WordPress Plugin Ocean Extra Multiple Vulnerabilities - CVE-2023-0749

WordPress Plugin Ocean Extra is prone to multiple vulnerabilities including cross-site scripting and insecure direct object reference (IDOR) vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site to steal cookie-based authentication credentials or to retrieve the content of arbitrary posts such as draft private or even password protected ones. WordPress Plugin Ocean Extra version 2.1.2 is vulnerable prior versions may also be affected.