CVE-2022-0533
MEDIUM NUCLEIDitty WordPress Plugin <3.0.15 - XSS
Title source: llmDescription
The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.
Nuclei Templates (1)
Ditty (formerly Ditty News Ticker) < 3.0.15 - Cross-Site Scripting
MEDIUMVERIFIEDby r3Y3r53
Shodan:
http.html:/wp-content/plugins/ditty-news-ticker/
FOFA:
body=/wp-content/plugins/ditty-news-ticker/
Scores
CVSS v3
6.1
EPSS
0.0469
EPSS Percentile
89.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
metaphorcreations/ditty
< 3.0.15
Published
Mar 07, 2022
Tracked Since
Feb 18, 2026