.. / CVE-2022-0533

Exploit for Ditty (formerly Ditty News Ticker) < 3.0.15 - Cross-Site Scripting (CVE-2022-0533)

Description:

The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.

Nuclei Template

View the template here CVE-2022-0533.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-0533.yaml
Copy

References:

https://vulners.com/cve/CVE-2022-0533
https://plugins.trac.wordpress.org/changeset/2675223/ditty-news-ticker
https://nvd.nist.gov/vuln/detail/CVE-2022-0533
https://wpscan.com/vulnerability/40f36692-c898-4441-ad24-2dc17856bd74