023 Patched in 3.4.2 (330d)

Developer Profile

oceanwp

8 plugins · 1.2M total installs

trust score

Avg Security Score

97/100

Avg Patch Time

230 days

View full developer profile