CVE-2024-2476

The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_theme_panel_pane function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose sensitive information such as system/environment data and API keys.

We have discovered 80,888 live websites that are affected by CVE-2024-2476.

Test my site



Affected Software

Product  OceanWP
Category Wordpress Themes
Vulnerable Domains80,888 live websites (64.65% of OceanWP install base)
Vulnerable Versions
  • from 0 through 3.5.4
Vulnerable Versions Count240 versions ( 90.91% of all versions)



Details

  • Published - Mar 29, 2024
  • Updated - Aug 1, 2024

Credits

  • Craig Smith (finder)

CVE-2024-2476 usage by Country

United States23,224 websites


Germany14,413 websites
France7,626 websites
Poland2,898 websites
GB2,421 websites
Russia2,156 websites
Brazil2,050 websites
Denmark1,792 websites
Cyprus1,581 websites
Netherlands1,552 websites

CVE-2024-2476 usage by TLD

.com29,408 websites
.de8,561 websites
.fr3,557 websites
.org2,982 websites
.com.br2,674 websites
.pl2,424 websites
.co.uk1,814 websites
.ru1,798 websites
.nl1,596 websites
.net1,505 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2024-2476

Top websites that are affected by CVE-2024-2476. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
********.com United States**,***
***.***.br Brazil**,***
***********.com United States**,***
*********.com United States**,***
***********.com United States**,***
**********.consulting Spain**,***
*********.com United States**,***
******.com United States**,***
********.**.il Israel**,***
****.**********.com Germany**,***
See full domain list

FAQ

A total of 80,888 websites have been identified as vulnerable to CVE-2024-2476, discovered through global website indexing conducted by WebTechSurvey.
OceanWP is susceptible to CVE-2024-2476 vulnerability.
OceanWP versions before, and including, 3.5.4 are vulnerable to CVE-2024-2476.