CVE-2024-13357 Ditty – Responsive News Tickers, Sliders, and Lists < 3.1.52 - Author+ Stored XSS
The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...