CVE-2024-5449

The WP Dark Mode  WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdm_social_share_save_options function in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
WordfenceCNA
4.3 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
wppoolwp_dark_mode
𝑥
< 5.0.5
𝑥
= Vulnerable software versions
References
https://plugins.trac.wordpress.org/browser/wp-dark-mode/trunk/includes/modules/social-share/class-social-share.php#L581
https://plugins.trac.wordpress.org/changeset/3096290/wp-dark-mode/trunk?contextall=1&old=3073245&old_path=%2Fwp-dark-mode%2Ftrunk
https://www.wordfence.com/threat-intel/vulnerabilities/id/d7d20733-d61b-4b2f-8597-528644f0bc26?source=cve
https://plugins.trac.wordpress.org/browser/wp-dark-mode/trunk/includes/modules/social-share/class-social-share.php#L581
https://plugins.trac.wordpress.org/changeset/3096290/wp-dark-mode/trunk?contextall=1&old=3073245&old_path=%2Fwp-dark-mode%2Ftrunk
https://www.wordfence.com/threat-intel/vulnerabilities/id/d7d20733-d61b-4b2f-8597-528644f0bc26?source=cve