The WP Dark Mode WordPress plugin before 4.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-02-21T08:51:04.598Z

Updated: 2024-08-03T01:48:40.301Z

Reserved: 2022-12-23T20:35:58.711Z

Link: CVE-2022-4714

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-02-21T09:15:11.030

Modified: 2024-11-21T07:35:47.200

Link: CVE-2022-4714

cve-icon Redhat

No data.