WordPress Night Mode plugin <= 1.0.0 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
Vulnerable versions
<= 1.0.0
PSID
fb15b557bb98
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires high role user authentication like admin.
Publicly disclosed
2022-04-25
Patchstack vPatch available since
09.12.2021
Details
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered by Ex.Mi (Patchstack) in WordPress Night Mode plugin (versions <= 1.0.0).
Solution
Update the WordPress Night Mode plugin to the latest available version (at least 1.4.0).
References
CVE-2022-29418
Plugin changelog