Ditty 漏洞列表
共找到 7 个与 Ditty 相关的漏洞
📅 加载漏洞趋势中...
-
WordPress Ditty 存在 SSRF 漏洞(CVE-2025-8085) 无POC
3.1.58 之前的 Ditty WordPress 插件缺乏对其 displayItems 端点请求的授权和身份验证,允许未经身份验证的访问者向任意 URL发出请求。 -
CVE-2022-0533: Ditty (formerly Ditty News Ticker) < 3.0.15 - Cross-Site Scripting POC
The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability. -
CVE-2023-4148: Ditty < 3.1.25 - Cross-Site Scripting POC
The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. -
CVE-2025-8085: Ditty < 3.1.58 - Server-Side Request Forgery POC
The plugin lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. v3.1.57 attempted to fix the issue with a nonce check, however any authenticated users, such as subscriber can retrieve it. -
CVE-2022-0533: Ditty (formerly Ditty News Ticker) < 3.0.15 - Cross-Site Scripting POC
The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability. -
CVE-2023-4148: Ditty < 3.1.25 - Cross-Site Scripting POC
The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. -
CVE-2025-8085: Ditty < 3.1.58 - Server-Side Request Forgery POC
The plugin lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. v3.1.57 attempted to fix the issue with a nonce check, however any authenticated users, such as subscriber can retrieve it.