• Welcome to Web Hosting Community Forum for Webmasters - Web hosting Forum.
 

Recommended Providers

Jetpack
Fully Managed WordPress Hosting
lc_banner_leadgen_3
Fully Managed WordPress Hosting

WordPress Theme

Divi WordPress Theme
WPZOOM

Forum Membership

Forum Membership

OceanWP WordPress Theme <= 3.5.4 - Missing Authorization to Sensitive

Started by Kailash, March 29, 2024, 03:33:40 PM



Kailash

OceanWP WordPress theme is one of the most popular WordPress theme. There is a vulnerability identified in OceanWP <= 3.5.4 version as follow:

Vulnerability:

The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_theme_panel_pane function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose sensitive information such as system/environment data and API keys.

It is recommended to upgrade your OceanWP theme as soon as possible to avoid any security issue in your website.

- Kailash