cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-5449,https://securityvulnerability.io/vulnerability/CVE-2024-5449,Unauthorized Data Modification Vulnerability in WP Dark Mode Plugin,"The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdm_social_share_save_options function in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings.",Wordpress,"WP Dark Mode – WordPress Dark Mode Plugin For Improved Accessibility, Dark Theme, Night Mode, And Social Sharing",4.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-06-06T03:32:54.926Z,0
CVE-2023-0467,https://securityvulnerability.io/vulnerability/CVE-2023-0467,WP Dark Mode < 4.0.8 - Subscriber+ Local File Inclusion,"The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing arbitrary directory creation.",Wordpress,WP Dark Mode,4.3,MEDIUM,0.0006200000061653554,false,,false,false,false,,false,false,2023-03-27T16:15:00.000Z,0
CVE-2022-4714,https://securityvulnerability.io/vulnerability/CVE-2022-4714,WP Dark Mode < 4.0.0 - Contributor+ Stored XSS in Shortcode,"The WP Dark Mode WordPress plugin before 4.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack",Wordpress,WP Dark Mode,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-02-21T09:15:00.000Z,0