CVE-2024-2476 Information

Description

The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_theme_panel_pane function in all versions up to and including 3.5.4. This makes it possible for authenticated attackers with subscriber-level access and above to expose sensitive information such as system/environment data and API keys.

Reference

https://www.wordfence.com/threat-intel/vulnerabilities/id/5ec2743d-0d96-4056-8fdf-dc81d4e9b76f?source=cve https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=222387%40oceanwp&new=222387%40oceanwp&sfp_email=&sfph_mail=