Unrated severityNVD Advisory· Published Apr 25, 2022· Updated Apr 28, 2026
WordPress Night Mode plugin <= 1.0.0 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
CVE-2022-29418
Description
Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode plugin <= 1.0.0 on WordPress via vulnerable parameters: &ntmode_page_setting[enable-me], &ntmode_page_setting[bg-color], &ntmode_page_setting[txt-color], &ntmode_page_setting[anc_color].
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.0.0
- Mark Daniels/Night Mode (WordPress plugin)v5Range: <= 1.0.0
Patches
Vulnerability mechanics
References
2- patchstack.com/database/vulnerability/night-mode/wordpress-night-mode-plugin-1-0-0-authenticated-persistent-cross-site-scripting-xss-vulnerabilitymitrex_refsource_CONFIRM
- wordpress.org/plugins/night-mode/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.