7 matches found
Ditty (formerly Ditty News Ticker) < 3.0.15 - Cross-Site Scripting
The Ditty formerly Ditty News Ticker WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting XSS vulnerability. id: CVE-2022-0533 info: name: Ditty formerly Ditty News Ticker 3.0.15 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | The Ditty formerly...
Ditty < 3.1.25 - Cross-Site Scripting
The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-4148 info: name: Ditty 3.1.25 ...
Ditty < 3.1.58 - Server-Side Request Forgery
The plugin lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. v3.1.57 attempted to fix the issue with a nonce check, however any authenticated users, such as subscriber can retrieve it. id:...
EUVD-2022-15658
Malicious code in bioql PyPI...
CVE-2022-0533
The Ditty formerly Ditty News Ticker WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting XSS vulnerability...
Ditty (formerly Ditty News Ticker) < 3.0.15 - Reflected Cross-Site Scripting (XSS)
The plugin is affected by a Reflected Cross-Site Scripting XSS vulnerability. http://127.0.0.1:8001/wp-admin/edit.php?posttype=ditty&page=dittysettings&tab=%22%3E%3Cimg+src+onerror%3Dalert%281%29%3E...
Ditty (formerly Ditty News Ticker) < 3.0.15 - Reflected Cross-Site Scripting (XSS)
The plugin is affected by a Reflected Cross-Site Scripting XSS vulnerability. PoC http://127.0.0.1:8001/wp-admin/edit.php?posttype=ditty=dittysettings=%22%3E%3Cimg+src+onerror%3Dalert%281%29%3E...