← back
CVE-2022-0533

Ditty (formerly Ditty News Ticker) < 3.0.15 - Reflected Cross-Site Scripting (XSS)

EPSS 1.9%CWE-79
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 1.9%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
07 Mar 2022Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.
Affected products
Unknown · Ditty (formerly Ditty News Ticker)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://plugins.trac.wordpress.org/changeset/2675223/ditty-news-tickerhttps://wpscan.com/vulnerability/40f36692-c898-4441-ad24-2dc17856bd74