OceanWP

Vulnerabilities 6Slug oceanwpLatest version 4.1.5WordPress.org →

Minimum safe version

4.1.2

Update to 4.1.2 or later to address 6 fixable vulnerabilities

Latest available4.1.5
N/A
2025-09-05< 4.1.2

OceanWP <= 4.1.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update

EUVDWordfenceCVE
Medium 4.3
2025-08-13≥ 4.0.9 and < 4.1.2

OceanWP <= 4.0.9 - 4.1.1 - Cross-Site Request Forgery to Ocean Extra Plugin Installation

EUVDWordfenceCVE
Medium 6.4
2025-07-03< 3.6.1

Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library

EUVDWordfenceWPScanCVE
Medium 4.9
2025-06-19< 4.1.0

WordPress OceanWP Theme <= 4.0.9 is vulnerable to Cross Site Scripting (XSS)

PatchstackEUVDWordfenceCVE