Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2023-0467
HistoryMar 27, 2023 - 3:37 p.m.

CVE-2023-0467 WP Dark Mode < 4.0.8 - Subscriber+ Local File Inclusion

2023-03-2715:37:26
WPScan
www.cve.org
wordpress plugin vulnerability
local file inclusion
php template.

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON

The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing arbitrary directory creation.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WP Dark Mode",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "4.0.8"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Related

cve 1
wpexploit 1
wpvulndb 1
prion 1
nvd 1
wordfence 1
cve
cve
CVE-2023-0467
2023-03-27 16:15:08
wpexploit
wpexploit
WP Dark Mode < 4.0.8 - Subscriber+ Local File Inclusion
2023-03-06 00:00:00
wpvulndb
wpvulndb
WP Dark Mode < 4.0.8 - Subscriber+ Local File Inclusion
2023-03-06 00:00:00
prion
prion
Memory corruption
2023-03-27 16:15:00
nvd
nvd
CVE-2023-0467
2023-03-27 16:15:08
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 6, 2023 to Mar 12, 2023)
2023-03-16 13:53:38

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON
Related for CVELIST:CVE-2023-0467
cve1wpexploit1wpvulndb1prion1nvd1wordfence1