CVE-2024-5449

Name of the Vulnerable Software and Affected Versions: WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress versions up to, and including, 5.0.4

Description: The issue allows authenticated attackers with Subscriber-level access and above to update the plugin's settings due to a missing capability check on the wpdm social share save options function. This enables unauthorized modification of data.

Recommendations: For versions up to, and including, 5.0.4, update the plugin to a version higher than 5.0.4 to resolve the issue. As a temporary workaround, consider restricting access to the wpdm social share save options function until a patch is available.