84 matches found
CVE-2025-8085 Ditty < 3.1.58 - Unauthenticated SSRF
The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...
CVE-2025-8085
Summary: Ditty WordPress plugin versions prior to 3.1.58 expose an unauthenticated SSRF via the displayItems API (wp-json/dittyeditor/v1/displayItems), enabling requests to arbitrary URLs. The Nuclei template confirms the endpoint vulnerability and notes prior nonce-based fix did not prevent acce...
WordPress plugin Ditty 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress Ditty Plugin < 3.1.58 is vulnerable to Server Side Request Forgery (SSRF)
Software Ditty Type Plugin Vulnerable versions 3.1.58 Fixed in 3.1.58 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2025-8085 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 6412178a9851 Credits Dmitrii Ignatyev Required privilege...
PT-2025-36441
Name of the Vulnerable Software and Affected Versions Ditty WordPress plugin versions prior to 3.1.58 Description The Ditty WordPress plugin before version 3.1.58 has a flaw where the displayItems endpoint does not require authorization or authentication. This allows unauthenticated visitors to...
CVE-2023-23874
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Metaphor Creations Ditty plugin = 3.0.32 versions...
CVE-2024-13357
The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-13357
CVE-2024-13357 affects the Ditty WordPress plugin prior to version 3.1.52. The vulnerability arises from insufficient sanitisation/escaping of certain settings, enabling stored cross-site scripting by high-privilege users (e.g., authors), even when unfiltered_html is disallowed (such as in multis...
CVE-2024-13357 Ditty – Responsive News Tickers, Sliders, and Lists < 3.1.52 - Author+ Stored XSS
The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress plugin Ditty 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress Ditty plugin < 3.1.52 - Author+ Stored XSS vulnerability
Author+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Ditty versions 3.1.52...
CVE-2023-47764 WordPress Ditty plugin <= 3.1.24 - Broken Access Control vulnerability
Missing Authorization vulnerability in metaphorcreations Ditty ditty-news-ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ditty: from n/a through = 3.1.24...
CVE-2023-47764 WordPress Ditty plugin <= 3.1.24 - Broken Access Control vulnerability
Missing Authorization vulnerability in metaphorcreations Ditty ditty-news-ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ditty: from n/a through = 3.1.24...
WordPress plugin Ditty 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress Ditty plugin < 3.1.47 - Author+ Stored XSS vulnerability
Author+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Ditty versions 3.1.47...
CVE-2024-9600
The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks...
CVE-2024-9600 Ditty < 3.1.47 - Author+ Stored XSS
The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks...
PT-2024-39712 · WordPress · Ditty
Name of the Vulnerable Software and Affected Versions: The Ditty WordPress plugin versions prior to 3.1.47 Description: The issue allows high privilege users, such as authors, to perform Stored Cross-Site Scripting attacks due to the plugin's failure to sanitise and escape some of its settings...
WordPress plugin Ditty 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-6715
The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/ in v3.1.39...