The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing arbitrary directory creation.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/8eb431a6-59a5-4cee-84e0-156c0b31cfc4 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-03-27T15:37:26.271Z
Updated: 2023-03-27T15:37:26.271Z
Reserved: 2023-01-24T14:43:46.549Z
Link: CVE-2023-0467
JSON object: View
NVD Information
Status : Modified
Published: 2023-03-27T16:15:08.250
Modified: 2023-11-07T04:00:32.080
Link: CVE-2023-0467
JSON object: View
Redhat Information
No data.
CWE