Access Control Flaw in Ocean Extra Plugin by OceanWP
CVE-2026-34903

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Ocean Extra
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-34903?

The Ocean Extra plugin by OceanWP contains a missing authorization vulnerability that can lead to incorrect access control configurations. This affects users of versions up to 2.5.3, potentially enabling unauthorized actions that compromise the security integrity of the site. Proper access control measures must be evaluated and implemented to mitigate such risks, especially for users relying on this plugin for enhancing their WordPress experience.

Affected Version(s)

Ocean Extra <= 2.5.3

References

https://patchstack.com/database/wordpress/plugin/ocean-ex...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Mar 31, 2026

Credit

Nguyen Ba Khanh | Patchstack Bug Bounty Program

CVE-2026-34903 Data

JSON