26 matches found
EUVD-2018-17420
Malware in sbrugna...
EUVD-2018-17421
Malware in sbrugna...
EUVD-2024-49740
Malicious code in bioql PyPI...
CVE-2024-9118
The QS Dark Mode Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...
WordPress plugin QS Dark Mode 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-9118
The QS Dark Mode Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...
CVE-2024-9118 QS Dark Mode Plugin <= 2.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The QS Dark Mode Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...
CVE-2024-9118
CVE-2024-9118 affects the QS Dark Mode Plugin for WordPress (versions ≤ 2.9). It yields stored XSS via SVG file uploads due to insufficient input sanitization and output escaping, exploitable by authenticated users with Author-level access or higher. Public references corroborate the vulnerabilit...
PT-2024-39445 · WordPress · Qs Dark Mode Plugin
Name of the Vulnerable Software and Affected Versions: QS Dark Mode Plugin for WordPress versions up to, and including, 2.9 Description: The QS Dark Mode Plugin for WordPress has a Stored Cross-Site Scripting issue via SVG file uploads due to insufficient input sanitization and output escaping...
CVE-2024-5449
The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdmsocialsharesaveoptions function in all versions up to, and...
WordPress WP Dark Mode Plugin <= 5.0.4 is vulnerable to Broken Access Control
Software WP Dark Mode Type Plugin Vulnerable versions = 5.0.4 Fixed in 5.0.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5449 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fcf51369e44e Credits Peter Thaleikis Required privileg...
CVE-2023-5387 Funnelforms Free <= 3.4 - Missing Authorization to Enable/Disable Dark Mode
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2triggerdarkmode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and...
WordPress Dark Mode Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Dark Mode Type Plugin Vulnerable versions = 4.1.2 Fixed in 4.1.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9e4920fdc820 Credits István Márton Required...
WP Dark Mode < 4.0.8 - Subscriber+ Local File Inclusion
The plugin does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing arbitrary directory creation. As a...
WordPress Dark Mode plugin <=1.6 - Multiple stored Cross-Site Scripting (XSS) vulnerabilities
Multiple stored Cross-Site Scripting XSS vulnerabilities found by d4wner in WordPress Dark Mode plugin versions =1.6. XSS exists via the wp-admin/profile.php darkmodestart parameter and darkmodeend parameter. Solution Update the WordPress Dark Mode plugin to the latest available version at least...
WordPress dark-mode plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . dark-mode plugin is used in one of the night mode plugin . A cross-site scripting vulnerability exists in...
WordPress dark-mode plugin cross-site scripting vulnerability (CNVD-2018-01272)
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . dark-mode plugin is used in one of the night mode plugin . A cross-site scripting vulnerability exists in...
Design/Logic Flaw
An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php darkmodeend parameter...
CVE-2018-5652
An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php darkmodeend parameter...
Design/Logic Flaw
An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php darkmodestart parameter...