Lucene search
K

84 matches found

Vulnrichment
Vulnrichment
added 2025/09/08 6:0 a.m.3 views

CVE-2025-8085 Ditty < 3.1.58 - Unauthenticated SSRF

The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...

6.7AI score0.16399EPSS
Exploits1References1
CVE
CVE
added 2025/09/08 6:0 a.m.39 views

CVE-2025-8085

Summary: Ditty WordPress plugin versions prior to 3.1.58 expose an unauthenticated SSRF via the displayItems API (wp-json/dittyeditor/v1/displayItems), enabling requests to arbitrary URLs. The Nuclei template confirms the endpoint vulnerability and notes prior nonce-based fix did not prevent acce...

8.6CVSS6.7AI score0.16399EPSS
In wildExploits1References1Affected Software1
CNNVD
CNNVD
added 2025/09/08 12:0 a.m.3 views

WordPress plugin Ditty 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.6CVSS6.4AI score0.16399EPSS
Exploits1References2
Patchstack
Patchstack
added 2025/09/08 12:0 a.m.7 views

WordPress Ditty Plugin < 3.1.58 is vulnerable to Server Side Request Forgery (SSRF)

Software Ditty Type Plugin Vulnerable versions 3.1.58 Fixed in 3.1.58 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2025-8085 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 6412178a9851 Credits Dmitrii Ignatyev Required privilege...

8.6CVSS7.3AI score0.16399EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.8 views

PT-2025-36441

Name of the Vulnerable Software and Affected Versions Ditty WordPress plugin versions prior to 3.1.58 Description The Ditty WordPress plugin before version 3.1.58 has a flaw where the displayItems endpoint does not require authorization or authentication. This allows unauthenticated visitors to...

8.6CVSS5.7AI score0.16399EPSS
Exploits1References21
RedhatCVE
RedhatCVE
added 2025/05/23 2:42 a.m.6 views

CVE-2023-23874

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Metaphor Creations Ditty plugin = 3.0.32 versions...

6.5CVSS5.2AI score0.00387EPSS
Exploits0References1
OSV
OSV
added 2025/05/15 8:15 p.m.4 views

CVE-2024-13357

The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00266EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:7 p.m.31 views

CVE-2024-13357

CVE-2024-13357 affects the Ditty WordPress plugin prior to version 3.1.52. The vulnerability arises from insufficient sanitisation/escaping of certain settings, enabling stored cross-site scripting by high-privilege users (e.g., authors), even when unfiltered_html is disallowed (such as in multis...

4.8CVSS5.7AI score0.00266EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.8 views

CVE-2024-13357 Ditty – Responsive News Tickers, Sliders, and Lists < 3.1.52 - Author+ Stored XSS

The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7AI score0.00266EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.3 views

WordPress plugin Ditty 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.8CVSS4.8AI score0.00266EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/05/09 9:31 p.m.10 views

WordPress Ditty plugin < 3.1.52 - Author+ Stored XSS vulnerability

Author+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Ditty versions 3.1.52...

4.8CVSS6AI score0.00266EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/09 11:30 a.m.10 views

CVE-2023-47764 WordPress Ditty plugin <= 3.1.24 - Broken Access Control vulnerability

Missing Authorization vulnerability in metaphorcreations Ditty ditty-news-ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ditty: from n/a through = 3.1.24...

6.5CVSS7.3AI score0.00419EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/09 11:30 a.m.19 views

CVE-2023-47764 WordPress Ditty plugin <= 3.1.24 - Broken Access Control vulnerability

Missing Authorization vulnerability in metaphorcreations Ditty ditty-news-ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ditty: from n/a through = 3.1.24...

6.5CVSS0.00419EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.3 views

WordPress plugin Ditty 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.5CVSS8.7AI score0.00419EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/11/21 11:28 p.m.3 views

WordPress Ditty plugin < 3.1.47 - Author+ Stored XSS vulnerability

Author+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Ditty versions 3.1.47...

4.8CVSS6.1AI score0.00366EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/11/21 11:15 a.m.5 views

CVE-2024-9600

The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks...

4.8CVSS5.8AI score0.00366EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/11/21 6:0 a.m.14 views

CVE-2024-9600 Ditty < 3.1.47 - Author+ Stored XSS

The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks...

5.5AI score0.00366EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.4 views

PT-2024-39712 · WordPress · Ditty

Name of the Vulnerable Software and Affected Versions: The Ditty WordPress plugin versions prior to 3.1.47 Description: The issue allows high privilege users, such as authors, to perform Stored Cross-Site Scripting attacks due to the plugin's failure to sanitise and escape some of its settings...

4.8CVSS5.9AI score0.00366EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.4 views

WordPress plugin Ditty 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.8CVSS6.5AI score0.00366EPSS
Exploits1References1
OSV
OSV
added 2024/08/23 6:15 a.m.4 views

CVE-2024-6715

The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/ in v3.1.39...

6.1CVSS5.8AI score0.00327EPSS
Exploits1References1
Rows per page
Query Builder