PT-2018-17051 · WordPress · Dark-Mode Plugin
Publicado
2018-01-13
·
Atualizado
2018-01-24
·
CVE-2018-5652
CVSS v3.1
4.8
Média
| Vetor | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
dark-mode plugin version 1.6
Description
A security issue was found in the dark-mode plugin for WordPress, where cross-site scripting (XSS) exists. This is due to the
dark mode end parameter in the "wp-admin/profile.php" endpoint.Recommendations
For dark-mode plugin version 1.6, consider disabling the dark-mode plugin until a patch is available to prevent potential XSS attacks. Restrict access to the "wp-admin/profile.php" endpoint to minimize the risk of exploitation. Avoid using the
dark mode end parameter in the affected endpoint until the issue is resolved.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Dark-Mode Plugin