Lucene search
K

145 matches found

CNNVD
CNNVD
added 2024/05/14 12:0 a.m.2 views

WordPress plugin Ditty 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.8CVSS6.9AI score0.0066EPSS
Exploits0References4
CVE
CVE
added 2024/05/09 8:3 p.m.29 views

CVE-2024-3954

CVE-2024-3954 affects the Ditty WordPress plugin (Ditty – Responsive News Tickers, Sliders, and Lists) for all versions up to 3.1.38. Root cause: PHP Object Injection via deserialization of untrusted input when adding a new ditty. Exploitation requires authenticated access at contributor level or...

8.8CVSS7AI score0.0066EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/05/08 2:15 a.m.5 views

WordPress Ditty plugin <= 3.1.38 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by Trinh Vu Sonicrrrr in WordPress Plugin Ditty versions = 3.1.38...

8.8CVSS7.3AI score0.0066EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/05/08 12:0 a.m.8 views

WordPress Ditty Plugin <= 3.1.38 is vulnerable to PHP Object Injection

Software Ditty Type Plugin Vulnerable versions = 3.1.38 Fixed in 3.1.39 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-3954 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 3afcc0b0dfe5 Credits Trinh Vu Sonicrrrr Required privilege...

8.8CVSS6.8AI score0.0066EPSS
Exploits0References3Affected Software1
wpexploit
wpexploit
added 2024/05/06 12:0 a.m.183 views

Ditty < 3.1.36 - Author+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.6AI score0.00399EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/04/25 12:0 a.m.17 views

Ditty – Responsive News Tickers, Sliders, and Lists < 3.1.32 - Authenticated (Author+) Stored Cross-Site Scripting

Description The Ditty plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access...

6.5CVSS7.8AI score0.00339EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/04/18 10:15 a.m.11 views

CVE-2024-32569

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metaphor Creations Ditty allows Stored XSS.This issue affects Ditty: from n/a through 3.1.31...

6.5CVSS6.4AI score0.00339EPSS
Exploits0References1
CVE
CVE
added 2024/04/18 9:48 a.m.78 views

CVE-2024-32569

CVE-2024-32569 corresponds to the Ditty plugin for WordPress. The issue is a stored cross-site scripting (XSS) vulnerability in Ditty, arising during web-page generation, allowing stored XSS when input is not properly neutralized. Affected: Ditty versions up to 3.1.31 (per the CVE description). C...

6.5CVSS5.2AI score0.00339EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/18 9:48 a.m.23 views

CVE-2024-32569 WordPress Ditty plugin <= 3.1.31 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metaphor Creations Ditty allows Stored XSS.This issue affects Ditty: from n/a through 3.1.31...

6.5CVSS6.7AI score0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/18 9:48 a.m.26 views

CVE-2024-32569 WordPress Ditty plugin <= 3.1.31 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metaphor Creations Ditty allows Stored XSS.This issue affects Ditty: from n/a through 3.1.31...

6.5CVSS6.6AI score0.00339EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/18 12:0 a.m.4 views

WordPress Plugin Ditty 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...

6.5CVSS5.9AI score0.00339EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/16 11:54 a.m.7 views

WordPress Ditty plugin <= 3.1.31 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin Ditty versions = 3.1.31...

6.5CVSS6.1AI score0.00339EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/16 12:0 a.m.8 views

WordPress Ditty Plugin <= 3.1.31 is vulnerable to Cross Site Scripting (XSS)

Software Ditty Type Plugin Vulnerable versions = 3.1.31 Fixed in 3.1.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-32569 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 099376941676 Credits CatFather Required privilege...

6.5CVSS5.8AI score0.00339EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.16 views

Ditty < 3.1.25 - Missing Authorization via save_ditty_permissions_check

Description The Ditty plugin for WordPress is vulnerable to unauthorized editing of dittys due to a missing capability check on the savedittypermissionscheck function in versions up to, and including, 3.1.24. This makes it possible for unauthenticated attackers to edit dittys...

9.4AI score0.00419EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/11/15 12:0 a.m.6 views

The vulnerability of the Ditty plugin in the WordPress content management system allows a hacker to execute XSS attacks.

The vulnerability of the Ditty plugin of the WordPress content management system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

6.4CVSS6.2AI score0.01857EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/11/13 12:0 a.m.8 views

WordPress Ditty Plugin <= 3.1.24 is vulnerable to Broken Access Control

Software Ditty Type Plugin Vulnerable versions = 3.1.24 Fixed in 3.1.25 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47764 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 94d027594d7c Credits Abdi Pranata Required privilege...

6.5AI score0.00419EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/10/30 12:0 a.m.5 views

The vulnerability of the Ditty plugin in the WordPress content management system allows a hacker to execute XSS attacks.

The vulnerability of the Ditty plugin of the WordPress content management system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

6.4CVSS6.8AI score0.00812EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/09/26 12:0 a.m.10 views

WordPress Ditty Plugin < 3.1.25 is vulnerable to Cross Site Scripting (XSS)

Software Ditty Type Plugin Vulnerable versions 3.1.25 Fixed in 3.1.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4148 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c4ba1ff51af7 Credits Animesh Gaurav Required...

6.1CVSS5.9AI score0.00812EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2023/09/25 4:15 p.m.4 views

CVE-2023-4148

The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS7.3AI score0.00812EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/09/25 3:56 p.m.35 views

CVE-2023-4148 Ditty < 3.1.25 - Reflected XSS

The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1AI score0.00812EPSS
Exploits2References1
Rows per page
Query Builder