PT-2025-36114 · WordPress · Oceanwp Wordpress Theme

Hamit Cibo

Published

2025-09-05

Updated

2026-01-20

CVE-2025-8944

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions OceanWP WordPress theme versions prior to 4.1.2

Description The OceanWP WordPress theme is susceptible to unauthorized option updates due to a missing capability check within an AJAX request handler. This allows any authenticated user, even those with limited privileges like a subscriber, to modify the darkMod setting.

Recommendations Update the OceanWP WordPress theme to version 4.1.2 or later.

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2025-8944

Affected Products

Oceanwp Wordpress Theme

PT-2025-36114 · WordPress · Oceanwp Wordpress Theme

CVE-2025-8944

Weakness Enumeration

Related Identifiers

Affected Products

References · 8