Cross-Site Scripting Vulnerability in Dark Mode Plugin for WordPress
CVE-2018-5652

4.8MEDIUM

Key Information:

Vendor
Wordpress
Status
Dark Mode
Vendor
CVE Published:
13 January 2018

Summary

A cross-site scripting vulnerability has been identified in the Dark Mode plugin version 1.6 for WordPress. This security flaw allows attackers to inject malicious scripts via the 'dark_mode_end' parameter in the wp-admin/profile.php file. If exploited, this could enable an attacker to execute arbitrary scripts in the context of an authenticated user's session, leading to potential unauthorized actions and data exposure. It is crucial for website administrators using this plugin to implement necessary updates and security measures to mitigate this risk.

References

https://wpvulndb.com/vulnerabilities/9008
x_refsource_MISC
https://github.com/d4wner/Vulnerabilities-Report/blob/mas...
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.