107 matches found
Ditty < 3.1.25 - Cross-Site Scripting
The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-4148 info: name: Ditty 3.1.25 ...
Ditty (formerly Ditty News Ticker) < 3.0.15 - Cross-Site Scripting
The Ditty formerly Ditty News Ticker WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting XSS vulnerability. id: CVE-2022-0533 info: name: Ditty formerly Ditty News Ticker 3.0.15 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | The Ditty formerly...
Ditty < 3.1.58 - Server-Side Request Forgery
The plugin lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. v3.1.57 attempted to fix the issue with a nonce check, however any authenticated users, such as subscriber can retrieve it. id:...
CVE-2024-58292
XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for...
CVE-2024-58292 XMB Forum 1.9.12.06 Persistent Cross-Site Scripting via Admin Templates
XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for...
PT-2025-50746
Name of the Vulnerable Software and Affected Versions XMB Forum version 1.9.12.06 Description The software contains a persistent cross-site scripting issue. Authenticated administrators can inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in...
CVE-2025-13656
The Cute News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
EUVD-2025-201525
The Cute News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2025-13656
The Cute News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2025-13656 Cute News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute
The Cute News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2025-13656
CVE-2025-13656 (Cute News Ticker, WordPress) is a stored cross-site scripting vulnerability in the Cute News Ticker plugin (WordPress) affecting versions up to 1.0. It stems from insufficient input sanitization and output escaping of the color shortcode attribute, allowing an authenticated attack...
CVE-2025-13656 Cute News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute
The Cute News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
WordPress Cute News Ticker plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability discovered by ChamlaVic in WordPress Plugin Cute News Ticker versions = 1.0...
WordPress plugin Cute News Ticker 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-11804
The JB News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'jbticker' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-11804
The JB News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'jbticker' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-11804
CVE-2025-11804 affects the WordPress plugin JB News Ticker. The vulnerability is a Stored Cross-Site Scripting flaw exploitable via the id attribute of the jbticker shortcode, present in all versions up to 1.0. It requires authenticated access at contributor level or higher, enabling an attacker ...
CVE-2025-11804 JB News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The JB News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'jbticker' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WordPress plugin JB News Ticker 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
WordPress JB News Ticker plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin JB News Ticker versions = 1.0...