WordPress plugin Ditty 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Ditty plugin < 3.1.45 - Author+ Stored XSS vulnerability

Author+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Ditty versions 3.1.45...

CVE-2024-6710

The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

PT-2024-37816 · WordPress · Ditty

Name of the Vulnerable Software and Affected Versions: The Ditty WordPress plugin versions prior to 3.1.45 Description: The issue allows users with a role as low as Contributor to perform Cross-Site Scripting attacks due to the plugin's failure to sanitise and escape some parameters...

WordPress plugin Ditty 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Ditty Plugin < 3.1.45 is vulnerable to Cross Site Scripting (XSS)

Software Ditty Type Plugin Vulnerable versions 3.1.45 Fixed in 3.1.45 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6710 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 48490c768978 Credits Dmitrii Ignatyev Required privileg...

WordPress Ditty plugin < 3.1.43 - Author+ Stored XSS vulnerability

Author+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Ditty versions 3.1.43...

WordPress Ditty Plugin < 3.1.43 is vulnerable to Cross Site Scripting (XSS)

Software Ditty Type Plugin Vulnerable versions 3.1.43 Fixed in 3.1.43 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5575 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 153bcafcf435 Credits Dmitrii Ignatyev Required privileg...

CVE-2024-5575

The Ditty WordPress plugin before 3.1.43 does not sanitise and escape some of its blocks' settings, which could allow high privilege users such as authors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-5575 Ditty < 3.1.43 - Author+ Stored XSS

The Ditty WordPress plugin before 3.1.43 does not sanitise and escape some of its blocks' settings, which could allow high privilege users such as authors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

WordPress plugin Ditty security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-36582 · WordPress · Ditty

Name of the Vulnerable Software and Affected Versions: The Ditty WordPress plugin versions prior to 3.1.43 Description: The issue concerns a lack of proper sanitization and escaping in some block settings of the plugin, potentially allowing high-privilege users, such as authors, to perform...

WordPress Ditty plugin < 3.1.36 - Author+ Stored XSS vulnerability

Author+ Stored XSS vulnerability discovered by Krugov Aryom in WordPress Plugin Ditty versions 3.1.36...

CVE-2024-3939

The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Plugin Ditty 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Ditty Plugin < 3.1.36 is vulnerable to Cross Site Scripting (XSS)

Software Ditty Type Plugin Vulnerable versions 3.1.36 Fixed in 3.1.36 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3939 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c2dbb8b75b36 Credits Krugov Aryom Required privilege...

PT-2024-28481 · WordPress · Ditty

Name of the Vulnerable Software and Affected Versions: The Ditty WordPress plugin versions prior to 3.1.36 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in...

CVE-2024-3954

The Ditty plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.1.38 via deserialization of untrusted input when adding a new ditty. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain...

CVE-2024-3954

CVE-2024-3954 affects the Ditty WordPress plugin (Ditty – Responsive News Tickers, Sliders, and Lists) for all versions up to 3.1.38. Root cause: PHP Object Injection via deserialization of untrusted input when adding a new ditty. Exploitation requires authenticated access at contributor level or...

WordPress Ditty plugin <= 3.1.38 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by Trinh Vu Sonicrrrr in WordPress Plugin Ditty versions = 3.1.38...