Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

142 matches found

Nuclei
Nucleiadded 16 hours ago24 views

Ditty < 3.1.25 - Cross-Site Scripting

The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-4148 info: name: Ditty 3.1.25 ...

6.1CVSS6.9AI score0.12746EPSS
Exploits2References2
Nuclei
Nucleiadded 16 hours ago15 views

Ditty (formerly Ditty News Ticker) < 3.0.15 - Cross-Site Scripting

The Ditty formerly Ditty News Ticker WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting XSS vulnerability. id: CVE-2022-0533 info: name: Ditty formerly Ditty News Ticker 3.0.15 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | The Ditty formerly...

6.1CVSS6.4AI score0.04689EPSS
Exploits2References4
RedhatCVE
RedhatCVEadded 2026/05/23 8:12 a.m.10 views

CVE-2026-9011

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS5.8AI score0.00036EPSS
Exploits0References1
NVD
NVDadded 2026/05/22 9:16 a.m.11 views

CVE-2026-9011

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS0.00036EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/05/22 7:50 a.m.4 views

CVE-2026-9011

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS5.8AI score0.00036EPSS
Exploits0References9
Vulnrichment
Vulnrichmentadded 2026/05/22 7:50 a.m.4 views

CVE-2026-9011 Ditty <= 3.1.65 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via ditty_init AJAX Action

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS5.8AI score0.00036EPSS
Exploits0References8
CVE
CVEadded 2026/05/22 7:50 a.m.13 views

CVE-2026-9011

Technical details are not publicly available in the provided documents. Monitor for updates.

7.5CVSS5.8AI score0.00036EPSS
Exploits0References8
EUVD
EUVDadded 2026/05/22 7:50 a.m.5 views

EUVD-2026-31419

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS5.8AI score0.00036EPSS
Exploits0References8
Cvelist
Cvelistadded 2026/05/22 7:50 a.m.27 views

CVE-2026-9011 Ditty <= 3.1.65 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via ditty_init AJAX Action

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS0.00036EPSS
Exploits0References8
Patchstack
Patchstackadded 2026/05/22 7:4 a.m.7 views

WordPress Ditty – Responsive News Tickers, Sliders, and Lists plugin <= 3.1.65 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Ditty versions = 3.1.65...

7.5CVSS5.8AI score0.00036EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/22 12:0 a.m.7 views

PT-2026-42740

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS5.8AI score0.00036EPSS
Exploits0References9
CNNVD
CNNVDadded 2026/05/22 12:0 a.m.5 views

WordPress plugin Ditty 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.8AI score0.00036EPSS
Exploits0References9
Nuclei
Nucleiadded 2026/02/04 7:0 a.m.9 views

Ditty < 3.1.58 - Server-Side Request Forgery

The plugin lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. v3.1.57 attempted to fix the issue with a nonce check, however any authenticated users, such as subscriber can retrieve it. id:...

8.6CVSS6.9AI score0.10923EPSS
Exploits1References3
Patchstack
Patchstackadded 2026/01/29 10:6 p.m.4 views

WordPress Ditty plugin 3.1.39-3.1.45 - Author+ Stored XSS vulnerability

Author+ Stored XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin Ditty versions 3.1.39-3.1.45...

6.1CVSS5.9AI score0.0032EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVEadded 2026/01/09 10:45 a.m.3 views

CVE-2022-0533

The Ditty formerly Ditty News Ticker WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS5.9AI score0.04689EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEVadded 2025/11/14 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-8085

The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...

8.6CVSS5.9AI score0.10923EPSS
In wildExploits1References22
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2023-27957

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00181EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-30371

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00197EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2023-51862

Malicious code in bioql PyPI...

6.5CVSS9.1AI score0.00164EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.0 views

EUVD-2025-31295

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00032EPSS
Exploits0References2
Rows per page
Query Builder