cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9600,https://securityvulnerability.io/vulnerability/CVE-2024-9600,Ditty WordPress Plugin Vulnerable to Stored Cross-Site Scripting Attacks,"The Ditty  WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks.",Wordpress,Ditty,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-11-21T06:00:09.466Z,0
CVE-2024-6715,https://securityvulnerability.io/vulnerability/CVE-2024-6715,Ditty Plugin Reintroduces Previously Fixd Security Issue,The Ditty  WordPress plugin before 3.1.46 re-introduced a previously fixed security issue (https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/) in v3.1.39,Wordpress,Ditty,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-08-23T06:00:04.204Z,0
CVE-2024-6710,https://securityvulnerability.io/vulnerability/CVE-2024-6710,Ditty plugin vulnerability could allow contributors to perform XSS attacks,"The Ditty  WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.",Wordpress,Ditty,5.4,MEDIUM,0.00044999999227002263,false,,false,false,true,true,false,false,2024-08-05T06:00:08.327Z,0
CVE-2024-5575,https://securityvulnerability.io/vulnerability/CVE-2024-5575,Ditty Plugin Vulnerability Could Lead to Cross-Site Scripting Attacks,"The Ditty  WordPress plugin before 3.1.43 does not sanitise and escape some of its blocks' settings, which could allow high privilege users such as authors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed",Wordpress,Ditty,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-13T06:00:12.200Z,0
CVE-2024-3939,https://securityvulnerability.io/vulnerability/CVE-2024-3939,Ditty WordPress Plugin Vulnerability Allows Stored Cross-Site Scripting Attacks,"The Ditty  WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,Ditty,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-05-27T06:00:01.202Z,0
CVE-2024-3954,https://securityvulnerability.io/vulnerability/CVE-2024-3954,"Ditty – Responsive News Tickers, Sliders, and Lists <= 3.1.38 - Authenticated (Contributor+) PHP Object Injection","The Ditty plugin for WordPress contains a vulnerability that allows for PHP Object Injection due to improper handling of untrusted input during the addition of new content. This issue affects all versions of the plugin up to 3.1.38. Authenticated users with contributor-level access and above can exploit this flaw to inject malicious PHP objects. While there is no known primitive object propagation (POP) chain within the plugin itself, the presence of a POP chain through other installed plugins or themes could potentially enable attackers to perform destructive actions such as deleting arbitrary files, extracting sensitive data, or executing unauthorized code. Users are advised to update to the latest version of the Ditty plugin to mitigate these risks.",Wordpress,"Ditty – Responsive News Tickers, Sliders, And Lists",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-14T15:42:00.000Z,0
CVE-2023-4148,https://securityvulnerability.io/vulnerability/CVE-2023-4148,Ditty < 3.1.25 - Reflected XSS,"The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.",Wordpress,Ditty,6.1,MEDIUM,0.0010300000431016088,false,,false,false,false,,false,false,2023-09-25T16:15:00.000Z,0
CVE-2022-0533,https://securityvulnerability.io/vulnerability/CVE-2022-0533,Ditty (formerly Ditty News Ticker) < 3.0.15 - Reflected Cross-Site Scripting (XSS),The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.,Wordpress,Ditty (formerly Ditty News Ticker),6.1,MEDIUM,0.001509999972768128,false,,false,false,false,,false,false,2022-03-07T08:16:49.000Z,0