CVE-2025-10143

7.5 HIGH

Remote Code Execution

📋 TL;DR

The Catch Dark Mode WordPress plugin contains a Local File Inclusion vulnerability that allows authenticated attackers with Contributor-level access or higher to include and execute arbitrary PHP files on the server. This can lead to remote code execution, data theft, or privilege escalation. All WordPress sites using this plugin up to version 2.0 are affected.

💻 Affected Systems

Products:

• Catch Dark Mode WordPress Plugin

Versions: All versions up to and including 2.0

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user with Contributor role or higher; WordPress multisite installations may have different privilege requirements.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

1. Review the CVE details at NVD
2. Check vendor security advisories for your specific version
3. Test if the vulnerability is exploitable in your environment
4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise via remote code execution, data exfiltration, and complete site takeover.

🟠

Likely Case

Unauthorized file access, privilege escalation to administrator, and installation of backdoors.

🟢

If Mitigated

Limited impact if proper file upload restrictions and server hardening are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.1

Vendor Advisory: https://wordpress.org/plugins/catch-dark-mode/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Catch Dark Mode and click 'Update Now'. 4. Verify version is 2.0.1 or higher.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patched.

Copy

wp plugin deactivate catch-dark-mode

Restrict User Roles

all

Remove Contributor and higher roles from untrusted users.

🧯 If You Can't Patch

• Implement strict file upload restrictions to prevent PHP file uploads
• Add web application firewall rules to block local file inclusion attempts

🔍 How to Verify

Check if Vulnerable:

Copy

Check WordPress admin panel > Plugins > Installed Plugins for Catch Dark Mode version 2.0 or lower.

Check Version:

Copy

wp plugin get catch-dark-mode --field=version

Verify Fix Applied:

Copy

Confirm plugin version is 2.0.1 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

• Unusual file include requests in web server logs
• PHP error logs showing file inclusion failures
• WordPress audit logs showing plugin file access by Contributor users

Network Indicators:

• HTTP requests with catch_dark_mode shortcode parameters pointing to local files

SIEM Query:

Copy

source="web_server" AND (uri="*catch_dark_mode*" AND (param="*php" OR param="*../*"))

📊 Metadata

CVE ID: CVE-2025-10143

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-98

EPSS Score: 0.07% exploit probability (20.8th percentile)

Published: September 17, 2025

Last Updated: September 17, 2025

🔗 References

• https://plugins.trac.wordpress.org/browser/catch-dark-mode/trunk/plugin.php#L483
• https://plugins.trac.wordpress.org/changeset/3359058/
• https://wordpress.org/plugins/catch-dark-mode
• https://www.wordfence.com/threat-intel/vulnerabilities/id/46776cd5-5262-46ea-b56c-0cbf2b9ae43d?source=cve

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10143, you might also want to check these:

CVE-2025-25174 10.0

This CVE describes a PHP Local File Inclusion vulnerability in the BeeTeam368 Extensions WordPress p...

Same vulnerability type (CWE-98)

CVE-2025-49994 9.8

This vulnerability allows attackers to include local files on the server through improper filename c...

Same vulnerability type (CWE-98)

CVE-2025-50003 9.8

This vulnerability allows attackers to include local PHP files through improper filename control in ...

Same vulnerability type (CWE-98)