2 matches found
CVE-2018-5651
CVE-2018-5651 affects the WordPress dark-mode plugin (version 1.6). The issue is a Cross-Site Scripting (XSS) vulnerability reachable via the wp-admin/profile.php dark_mode_start parameter. Impact and conditions are described in multiple sources: XSS via that parameter could affect user sessions ...
CVE-2018-5652
CVE-2018-5652 affects the WordPress dark-mode plugin version 1.6. The issue is an XSS vulnerability exploitable via the wp-admin/profile.php dark_mode_end parameter, as described in multiple documents. The root cause is a flaw in handling the dark_mode_end input that allows script execution in th...