3 matches found
WordPress Ditty Plugin < 3.1.25 is vulnerable to Cross Site Scripting (XSS)
Software Ditty Type Plugin Vulnerable versions 3.1.25 Fixed in 3.1.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4148 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c4ba1ff51af7 Credits Animesh Gaurav Required...
CVE-2023-4148
The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-4148
CVE-2023-4148 affects the Ditty WordPress plugin prior to 3.1.25. The issue is a lack of proper sanitisation/escaping of certain parameters and generated URLs, leading to a Reflected XSS that could target high-privilege users (e.g., admins). Evidence in connected docs confirms the vulnerability a...