13 matches found
CVE-2024-5449
The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdmsocialsharesaveoptions function in all versions up to, and...
CVE-2024-5449
The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdmsocialsharesaveoptions function in all versions up to, and...
WordPress plugin WP Dark Mode security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-36355 · WordPress · Wp Dark Mode
Name of the Vulnerable Software and Affected Versions: WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress versions up to, and including, 5.0.4 Description: The issue allows authenticated attackers with...
CVE-2023-0467
The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing...
CVE-2023-0467
The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing...
CVE-2023-0467 WP Dark Mode < 4.0.8 - Subscriber+ Local File Inclusion
The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing...
CVE-2023-0467
The CVE concerns the WordPress plugin WP Dark Mode, versions prior to 4.0.8. Root cause: the plugin does not properly sanitize the style parameter in shortcodes that load a PHP template, enabling Local File Inclusion (LFI). Impact: LFI could allow an attacker to traverse non-existent directories ...
PT-2023-16288 · WordPress · Wp Dark Mode
Name of the Vulnerable Software and Affected Versions: WP Dark Mode WordPress plugin versions prior to 4.0.8 Description: The issue arises from improper sanitization of the style parameter in shortcodes, leading to Local File Inclusion. This can occur on servers where non-existent directories may...
CVE-2022-4714
The WP Dark Mode WordPress plugin before 4.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-4714 WP Dark Mode < 4.0.0 - Contributor+ Stored XSS in Shortcode
The WP Dark Mode WordPress plugin before 4.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-4714
CVE-2022-4714 affects the WP Dark Mode WordPress plugin, versions
WordPress WP Dark Mode Plugin < 4.0.0 is vulnerable to Cross Site Scripting (XSS)
Software WP Dark Mode Type Plugin Vulnerable versions 4.0.0 Fixed in 4.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4714 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 41e59045340d Credits István Márton Required...