CVE-2025-8944
BaseFortify
Publication date: 2025-09-05
Last updated on: 2025-09-05
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oceanwp | oceanwp | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8944 is a vulnerability in the OceanWP WordPress theme versions before 4.1.2. It occurs because the theme's AJAX request handler lacks a proper capability check, allowing any authenticated user, including subscribers with limited permissions, to update the 'darkMode' setting. This is an incorrect authorization flaw that lets unauthorized users change options via a specially crafted POST request to admin-ajax.php. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing low-privileged authenticated users, such as subscribers, to modify theme settings they should not have access to, specifically the 'darkMode' option. While this may seem limited, it represents a broken access control issue that could be exploited to alter site behavior or appearance without proper authorization, potentially leading to further security risks or user confusion. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your WordPress site is running the OceanWP theme version prior to 4.1.2. Additionally, you can monitor for suspicious POST requests to 'admin-ajax.php' with the action 'ocean_update_search_box_light_mode' that include the 'darkMode' parameter. A detection command example using curl would be: curl -X POST -d 'action=ocean_update_search_box_light_mode&darkMode=1' https://yourwordpresssite.com/wp-admin/admin-ajax.php (requires authentication as a subscriber). If such requests succeed in changing settings without proper authorization, the site is vulnerable. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the OceanWP WordPress theme to version 4.1.2 or later, where the vulnerability is fixed. Until the update can be applied, restrict authenticated user roles from sending POST requests to 'admin-ajax.php' with the 'ocean_update_search_box_light_mode' action, or implement additional access controls to prevent unauthorized option updates. [1]