Cross-Site Scripting Vulnerability in Dark Mode Plugin for WordPress
CVE-2018-5651

4.8MEDIUM

Key Information:

Vendor: Wordpress
Status: Dark Mode
Vendor: CVE Published:; 13 January 2018

Summary

An XSS vulnerability exists in the Dark Mode Plugin version 1.6 for WordPress. This issue is triggered via the 'dark_mode_start' parameter in the wp-admin/profile.php file, allowing attackers to inject malicious scripts. Successful exploitation could lead to unauthorized access to sensitive information or execution of unauthorized actions within the WordPress admin interface.

References

https://wpvulndb.com/vulnerabilities/9008

x_refsource_MISC

https://github.com/d4wner/Vulnerabilities-Report/blob/mas...

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 13, 2018
Vulnerability Reserved
Jan 12, 2018