cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9118,https://securityvulnerability.io/vulnerability/CVE-2024-9118,Stored Cross-Site Scripting Vulnerability in Dark Mode Plugin,"The QS Dark Mode Plugin for WordPress has a vulnerability that allows stored cross-site scripting through SVG file uploads due to inadequate input validation and output escaping mechanisms. Authenticated attackers with Author-level access or higher can exploit this flaw to inject arbitrary web scripts, which are executed when users access the compromised SVG files. This vulnerability presents a significant security risk, as it can lead to unauthorized actions and the exposure of sensitive user information.",Wordpress,Qs Dark Mode Plugin,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-01T09:30:31.139Z,0
CVE-2024-5449,https://securityvulnerability.io/vulnerability/CVE-2024-5449,Unauthorized Data Modification Vulnerability in WP Dark Mode Plugin,"The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdm_social_share_save_options function in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings.",Wordpress,"WP Dark Mode – WordPress Dark Mode Plugin For Improved Accessibility, Dark Theme, Night Mode, And Social Sharing",4.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-06-06T03:32:54.926Z,0
CVE-2024-29771,https://securityvulnerability.io/vulnerability/CVE-2024-29771,Dracula Dark Mode Plugin Vulnerable to Cross-site Scripting Attacks,"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftLab Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress allows Stored XSS.This issue affects Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress: from n/a through 1.0.8.

",Wordpress,Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-27T12:58:25.517Z,0
CVE-2024-2962,https://securityvulnerability.io/vulnerability/CVE-2024-2962,Unauthorized Modification of Data in Tech News WordPress Theme Due to Missing Capability Check,"The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_reload_nav_menu() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to modify the location of display menus.",Wordpress,Networker - Tech News WordPress Theme With Dark Mode,5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-27T08:31:14.428Z,0
CVE-2023-0467,https://securityvulnerability.io/vulnerability/CVE-2023-0467,WP Dark Mode < 4.0.8 - Subscriber+ Local File Inclusion,"The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing arbitrary directory creation.",Wordpress,WP Dark Mode,4.3,MEDIUM,0.0006200000061653554,false,,false,false,false,,false,false,2023-03-27T16:15:00.000Z,0
CVE-2021-4332,https://securityvulnerability.io/vulnerability/CVE-2021-4332,Arbitrary File Read Vulnerability in Plus Addons for Elementor Plugin by WordPress,"The Plus Addons for Elementor plugin allows users to add an 'Info Box' to pages created with Elementor. However, versions up to 4.1.9 (pro) and 2.0.6 (free) possess a vulnerability that allows arbitrary file reads. This issue arises because the plugin uses the file_get_contents function without validating that the file being referenced is indeed an SVG file. As a result, any individual with access to the Elementor page builder, such as contributors, can exploit this vulnerability to read sensitive files within the WordPress installation.",Wordpress,"The Plus Addons For Elementor | Free Elementor Widgets & Elementor Templates, Header Menu, Blog Post Builder, Dark Mode, Full-page Scroll, Cross Domain Copy",6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2023-03-07T14:16:46.814Z,0
CVE-2021-4331,https://securityvulnerability.io/vulnerability/CVE-2021-4331,Privilege Escalation in Plus Addons for Elementor Plugin by WordPress,"The Plus Addons for Elementor plugin for WordPress presents a vulnerability that permits privilege escalation in versions up to and including 4.1.9 (pro) and 2.0.6 (free). This issue arises from the registration form feature, where users can select the default role for new registrations. Unfortunately, this field remains visible to lower-level users, enabling individuals with limited permissions, such as contributors, to assign themselves higher roles like administrator. This flaw allows such users to potentially elevate their privileges without requiring any admin intervention.",Wordpress,"The Plus Addons For Elementor Page Builder,The Plus Addons For Elementor | Free Elementor Widgets & Elementor Templates, Header Menu, Blog Post Builder, Dark Mode, Full-page Scroll, Cross Domain Copy",8.8,HIGH,0.0010400000028312206,false,,false,false,false,,false,false,2023-03-07T14:07:34.598Z,0
CVE-2022-4714,https://securityvulnerability.io/vulnerability/CVE-2022-4714,WP Dark Mode < 4.0.0 - Contributor+ Stored XSS in Shortcode,"The WP Dark Mode WordPress plugin before 4.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack",Wordpress,WP Dark Mode,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-02-21T09:15:00.000Z,0
CVE-2018-5651,https://securityvulnerability.io/vulnerability/CVE-2018-5651,,An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_start parameter.,Wordpress,Dark Mode,4.8,MEDIUM,0.0005099999834783375,false,,false,false,false,,false,false,2018-01-13T00:00:00.000Z,0
CVE-2018-5652,https://securityvulnerability.io/vulnerability/CVE-2018-5652,,An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_end parameter.,Wordpress,Dark Mode,4.8,MEDIUM,0.0005099999834783375,false,,false,false,false,,false,false,2018-01-13T00:00:00.000Z,0