WordPress Plugin Vulnerabilities

WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing < 5.0.5 - Missing Authorization

Description

The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdm_social_share_save_options function in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings.

Affects Plugins

Plugin icon
wp-dark-mode
Fixed in 5.0.5

References

CVE
CVE-2024-5449
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/d7d20733-d61b-4b2f-8597-528644f0bc26

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Peter Thaleikis
Verified
No
WPVDB ID
008b203c-7685-4338-9c4f-772ff2a311b0

Timeline

Publicly Published
2024-06-05 (about 2 years ago)
Added
2024-06-05 (about 2 years ago)
Last Updated
2024-06-06 (about 2 years ago)

Other

Published
Title
Published
2025-03-27
Title
Exchange Rates < 1.2.3 - Missing Authorization
Published
2025-12-15
Title
Highlight and Share < 5.3.0 - Missing Authorization
Published
2024-01-29
Title
Cookie Information < 2.0.23 - Subscriber+ Arbitrary Options Update
Published
2025-03-28
Title
Checkout Mestres do WP for WooCommerce 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options Update
Published
2025-09-25
Title
Email marketing for WordPress by GetResponse Official < 1.5.4 - Missing Authorization