CVE-2024-5449

The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdmsocialsharesaveoptions function in all versions up to, and...

CVE-2024-5449

The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdmsocialsharesaveoptions function in all versions up to, and...

PT-2024-36355 · WordPress · Wp Dark Mode

Name of the Vulnerable Software and Affected Versions: WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress versions up to, and including, 5.0.4 Description: The issue allows authenticated attackers with...

CVE-2023-0467

The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing...

CVE-2023-0467

The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing...

CVE-2023-0467

The CVE concerns the WordPress plugin WP Dark Mode, versions prior to 4.0.8. Root cause: the plugin does not properly sanitize the style parameter in shortcodes that load a PHP template, enabling Local File Inclusion (LFI). Impact: LFI could allow an attacker to traverse non-existent directories ...

CVE-2023-0467 WP Dark Mode < 4.0.8 - Subscriber+ Local File Inclusion

The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing...

PT-2023-16288 · WordPress · Wp Dark Mode

Name of the Vulnerable Software and Affected Versions: WP Dark Mode WordPress plugin versions prior to 4.0.8 Description: The issue arises from improper sanitization of the style parameter in shortcodes, leading to Local File Inclusion. This can occur on servers where non-existent directories may...

CVE-2022-4714

The WP Dark Mode WordPress plugin before 4.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-4714

CVE-2022-4714 affects the WP Dark Mode WordPress plugin, versions

CVE-2022-4714 WP Dark Mode < 4.0.0 - Contributor+ Stored XSS in Shortcode

The WP Dark Mode WordPress plugin before 4.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

WordPress WP Dark Mode Plugin < 4.0.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Dark Mode Type Plugin Vulnerable versions 4.0.0 Fixed in 4.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4714 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 41e59045340d Credits István Márton Required...