{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5449", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-05-28T19:54:53.414Z", "datePublished": "2024-06-06T03:32:54.926Z", "dateUpdated": "2024-08-01T21:11:12.773Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-06-06T03:32:54.926Z"}, "affected": [{"vendor": "wppool", "product": "WP Dark Mode \u2013 WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "5.0.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP Dark Mode \u2013 WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdm_social_share_save_options function in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings."}], "title": "WP Dark Mode \u2013 WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing <= 5.0.4 - Missing Authorization", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d7d20733-d61b-4b2f-8597-528644f0bc26?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-dark-mode/trunk/includes/modules/social-share/class-social-share.php#L581"}, {"url": "https://plugins.trac.wordpress.org/changeset/3096290/wp-dark-mode/trunk?contextall=1&old=3073245&old_path=%2Fwp-dark-mode%2Ftrunk"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Peter Thaleikis"}], "timeline": [{"time": "2024-06-05T15:09:52.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-16T18:37:37.792216Z", "id": "CVE-2024-5449", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T18:37:46.159Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:11:12.773Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d7d20733-d61b-4b2f-8597-528644f0bc26?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/wp-dark-mode/trunk/includes/modules/social-share/class-social-share.php#L581", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3096290/wp-dark-mode/trunk?contextall=1&old=3073245&old_path=%2Fwp-dark-mode%2Ftrunk", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d7d20733-d61b-4b2f-8597-528644f0bc26?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/wp-dark-mode/trunk/includes/modules/social-share/class-social-share.php#L581", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3096290/wp-dark-mode/trunk?contextall=1&old=3073245&old_path=%2Fwp-dark-mode%2Ftrunk", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:11:12.773Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5449", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-16T18:37:37.792216Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T18:37:41.985Z"}}], "cna": {"title": "WP Dark Mode \u2013 WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing <= 5.0.4 - Missing Authorization", "credits": [{"lang": "en", "type": "finder", "value": "Peter Thaleikis"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "wppool", "product": "WP Dark Mode \u2013 WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "5.0.4"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-06-05T15:09:52.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d7d20733-d61b-4b2f-8597-528644f0bc26?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-dark-mode/trunk/includes/modules/social-share/class-social-share.php#L581"}, {"url": "https://plugins.trac.wordpress.org/changeset/3096290/wp-dark-mode/trunk?contextall=1&old=3073245&old_path=%2Fwp-dark-mode%2Ftrunk"}], "descriptions": [{"lang": "en", "value": "The WP Dark Mode \u2013 WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdm_social_share_save_options function in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-06-06T03:32:54.926Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5449", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:11:12.773Z", "dateReserved": "2024-05-28T19:54:53.414Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-06-06T03:32:54.926Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wppool:wp_dark_mode:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "03740D66-8A01-45D6-9ECD-E2ABCA5203AE", "versionEndExcluding": "5.0.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The WP Dark Mode \u2013 WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdm_social_share_save_options function in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings."}, {"lang": "es", "value": "El complemento WP Dark Mode \u2013 WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n wpdm_social_share_save_options en todas las versiones hasta e incluyendo, 5.0.4. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, actualicen la configuraci\u00f3n del complemento."}], "id": "CVE-2024-5449", "lastModified": "2024-07-24T17:47:44.637", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-06-06T04:15:14.720", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/browser/wp-dark-mode/trunk/includes/modules/social-share/class-social-share.php#L581"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3096290/wp-dark-mode/trunk?contextall=1&old=3073245&old_path=%2Fwp-dark-mode%2Ftrunk"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d7d20733-d61b-4b2f-8597-528644f0bc26?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}