[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ftNJZMRt6fL0O1hvAbnVqOKKWXGqAqfJ7PaQ9cx6CCHQ":3},{"slug":4,"name":5,"version":6,"author":4,"author_profile":7,"description":8,"active_installs":9,"downloaded":10,"rating":11,"num_ratings":12,"last_updated":13,"tested_up_to":14,"requires_at_least":14,"homepage":15,"security_score":16,"vuln_count":17,"unpatched_count":18,"last_vuln_date":19,"fetched_at":20,"vulnerabilities":21,"developer":94},"oceanwp","OceanWP","4.1.5","https:\u002F\u002Fprofiles.wordpress.org\u002Foceanwp\u002F","OceanWP is the perfect theme for your project. Lightweight and highly extendable, it will enable you to create almost any type of website such a blog, portfolio, business website and WooCommerce storefront with a beautiful & professional design. Very fast, responsive, RTL & translation ready, best SEO practices, unique WooCommerce features to increase conversion and much more. You can even edit the settings on tablet & mobile so your site looks good on every device. Work with the most popular page builders as Elementor, Beaver Builder, Brizy, Visual Composer, Divi, SiteOrigin, etc... Developers will love his extensible codebase making it a joy to customize and extend. Best friend of Elementor & WooCommerce. Looking for a Multi-Purpose theme? Look no further! Check the demos to realize that it's the only theme you will ever need: https:\u002F\u002Foceanwp.org\u002Fdemos\u002F",500000,9325619,98,5694,"2026-02-16T00:00:00.000Z","","https:\u002F\u002Fwordpress.org\u002Fthemes\u002Foceanwp\u002F",94,5,0,"2025-08-15 00:00:00","2026-03-16T12:54:35.829Z",[22,38,51,66,78],{"id":23,"url_slug":24,"title":25,"description":26,"plugin_slug":27,"theme_slug":4,"affected_versions":28,"patched_in_version":29,"severity":30,"cvss_score":31,"cvss_vector":32,"vuln_type":33,"published_date":19,"updated_date":34,"references":35,"days_to_patch":37},"CVE-2025-8944","oceanwp-missing-authorization-to-authenticated-subscriber-settings-update","OceanWP \u003C= 4.1.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update","The OceanWP theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ocean_update_search_box_light_mode AJAX action in all versions up to, and including, 4.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the darkMod setting.",null,"\u003C=4.1.1","4.1.2","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-09-25 19:43:54",[36],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4fe1c440-f988-4020-9f80-77683ff652b2?source=api-prod",42,{"id":39,"url_slug":40,"title":41,"description":42,"plugin_slug":27,"theme_slug":4,"affected_versions":43,"patched_in_version":29,"severity":30,"cvss_score":31,"cvss_vector":44,"vuln_type":45,"published_date":46,"updated_date":47,"references":48,"days_to_patch":50},"CVE-2025-8891","oceanwp-cross-site-request-forgery-to-ocean-extra-plugin-installation","OceanWP \u003C= 4.0.9 - 4.1.1 - Cross-Site Request Forgery to Ocean Extra Plugin Installation","The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwp_notice_button_click() function. This makes it possible for unauthenticated attackers to install the Ocean Extra plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",">=4.0.9 \u003C=4.1.1","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-08-12 00:00:00","2025-08-21 17:25:01",[49],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9c6f9a3d-54a6-4405-b42b-37fc8342af96?source=api-prod",10,{"id":52,"url_slug":53,"title":54,"description":55,"plugin_slug":27,"theme_slug":4,"affected_versions":56,"patched_in_version":57,"severity":30,"cvss_score":58,"cvss_vector":59,"vuln_type":60,"published_date":61,"updated_date":62,"references":63,"days_to_patch":65},"CVE-2025-5524","oceanwp-authenticated-contributor-stored-cross-site-scripting-via-select-html-tag","OceanWP \u003C= 4.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Select HTML Tag","The OceanWP theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Select HTML tag in all versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=4.0.9","4.1.0",4.9,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-06-18 16:22:13","2025-06-19 04:25:19",[64],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F37b085f9-3b15-44aa-9ba0-de5321dfbce4?source=api-prod",1,{"id":67,"url_slug":68,"title":69,"description":70,"plugin_slug":27,"theme_slug":4,"affected_versions":71,"patched_in_version":72,"severity":30,"cvss_score":31,"cvss_vector":73,"vuln_type":33,"published_date":74,"updated_date":75,"references":76,"days_to_patch":65},"CVE-2024-2476","oceanwp-missing-authorization-to-sensitive-information-exposure-via-limited-local-file-inclusion","OceanWP \u003C= 3.5.4 - Missing Authorization to Sensitive Information Exposure via Limited Local File Inclusion","The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_theme_panel_pane function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose sensitive information such as system\u002Fenvironment data and API keys.","\u003C=3.5.4","3.5.5","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","2024-03-28 00:00:00","2024-03-29 06:44:00",[77],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5ec2743d-0d96-4056-8fdf-dc81d4e9b76f?source=api-prod",{"id":79,"url_slug":80,"title":81,"description":82,"plugin_slug":27,"theme_slug":4,"affected_versions":83,"patched_in_version":84,"severity":85,"cvss_score":86,"cvss_vector":87,"vuln_type":88,"published_date":89,"updated_date":90,"references":91,"days_to_patch":93},"CVE-2023-23700","oceanwp-authenticated-subscriber-local-file-inclusion","OceanWP \u003C= 3.4.1 - Authenticated (Subscriber+) Local File Inclusion","The OceanWP  theme for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.4. This allows subscriber-level attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.","\u003C=3.4.1","3.4.2","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Control of Filename for Include\u002FRequire Statement in PHP Program ('PHP Remote File Inclusion')","2023-02-27 00:00:00","2024-01-22 19:56:02",[92],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7fa57b92-3a3e-418c-bfc2-7ed2602004e4?source=api-prod",330,{"slug":4,"display_name":4,"profile_url":7,"plugin_count":95,"total_installs":96,"avg_security_score":97,"avg_patch_time_days":98,"trust_score":99,"computed_at":100},8,1160000,97,230,77,"2026-04-03T14:04:57.086Z"]