WordPress Plugin Vulnerabilities

Dark Mode <= 1.6 - Stored XSS

Description

The Dark Mode WordPress plugin was affected by a Stored XSS security vulnerability.

Affects Plugins

Plugin icon
dark-mode
Fixed in 1.7

References

CVE
CVE-2018-5651
CVE
CVE-2018-5652
URL
https://github.com/d4wner/Vulnerabilities-Report/blob/master/dark-mode.md
URL
https://plugins.trac.wordpress.org/changeset/1802288/dark-mode

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
f24607ec-80c8-4946-a7fa-3dd6212e8aef

Timeline

Publicly Published
2018-01-12 (about 8 years ago)
Added
2018-01-22 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2019-03-11
Title
Abandoned Cart Lite for WooCommerce < 5.2.0 - Unauthenticated Stored Cross-Site Scripting (XSS)
Published
2025-01-06
Title
Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode < 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-02-03
Title
Optimate Ads <= 1.0.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Published
2025-01-06
Title
Enable Accessibility <= 1.4.1 - Reflected Cross-Site Scripting
Published
2024-09-24
Title
Elementor Addons by Livemesh < 8.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via piechart_settings Parameter