Описание
The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing arbitrary directory creation.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.0.8 (исключая)
cpe:2.3:a:wppool:wp_dark_mode:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 43%
0.00207
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 4.3
github
почти 3 года назад
The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing arbitrary directory creation.
EPSS
Процентиль: 43%
0.00207
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-22