CVE-2024-6710

The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

CVE-2024-6715

The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/ in v3.1.39...

CVE-2024-9600

The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks...

CVE-2024-13357

The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13357

The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13357 Ditty – Responsive News Tickers, Sliders, and Lists < 3.1.52 - Author+ Stored XSS

The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9600

The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks...

CVE-2024-9600 Ditty < 3.1.47 - Author+ Stored XSS

The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks...

CVE-2024-9600

CVE-2024-9600 affects the Ditty WordPress plugin (versions before 3.1.47). The issue is stored XSS caused by insufficient sanitisation/escaping of certain settings, allowing high-privilege users (e.g., authors) to execute script in the context of an admin. Public details from multiple sources (NV...

CVE-2024-6715 Ditty 3.1.39-3.1.45 - Author+ Stored XSS

The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/ in v3.1.39...

PT-2024-37818 · WordPress · Ditty

Name of the Vulnerable Software and Affected Versions: The Ditty WordPress plugin versions prior to 3.1.46 Description: The issue is related to a previously fixed security problem that was re-introduced in version 3.1.39 of the plugin. No information is provided about the estimated number of...

CVE-2024-6710

The CVE-2024-6710 issue affects the Ditty WordPress plugin prior to version 3.1.45. It stems from inadequate sanitisation/escaping of certain parameters, enabling attackers with as little as Contributor-level access to perform Cross-Site Scripting (XSS) attacks. Red Hat’s advisory reiterates the ...

CVE-2024-5575

The CVE-2024-5575 issue affects the Ditty WordPress plugin up to version 3.1.43. Root cause: lack of sanitisation/escaping in some blocks’ settings, enabling Cross-Site Scripting by high-privilege users (e.g., authors) even when unfiltered_html is disallowed. Impact is limited to XSS in contexts ...

CVE-2024-3939

The CVE-2024-3939 vulnerability affects the Ditty – Responsive News Tickers, Sliders, and Lists WordPress plugin up to version 3.1.35 (fixed in 3.1.36). It arises from inadequate sanitization/escaping of certain plugin settings, enabling Stored XSS by high-privilege users (e.g., admins), even whe...

CVE-2023-4148

The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-4148

CVE-2023-4148 affects the Ditty WordPress plugin prior to 3.1.25. The issue is a lack of proper sanitisation/escaping of certain parameters and generated URLs, leading to a Reflected XSS that could target high-privilege users (e.g., admins). Evidence in connected docs confirms the vulnerability a...

CVE-2023-4148 Ditty < 3.1.25 - Reflected XSS

The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2022-0533

The Ditty formerly Ditty News Ticker WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting XSS vulnerability...