CVE-2023-0467

Name of the Vulnerable Software and Affected Versions WP Dark Mode WordPress plugin versions prior to 4.0.8

Description The issue arises from improper sanitization of the style parameter in shortcodes, leading to Local File Inclusion. This can occur on servers where non-existent directories may be traversed, or when combined with another vulnerability that allows arbitrary directory creation.

Recommendations For WP Dark Mode WordPress plugin versions prior to 4.0.8, update to version 4.0.8 or later to resolve the issue. As a temporary workaround, consider restricting access to shortcodes that utilize the style parameter until the update is applied.