CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43325 – WordPress Dark Mode for WP Dashboard plugin <= 1.2.3 - Cross Site Request Forgery vulnerability
https://notcve.org/view.php?id=CVE-2024-43325
16 Aug 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Naiche Dark Mode for WP Dashboard.This issue affects Dark Mode for WP Dashboard: from n/a through 1.2.3. The Dark Mode for WP Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the dark_mode_dashboard_change_user_profile_mode() function. This makes it possible for unauthenticated attackers to change a users color mode via a forged request... • https://patchstack.com/database/vulnerability/dark-mode-for-wp-dashboard/wordpress-dark-mode-for-wp-dashboard-plugin-1-2-3-cross-site-request-forgery-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •