Ditty – Responsive News Tickers, Sliders, and Lists, CVE-2024-9600
- CVE, Research URL
- Published on
- Nov 21, 2024
- Research Description
- The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks.
- Affected versions
-
max 3.1.47.
- Status
-
vulnerable