145 matches found
WordPress plugin Ditty 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-3954
CVE-2024-3954 affects the Ditty WordPress plugin (Ditty – Responsive News Tickers, Sliders, and Lists) for all versions up to 3.1.38. Root cause: PHP Object Injection via deserialization of untrusted input when adding a new ditty. Exploitation requires authenticated access at contributor level or...
WordPress Ditty plugin <= 3.1.38 - Authenticated (Contributor+) PHP Object Injection vulnerability
Authenticated Contributor+ PHP Object Injection vulnerability discovered by Trinh Vu Sonicrrrr in WordPress Plugin Ditty versions = 3.1.38...
WordPress Ditty Plugin <= 3.1.38 is vulnerable to PHP Object Injection
Software Ditty Type Plugin Vulnerable versions = 3.1.38 Fixed in 3.1.39 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-3954 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 3afcc0b0dfe5 Credits Trinh Vu Sonicrrrr Required privilege...
Ditty < 3.1.36 - Author+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...
Ditty – Responsive News Tickers, Sliders, and Lists < 3.1.32 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Ditty plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access...
CVE-2024-32569
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metaphor Creations Ditty allows Stored XSS.This issue affects Ditty: from n/a through 3.1.31...
CVE-2024-32569
CVE-2024-32569 corresponds to the Ditty plugin for WordPress. The issue is a stored cross-site scripting (XSS) vulnerability in Ditty, arising during web-page generation, allowing stored XSS when input is not properly neutralized. Affected: Ditty versions up to 3.1.31 (per the CVE description). C...
CVE-2024-32569 WordPress Ditty plugin <= 3.1.31 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metaphor Creations Ditty allows Stored XSS.This issue affects Ditty: from n/a through 3.1.31...
CVE-2024-32569 WordPress Ditty plugin <= 3.1.31 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metaphor Creations Ditty allows Stored XSS.This issue affects Ditty: from n/a through 3.1.31...
WordPress Plugin Ditty 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...
WordPress Ditty plugin <= 3.1.31 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin Ditty versions = 3.1.31...
WordPress Ditty Plugin <= 3.1.31 is vulnerable to Cross Site Scripting (XSS)
Software Ditty Type Plugin Vulnerable versions = 3.1.31 Fixed in 3.1.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-32569 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 099376941676 Credits CatFather Required privilege...
Ditty < 3.1.25 - Missing Authorization via save_ditty_permissions_check
Description The Ditty plugin for WordPress is vulnerable to unauthorized editing of dittys due to a missing capability check on the savedittypermissionscheck function in versions up to, and including, 3.1.24. This makes it possible for unauthenticated attackers to edit dittys...
The vulnerability of the Ditty plugin in the WordPress content management system allows a hacker to execute XSS attacks.
The vulnerability of the Ditty plugin of the WordPress content management system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
WordPress Ditty Plugin <= 3.1.24 is vulnerable to Broken Access Control
Software Ditty Type Plugin Vulnerable versions = 3.1.24 Fixed in 3.1.25 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47764 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 94d027594d7c Credits Abdi Pranata Required privilege...
The vulnerability of the Ditty plugin in the WordPress content management system allows a hacker to execute XSS attacks.
The vulnerability of the Ditty plugin of the WordPress content management system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
WordPress Ditty Plugin < 3.1.25 is vulnerable to Cross Site Scripting (XSS)
Software Ditty Type Plugin Vulnerable versions 3.1.25 Fixed in 3.1.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4148 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c4ba1ff51af7 Credits Animesh Gaurav Required...
CVE-2023-4148
The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-4148 Ditty < 3.1.25 - Reflected XSS
The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...