Lucene search

CVE-2022-4714

🗓️ 21 Feb 2023 09:11:15Reported by WPScanType

WP Dark Mode plugin v4.0.0 allows Stored XSS via unvalidated shortcode attribut

Reporter	Title	Published	Views	Family All 7
Cvelist	CVE-2022-4714 WP Dark Mode < 4.0.0 - Contributor+ Stored XSS in Shortcode	21 Feb 202308:51	–	cvelist
Patchstack	WordPress WP Dark Mode Plugin < 4.0.0 is vulnerable to Cross Site Scripting (XSS)	31 Jan 202300:00	–	patchstack
wpexploit	WP Dark Mode < 4.0.0 - Contributor+ Stored XSS in Shortcode	30 Jan 202300:00	–	wpexploit
NVD	CVE-2022-4714	21 Feb 202309:15	–	nvd
WPVulnDB	WP Dark Mode < 4.0.0 - Contributor+ Stored XSS in Shortcode	30 Jan 202300:00	–	wpvulndb
Prion	Cross site scripting	21 Feb 202309:15	–	prion
Wordfence Blog	Wordfence Intelligence CE Weekly Vulnerability Report (1-30-2023 to 2-5-2023)	9 Feb 202315:31	–	wordfence

Nvd

Vulners

Node

wppool wp_dark_modeRange<4.0.0wordpress

[
  {
    "vendor": "Unknown",
    "product": "WP Dark Mode",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "4.0.0"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/61b475f1-bbfb-4450-a3b2-b8caf5df2340

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 Feb 2023 09:15Current

5.5Medium risk

Vulners AI Score5.5

CVSS35.4

EPSS0.00161