CVE-2026-9011

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

EUVD-2026-31419

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

WordPress plugin Ditty 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Ditty Plugin <= 3.1.58 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Ditty versions = 3.1.58...

WordPress plugin Ditty 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

CVE-2025-8085

The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...

WordPress Ditty plugin < 3.1.58 - Unauthenticated SSRF vulnerability

Unauthenticated SSRF vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Ditty versions 3.1.58...

CVE-2025-8085

Summary: Ditty WordPress plugin versions prior to 3.1.58 expose an unauthenticated SSRF via the displayItems API (wp-json/dittyeditor/v1/displayItems), enabling requests to arbitrary URLs. The Nuclei template confirms the endpoint vulnerability and notes prior nonce-based fix did not prevent acce...

WordPress plugin Ditty 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-36441

Name of the Vulnerable Software and Affected Versions Ditty WordPress plugin versions prior to 3.1.58 Description The Ditty WordPress plugin before version 3.1.58 has a flaw where the displayItems endpoint does not require authorization or authentication. This allows unauthenticated visitors to...

WordPress plugin Ditty 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-6715

The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/ in v3.1.39...

WordPress plugin Ditty 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Ditty plugin < 3.1.45 - Author+ Stored XSS vulnerability

Author+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Ditty versions 3.1.45...

CVE-2024-6710

The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

WordPress plugin Ditty 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-37816 · WordPress · Ditty

Name of the Vulnerable Software and Affected Versions: The Ditty WordPress plugin versions prior to 3.1.45 Description: The issue allows users with a role as low as Contributor to perform Cross-Site Scripting attacks due to the plugin's failure to sanitise and escape some parameters...

WordPress Ditty plugin < 3.1.43 - Author+ Stored XSS vulnerability

Author+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Ditty versions 3.1.43...

WordPress plugin Ditty security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-3939

The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...