CVE-2025-10143

Name of the Vulnerable Software and Affected Versions Catch Dark Mode plugin for WordPress versions up to and including 2.0

Description The Catch Dark Mode plugin for WordPress is susceptible to a Local File Inclusion issue via the catch dark mode shortcode. This allows authenticated attackers with Contributor-level access or higher to include and execute arbitrary .php files on the server. Successful exploitation can lead to bypassing access controls, obtaining sensitive data, or achieving code execution if .php file uploads are permitted.

Recommendations Versions prior to 2.1 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.