VYPR

Ditty News Ticker

by WordPress

Source repositories

CVEs (6)

  • CVE-2024-3954HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    The Ditty plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.1.38 via deserialization of untrusted input when adding a new ditty. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object.…

  • CVE-2026-9011HigMay 22, 2026
    risk 0.49cvss 7.5epss 0.00

    The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it…

  • CVE-2025-60105MedSep 26, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaphorcreations Ditty ditty-news-ticker allows Stored XSS.This issue affects Ditty: from n/a through <= 3.1.58.

  • CVE-2023-47764MedDec 9, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in metaphorcreations Ditty ditty-news-ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ditty: from n/a through <= 3.1.24.

  • CVE-2024-32569MedApr 18, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metaphor Creations Ditty allows Stored XSS.This issue affects Ditty: from n/a through 3.1.31.

  • CVE-2022-0533MedMar 7, 2022
    risk 0.33cvss 6.1epss 0.02

    The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.