Security Advisory

CVE-2025-8944

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-05 06:00:02

Last updated 2025-09-05 16:09:21

Assigner WPScan

State PUBLISHED

Description

The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod` setting.

← Browse all CVEs View on cve.org ↗