Vulnerabilities and security researches forqs-dark-mode qs-dark-mode

Oct 02, 2024

CVE, Research URL: CVE-2024-9118
Home page URL: Security reports for QS Dark Mode Plugin
Application: QS Dark Mode Plugin
Date: Oct 01, 2024
Research Description: The QS Dark Mode Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Affected versions: Min -, max -.
Status: vulnerable

May 09, 2025

CVE, Research URL: CVE-2025-47628
Home page URL: Security reports for QS Dark Mode Plugin
Application: QS Dark Mode Plugin
Date: May 07, 2025
Research Description: Missing Authorization vulnerability in quomodosoft QS Dark Mode allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QS Dark Mode: from n/a through 3.0.
Affected versions: Min -, max -.
Status: vulnerable