Stored XSS vulnerability in Ditty < 3.1.3
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
![]() | CVE-2024-3939 Ditty < 3.1.36 - Author+ Stored XSS | 27 May 202406:00 | β | cvelist |
![]() | CVE-2024-3939 | 27 May 202406:15 | β | cve |
![]() | CVE-2024-3939 Ditty < 3.1.36 - Author+ Stored XSS | 27 May 202406:00 | β | vulnrichment |
![]() | CVE-2024-3939 | 27 May 202406:15 | β | nvd |
![]() | WordPress Ditty Plugin < 3.1.36 is vulnerable to Cross Site Scripting (XSS) | 27 May 202400:00 | β | patchstack |
![]() | Ditty < 3.1.36 - Author+ Stored XSS | 6 May 202400:00 | β | wpvulndb |
![]() | Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024) | 16 May 202413:04 | β | wordfence |
Source | Link |
---|---|
research | www.research.cleantalk.org/cve-2024-3939/ |
1. Go to https://example.com/wp-admin/admin.php?page=ditty-new
2. In the menu on the right, click "Add Default"
3. Put the following payload in the Content Title field: "><script></script><img src=x onerror=alert(document.domain)>
4. Click save and then reload to see the XSS
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo