CVE-2024-5449

{"id": "CVE-2024-5449", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-06-06T04:15:14.720", "references": [{"url": "https://plugins.trac.wordpress.org/browser/wp-dark-mode/trunk/includes/modules/social-share/class-social-share.php#L581", "tags": ["Patch"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset/3096290/wp-dark-mode/trunk?contextall=1&old=3073245&old_path=%2Fwp-dark-mode%2Ftrunk", "tags": ["Patch"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d7d20733-d61b-4b2f-8597-528644f0bc26?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-dark-mode/trunk/includes/modules/social-share/class-social-share.php#L581", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://plugins.trac.wordpress.org/changeset/3096290/wp-dark-mode/trunk?contextall=1&old=3073245&old_path=%2Fwp-dark-mode%2Ftrunk", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d7d20733-d61b-4b2f-8597-528644f0bc26?source=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The WP Dark Mode \u2013 WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdm_social_share_save_options function in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings."}, {"lang": "es", "value": "El complemento WP Dark Mode \u2013 WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n wpdm_social_share_save_options en todas las versiones hasta e incluyendo, 5.0.4. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, actualicen la configuraci\u00f3n del complemento."}], "lastModified": "2024-11-21T09:47:42.400", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wppool:wp_dark_mode:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "03740D66-8A01-45D6-9ECD-E2ABCA5203AE", "versionEndExcluding": "5.0.5"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}