Name of the Vulnerable Software and Affected Versions:

OceanWP WordPress theme versions prior to 4.1.2

Description:

The OceanWP WordPress theme is susceptible to unauthorized option updates due to a missing capability check within an AJAX request handler. This allows any authenticated user, even those with limited privileges like a subscriber, to modify the `darkMod` setting.

Recommendations:

Update the OceanWP WordPress theme to version 4.1.2 or later.