WordPress Plugin Vulnerabilities

Ditty (formerly Ditty News Ticker) < 3.0.15 - Reflected Cross-Site Scripting (XSS)

Description

The plugin is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
ditty-news-ticker
Fixed in 3.0.15

References

CVE
CVE-2022-0533
URL
https://plugins.trac.wordpress.org/changeset/2675223/ditty-news-ticker

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
https://kazet.cc/
Verified
Yes
WPVDB ID
40f36692-c898-4441-ad24-2dc17856bd74

Timeline

Publicly Published
2022-02-09 (about 3 years ago)
Added
2022-02-09 (about 3 years ago)
Last Updated
2022-04-08 (about 3 years ago)

Other

Published
Title
Published
2025-05-06
Title
Relevanssi <= 4.24.3 (Free) and <= 2.27.4 (Premium) - Unauthenticated Stored Cross-Site Scripting via Search Highlights
Published
2024-03-13
Title
WPFunnels < 3.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2025-01-23
Title
Listamester < 2.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-05-17
Title
WP Backpack <= 2.1 - Admin+ Stored XSS
Published
2024-11-08
Title
Websand Subscription Form <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting