Cross-Site Scripting Vulnerability in Dark Mode Plugin for WordPress

CVE-2018-5652

What is CVE-2018-5652?

A cross-site scripting vulnerability has been identified in the Dark Mode plugin version 1.6 for WordPress. This security flaw allows attackers to inject malicious scripts via the 'dark_mode_end' parameter in the wp-admin/profile.php file. If exploited, this could enable an attacker to execute arbitrary scripts in the context of an authenticated user's session, leading to potential unauthorized actions and data exposure. It is crucial for website administrators using this plugin to implement necessary updates and security measures to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References