Lucene search
K

7 matches found

Nuclei
Nuclei
added 10 hours ago30 views

Ditty (formerly Ditty News Ticker) < 3.0.15 - Cross-Site Scripting

The Ditty formerly Ditty News Ticker WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting XSS vulnerability. id: CVE-2022-0533 info: name: Ditty formerly Ditty News Ticker 3.0.15 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | The Ditty formerly...

6.1CVSS6.4AI score0.01857EPSS
Exploits2References4
Nuclei
Nuclei
added 10 hours ago37 views

Ditty < 3.1.25 - Cross-Site Scripting

The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-4148 info: name: Ditty 3.1.25 ...

6.1CVSS6.7AI score0.00812EPSS
Exploits2References2
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.13 views

Ditty < 3.1.58 - Server-Side Request Forgery

The plugin lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. v3.1.57 attempted to fix the issue with a nonce check, however any authenticated users, such as subscriber can retrieve it. id:...

8.6CVSS6.9AI score0.16399EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-15658

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.01857EPSS
Exploits2References2
NVD
NVD
added 2022/03/07 9:15 a.m.19 views

CVE-2022-0533

The Ditty formerly Ditty News Ticker WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS0.01857EPSS
Exploits2References2
wpexploit
wpexploit
added 2022/02/09 12:0 a.m.461 views

Ditty (formerly Ditty News Ticker) < 3.0.15 - Reflected Cross-Site Scripting (XSS)

The plugin is affected by a Reflected Cross-Site Scripting XSS vulnerability. http://127.0.0.1:8001/wp-admin/edit.php?posttype=ditty&page=dittysettings&tab=%22%3E%3Cimg+src+onerror%3Dalert%281%29%3E...

6.1CVSS1.3AI score0.01857EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2022/02/09 12:0 a.m.20 views

Ditty (formerly Ditty News Ticker) < 3.0.15 - Reflected Cross-Site Scripting (XSS)

The plugin is affected by a Reflected Cross-Site Scripting XSS vulnerability. PoC http://127.0.0.1:8001/wp-admin/edit.php?posttype=ditty=dittysettings=%22%3E%3Cimg+src+onerror%3Dalert%281%29%3E...

6.1CVSS0.5AI score0.01857EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder