Does Ditty – Responsive News Tickers, Sliders, and Lists have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Ditty – Responsive News Tickers, Sliders, and Lists compatible with WordPress 6.9.4?

According to WordPress.org data, Ditty – Responsive News Tickers, Sliders, and Lists 3.1.64 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Ditty – Responsive News Tickers, Sliders, and Lists compatible with PHP 7.4+?

Ditty – Responsive News Tickers, Sliders, and Lists requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is Ditty – Responsive News Tickers, Sliders, and Lists's security score?

Ditty – Responsive News Tickers, Sliders, and Lists has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ditty – Responsive News Tickers, Sliders, and Lists Security & Risk Analysis

wordpress.org/plugins/ditty-news-ticker

Ditty offers a range of content display options, including its signature news ticker and customizable layouts.

30K active installs v3.1.64 PHP 7.4+ WP 6.2+ Updated Mar 12, 2026

content-slidernews-tickerpost-sliderpost-tickerresponsive-slider

A · Safe

CVEs total14

Unpatched0

Last CVESep 26, 2025

Plugin page Download

Safety Verdict

Is Ditty – Responsive News Tickers, Sliders, and Lists Safe to Use in 2026?

Generally Safe

Score 91/100

Ditty – Responsive News Tickers, Sliders, and Lists has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

14 known CVEsLast CVE: Sep 26, 2025Updated 2mo ago

Risk Assessment

The Ditty News Ticker plugin, version 3.1.64, presents a mixed security posture. While it demonstrates good practices like extensive use of prepared statements for SQL queries and a significant number of nonce and capability checks, several concerning factors warrant attention. The presence of 3 AJAX handlers without authentication checks, coupled with 7 taint flows involving unsanitized paths, indicates potential avenues for exploitation. Although the taint analysis did not reveal critical or high severity issues, the sheer number of unsanitized path flows is a red flag, suggesting that user-supplied input might not be adequately validated before being used in file-related operations or other sensitive contexts.

The plugin's vulnerability history is also a significant concern. With a total of 14 known CVEs, including 2 high severity vulnerabilities and 12 medium, it suggests a recurring pattern of security weaknesses. The common vulnerability types, such as SSRF, XSS, deserialization of untrusted data, and missing authorization, are serious and can lead to severe consequences if exploited. The fact that the last reported vulnerability was in late 2025 (as indicated by the date format) suggests the plugin has had recent issues, and the absence of currently unpatched vulnerabilities is positive, but the historical trend points to a need for more robust security development practices.

In conclusion, Ditty News Ticker v3.1.64 has some commendable security implementations, but the identified unprotected entry points, unsanitized path flows, and a substantial history of medium to high severity vulnerabilities create a notable risk profile. Users should exercise caution and ensure they are running the latest available version, though the historical data suggests this may not fully mitigate all risks. Continued vigilance and potentially more thorough security auditing of the codebase are recommended.

Key Concerns

AJAX handlers without auth checks
Flows with unsanitized paths
High severity CVEs in history
Medium severity CVEs in history
Deserialization of Untrusted Data history
Missing Authorization history
Dangerous function: unserialize
Output escaping < 60%

Vulnerabilities

14 published

Ditty – Responsive News Tickers, Sliders, and Lists Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

3 CVEs in 2023

2023

7 CVEs in 2024

2024

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

14 total CVEs

CVE-2025-60105medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ditty <= 3.1.58 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 26, 2025 Patched in 3.1.59 (13d)

CVE-2025-8085high · 7.2Server-Side Request Forgery (SSRF)

Ditty <= 3.1.57 - Unauthenticated Server-Side Request Forgery

Aug 18, 2025 Patched in 3.1.58 (39d)

CVE-2024-13357medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ditty <= 3.1.51 - Authenticated (Author+) Stored Cross-Site Scripting

Mar 6, 2025 Patched in 3.1.52 (65d)

CVE-2024-9600medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ditty <= 3.1.46 - Authenticated (Author+) Stored Cross-Site Scripting

Oct 31, 2024 Patched in 3.1.47 (16d)

CVE-2024-6715medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ditty 3.1.39 - 3.1.45 - Authenticated (Author+) Stored Cross-Site Scripting

Aug 2, 2024 Patched in 3.1.46 (27d)

CVE-2024-6710medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ditty – Responsive News Tickers, Sliders, and Lists <= 3.1.44 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 15, 2024 Patched in 3.1.45 (26d)

CVE-2024-5575medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ditty – Responsive News Tickers, Sliders, and Lists <= 3.1.42 - Authenticated (Author+) Stored Cross-Site Scripting

Jun 22, 2024 Patched in 3.1.43 (20d)

CVE-2024-3954high · 8.8Deserialization of Untrusted Data

Ditty – Responsive News Tickers, Sliders, and Lists <= 3.1.38 - Authenticated (Contributor+) PHP Object Injection

May 7, 2024 Patched in 3.1.39 (3d)

CVE-2024-3939medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ditty <= 3.1.35 - Authenticated (Author+) Stored Cross-Site Scripting

May 6, 2024 Patched in 3.1.36 (8d)

CVE-2024-32569medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ditty – Responsive News Tickers, Sliders, and Lists <= 3.1.31 - Authenticated (Author+) Stored Cross-Site Scripting

Apr 16, 2024 Patched in 3.1.32 (9d)

CVE-2023-47764medium · 5.3Missing Authorization

Ditty <= 3.1.24 - Missing Authorization via save_ditty_permissions_check

Nov 13, 2023 Patched in 3.1.25 (71d)

CVE-2023-4148medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ditty <= 3.1.24 - Reflected Cross-Site Scripting

Aug 29, 2023 Patched in 3.1.25 (147d)

CVE-2023-23874medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ditty <= 3.0.32 - Authenticated (Contributor+) Stored Cross-Scripting via Shortcode

Feb 20, 2023 Patched in 3.0.33 (337d)

CVE-2022-0533medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ditty (formerly Ditty News Ticker) <= 3.0.14 - Reflected Cross-Site Scripting

Feb 9, 2022 Patched in 3.0.15 (713d)

Version History

Ditty – Responsive News Tickers, Sliders, and Lists Release Timeline

v3.1.64Current

v3.1.63

v3.1.62

v3.1.61

v3.1.60

v3.1.59

v3.1.581 CVE

CVE-2025-60105

v3.1.572 CVEs

CVE-2025-8085 CVE-2025-60105

v3.1.562 CVEs

CVE-2025-8085 CVE-2025-60105

v3.1.552 CVEs

CVE-2025-8085 CVE-2025-60105

v3.1.542 CVEs

CVE-2025-8085 CVE-2025-60105

v3.1.532 CVEs

CVE-2025-8085 CVE-2025-60105

v3.1.522 CVEs

CVE-2025-8085 CVE-2025-60105

v3.1.513 CVEs

CVE-2025-8085 CVE-2025-60105 CVE-2024-13357

v3.1.503 CVEs

CVE-2025-8085 CVE-2025-60105 CVE-2024-13357

v3.1.493 CVEs

CVE-2025-8085 CVE-2025-60105 CVE-2024-13357

v3.1.483 CVEs

CVE-2025-8085 CVE-2025-60105 CVE-2024-13357

v3.1.473 CVEs

CVE-2025-8085 CVE-2025-60105 CVE-2024-13357

v3.1.464 CVEs

CVE-2024-9600 CVE-2025-8085 CVE-2025-60105 +1 more

v3.1.455 CVEs

CVE-2024-9600 CVE-2025-8085 CVE-2025-60105 +2 more

Code Analysis

Analyzed Mar 16, 2026

Ditty – Responsive News Tickers, Sliders, and Lists Code Analysis

Dangerous Functions

Raw SQL Queries

44 prepared

Unescaped Output

286

410 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$value = @unserialize(includes\helpers.php:1726

unserialize$value = @unserialize(legacy\inc\helpers.php:509

SQL Query Safety

90% prepared49 total queries

Output Escaping

59% escaped696 total outputs

Data Flows · Security

7 unsanitized

Data Flow Analysis

9 flows7 with unsanitized paths

ditty_display_admin_screen_filters (includes\admin\columns.php:189)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Ditty – Responsive News Tickers, Sliders, and Lists Attack Surface

Entry Points19

Unprotected3

AJAX Handlers 16

authwp_ajax_ditty_notice_closeincludes\admin\notices.php:184

authwp_ajax_ditty_install_displayincludes\class-ditty-displays.php:29

authwp_ajax_ditty_extension_license_activateincludes\class-ditty-extensions.php:33

authwp_ajax_ditty_extension_license_refreshincludes\class-ditty-extensions.php:34

authwp_ajax_ditty_extension_license_deactivateincludes\class-ditty-extensions.php:35

authwp_ajax_ditty_extension_panel_updateincludes\class-ditty-extensions.php:36

authwp_ajax_ditty_install_layoutincludes\class-ditty-layouts.php:30

authwp_ajax_ditty_initincludes\class-ditty-singles.php:32

noprivwp_ajax_ditty_initincludes\class-ditty-singles.php:33

authwp_ajax_ditty_live_updatesincludes\class-ditty-singles.php:34

noprivwp_ajax_ditty_live_updatesincludes\class-ditty-singles.php:35

authwp_ajax_mtphr_dnt_license_bug_dismisslegacy\eddsl\eddsl.php:439

authwp_ajax_mtphr_dnt_license_deactivate_ajaxlegacy\eddsl\eddsl.php:536

authwp_ajax_mtphr_dnt_license_activate_ajaxlegacy\eddsl\eddsl.php:629

authwp_ajax_mtphr_dnt_single_image_ajaxlegacy\inc\admin\ajax.php:25

authwp_ajax_mtphr_dnt_wysiwyg_ajaxlegacy\inc\admin\ajax.php:54

Shortcodes 3

[ditty_ticker] includes\class-ditty-shortcodes.php:26

[ditty] includes\class-ditty-shortcodes.php:29

[ditty_news_ticker] legacy\inc\shortcodes.php:9

WordPress Hooks 163

filtermanage_posts_columnsincludes\admin\columns.php:36

actionmanage_posts_custom_columnincludes\admin\columns.php:117

filtermanage_edit-ditty_display_sortable_columnsincludes\admin\columns.php:130

filtermanage_edit-ditty_layout_sortable_columnsincludes\admin\columns.php:137

filtermanage_edit-ditty_sortable_columnsincludes\admin\columns.php:144

filterrequestincludes\admin\columns.php:182

actionrestrict_manage_postsincludes\admin\columns.php:217

filterparse_queryincludes\admin\columns.php:272

filterpre_set_site_transient_update_pluginsincludes\admin\Ditty_Plugin_Updater.php:75

filterplugins_apiincludes\admin\Ditty_Plugin_Updater.php:76

actionafter_plugin_rowincludes\admin\Ditty_Plugin_Updater.php:77

actionadmin_initincludes\admin\Ditty_Plugin_Updater.php:78

actionadmin_menuincludes\admin\export.php:18

actionadmin_initincludes\admin\export.php:415

actionadmin_initincludes\admin\export.php:820

actionadmin_noticesincludes\admin\notices.php:122

actionadmin_initincludes\admin\notices.php:163

actionadmin_footerincludes\admin\notices.php:223

actioninitincludes\blocks.php:4

actionfusion_builder_before_initincludes\builders\fusion\builder.php:66

actionrest_api_initincludes\class-ditty-api.php:21

actionplugins_loadedincludes\class-ditty-db-item-meta.php:31

actionplugins_loadedincludes\class-ditty-db-items.php:31

filterditty_display_stylesincludes\class-ditty-display-type-ticker.php:29

filterditty_display_item_stylesincludes\class-ditty-display-type-ticker.php:30

filterget_edit_post_linkincludes\class-ditty-displays.php:21

actionadmin_menuincludes\class-ditty-displays.php:22

actionadmin_initincludes\class-ditty-displays.php:23

filteradmin_body_classincludes\class-ditty-displays.php:26

filterpost_row_actionsincludes\class-ditty-displays.php:27

actionadmin_initincludes\class-ditty-extensions.php:28

actionadmin_menuincludes\class-ditty-extensions.php:29

filterditty_layout_tagsincludes\class-ditty-item-type-default.php:29

filterditty_layout_link_optionsincludes\class-ditty-item-type-posts-lite.php:29

filterditty_layout_tagsincludes\class-ditty-item-type-posts-lite.php:30

filteradmin_body_classincludes\class-ditty-layouts.php:23

actionadmin_initincludes\class-ditty-layouts.php:24

actionadmin_menuincludes\class-ditty-layouts.php:25

filterget_edit_post_linkincludes\class-ditty-layouts.php:26

filterpost_row_actionsincludes\class-ditty-layouts.php:27

actionwp_delete_postincludes\class-ditty-layouts.php:28

actioninitincludes\class-ditty-scripts.php:33

actionadmin_enqueue_scriptsincludes\class-ditty-scripts.php:34

actionwp_enqueue_scriptsincludes\class-ditty-scripts.php:35

actionadmin_enqueue_scriptsincludes\class-ditty-scripts.php:36

actionwp_enqueue_scriptsincludes\class-ditty-scripts.php:37

actionenqueue_block_editor_assetsincludes\class-ditty-scripts.php:38

actionadmin_footerincludes\class-ditty-scripts.php:39

actionwp_footerincludes\class-ditty-scripts.php:40

actionadmin_initincludes\class-ditty-settings.php:15

actionadmin_menuincludes\class-ditty-settings.php:16

filterget_edit_post_linkincludes\class-ditty-singles.php:22

actionadmin_menuincludes\class-ditty-singles.php:23

actionadmin_initincludes\class-ditty-singles.php:24

filteradmin_body_classincludes\class-ditty-singles.php:27

filterpost_row_actionsincludes\class-ditty-singles.php:28

actionmtphr_post_duplicator_createdincludes\class-ditty-singles.php:29

actionwp_insert_postincludes\class-ditty-translations.php:21

actiondelete_postincludes\class-ditty-translations.php:22

filterthe_titleincludes\class-ditty-translations.php:23

actioninitincludes\class-ditty.php:289

actioninitincludes\class-ditty.php:300

actioninitincludes\class-ditty.php:301

actiondelete_postincludes\hooks.php:40

filterwpincludes\hooks.php:109

filterwp_kses_allowed_htmlincludes\hooks.php:130

filterditty_layout_tagsincludes\hooks.php:145

filteradmin_body_classincludes\hooks.php:160

filtercustom_menu_orderincludes\hooks.php:220

actionadmin_menuincludes\hooks.php:241

filterditty_php_displayincludes\hooks.php:262

filterditty_layout_tag_author_avatar_dataincludes\layout-tag-hooks-default.php:3

filterditty_layout_tag_author_bioincludes\layout-tag-hooks-default.php:4

filterditty_layout_tag_author_nameincludes\layout-tag-hooks-default.php:5

filterditty_layout_tag_contentincludes\layout-tag-hooks-default.php:6

filterditty_layout_tag_contentincludes\layout-tag-hooks-default.php:7

filterditty_layout_tag_timestampincludes\layout-tag-hooks-default.php:8

filterditty_layout_tag_author_avatar_dataincludes\layout-tag-hooks-posts.php:61

filterditty_layout_tag_author_nameincludes\layout-tag-hooks-posts.php:80

filterditty_layout_tag_author_bioincludes\layout-tag-hooks-posts.php:99

filterditty_layout_tag_category_dataincludes\layout-tag-hooks-posts.php:126

filterditty_layout_tag_contentincludes\layout-tag-hooks-posts.php:154

filterditty_layout_tag_excerpt_dataincludes\layout-tag-hooks-posts.php:175

filterditty_layout_tag_link_dataincludes\layout-tag-hooks-posts.php:227

filterditty_layout_tag_iconincludes\layout-tag-hooks-posts.php:245

filterditty_layout_tag_image_dataincludes\layout-tag-hooks-posts.php:274

filterditty_layout_tag_permalinkincludes\layout-tag-hooks-posts.php:292

filterditty_layout_tag_timestampincludes\layout-tag-hooks-posts.php:310

filterditty_layout_tag_titleincludes\layout-tag-hooks-posts.php:328

filterditty_layout_tag_attsincludes\layout-tag-hooks.php:2

filterditty_layout_tag_author_avatarincludes\layout-tag-hooks.php:3

filterditty_layout_tag_author_bannerincludes\layout-tag-hooks.php:4

filterditty_layout_tag_categoriesincludes\layout-tag-hooks.php:5

filterditty_layout_tag_excerptincludes\layout-tag-hooks.php:6

filterditty_layout_tag_imageincludes\layout-tag-hooks.php:7

filterditty_layout_tag_image_urlincludes\layout-tag-hooks.php:8

filterditty_layout_tag_mediaincludes\layout-tag-hooks.php:9

filterditty_layout_tag_termsincludes\layout-tag-hooks.php:10

filterditty_layout_tag_timeincludes\layout-tag-hooks.php:11

actioninitincludes\post-types.php:154

filterpost_updated_messagesincludes\post-types.php:169

filterditty_translation_languageincludes\translators\wpml.php:5

filterditty_active_translation_languagesincludes\translators\wpml.php:6

actionditty_save_title_translationincludes\translators\wpml.php:7

actionditty_save_item_translationincludes\translators\wpml.php:8

actionditty_delete_item_translationincludes\translators\wpml.php:9

actionditty_delete_post_translationsincludes\translators\wpml.php:10

actionditty_delete_language_transientsincludes\translators\wpml.php:11

actionwpml_st_add_string_translationincludes\translators\wpml.php:12

filterditty_translate_titleincludes\translators\wpml.php:13

filterditty_translate_itemincludes\translators\wpml.php:14

actionadmin_initincludes\upgrades.php:45

actionwidgets_initincludes\widget.php:130

actionadmin_initlegacy\eddsl\eddsl.php:62

actionadmin_menulegacy\eddsl\eddsl.php:110

actionnetwork_admin_menulegacy\eddsl\eddsl.php:111

actionadmin_initlegacy\eddsl\eddsl.php:171

actionmtphr_dnt_license_check_actionlegacy\eddsl\eddsl.php:328

actionadmin_noticeslegacy\eddsl\eddsl.php:413

actionadmin_footerlegacy\eddsl\eddsl.php:717

filtermanage_ditty_news_ticker_posts_columnslegacy\inc\admin\edit-columns.php:23

actionmanage_ditty_news_ticker_posts_custom_columnlegacy\inc\admin\edit-columns.php:76

filtermanage_edit-ditty_news_ticker_sortable_columnslegacy\inc\admin\edit-columns.php:92

filterrequestlegacy\inc\admin\edit-columns.php:118

actionrestrict_manage_postslegacy\inc\admin\edit-columns.php:156

filterparse_querylegacy\inc\admin\edit-columns.php:192

actionmtphr_dnt_list_headinglegacy\inc\admin\filters.php:10

actionmtphr_dnt_list_headinglegacy\inc\admin\filters.php:11

actionedit_form_after_titlelegacy\inc\admin\meta-boxes.php:39

actionedit_form_after_titlelegacy\inc\admin\meta-boxes.php:167

actionmtphr_dnt_type_metaboxeslegacy\inc\admin\meta-boxes.php:186

actionmtphr_dnt_mode_metaboxeslegacy\inc\admin\meta-boxes.php:206

actionmtphr_dnt_global_metaboxeslegacy\inc\admin\meta-boxes.php:220

actionsave_postlegacy\inc\admin\meta-boxes.php:1434

actionvc_before_initlegacy\inc\composer.php:33

filterthe_contentlegacy\inc\filters.php:15

filtermtphr_dnt_ticklegacy\inc\filters.php:26

actioninitlegacy\inc\filters.php:28

filtermtphr_dnt_tick_array_transformlegacy\inc\filters.php:141

actionmtphr_dnt_afterlegacy\inc\filters.php:211

actionmtphr_dnt_beforelegacy\inc\filters.php:227

actionmtphr_dnt_beforelegacy\inc\filters.php:238

actionmtphr_dnt_contents_afterlegacy\inc\filters.php:249

actionmtphr_dnt_afterlegacy\inc\filters.php:260

actionmtphr_dnt_afterlegacy\inc\filters.php:271

actionmtphr_dnt_afterlegacy\inc\filters.php:292

filtermtphr_dnt_tick_arraylegacy\inc\functions.php:401

actionadmin_head-edit.phplegacy\inc\help.php:11

actionadmin_head-post-new.phplegacy\inc\help.php:37

actionadmin_head-post.phplegacy\inc\help.php:38

filterfw_extensions_locationslegacy\inc\hooks.php:11

filteradmin_initlegacy\inc\hooks.php:35

actionwpmu_new_bloglegacy\inc\install.php:108

actionadmin_initlegacy\inc\install.php:135

actioninitlegacy\inc\post-types.php:50

filterpost_updated_messageslegacy\inc\post-types.php:65

actionadmin_menulegacy\inc\settings.php:18

actionadmin_initlegacy\inc\settings.php:145

actionwp_enqueue_scriptslegacy\inc\static.php:65

actionadmin_enqueue_scriptslegacy\inc\static.php:66

actionwp_headlegacy\inc\static.php:81

actionwp_footerlegacy\inc\static.php:142

actionwidgets_initlegacy\inc\widget.php:175

Scheduled Events 1

mtphr_dnt_license_check_action

Maintenance & Trust

Ditty – Responsive News Tickers, Sliders, and Lists Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 12, 2026

PHP min version7.4

Downloads2.8M

Community Trust

Rating92/100

Number of ratings106

Active installs30K

Alternatives

Ditty – Responsive News Tickers, Sliders, and Lists Alternatives

Slider Pro

sliderpro

100

Slider Pro is a responsive slider plugin that offers Premium features for FREE, including animated layers, post content, full width layout and more.

4K 1 CVE

WP Post Ticker

wp-post-ticker

Creates an easy to use post ticker that slides through the selected posts via shortcode and widget area.

10 No CVEs

Social LikeBox & Feed

facebook-by-weblizar

Display your FaceBook Feed and Like box on your website with this outstanding plugin. It is completely customizable, responsive and the code is search …

10K 1 CVE

Block Slider – Responsive Image Slider, Video Slider & Post Slider

block-slider

Create Responsive Sliders using WordPress Blocks. Image slider, video slider, YouTube slider, post slider, product slider, WooCommerce slider & more.

4K 1 unpatched

News Ticker Widget for Elementor

news-ticker-widget-for-elementor

News ticker widget for elementor helps you showcase your latest news/posts in a marquee or slider format.

4K 1 CVE

Developer Profile

Ditty – Responsive News Tickers, Sliders, and Lists Developer Profile

metaphorcreations

2 plugins · 230K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

257 days

View full developer profile

Detection Fingerprints

How We Detect Ditty – Responsive News Tickers, Sliders, and Lists

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ditty-news-ticker/build/css/ditty.css/wp-content/plugins/ditty-news-ticker/build/js/ditty.js/wp-content/plugins/ditty-news-ticker/build/css/editor.css/wp-content/plugins/ditty-news-ticker/build/js/editor.js

Script Paths

/wp-content/plugins/ditty-news-ticker/build/js/ditty.js/wp-content/plugins/ditty-news-ticker/build/js/editor.js

Version Parameters

ditty-news-ticker/build/css/ditty.css?ver=ditty-news-ticker/build/js/ditty.js?ver=ditty-news-ticker/build/css/editor.css?ver=ditty-news-ticker/build/js/editor.js?ver=

HTML / DOM Fingerprints

CSS Classes

ditty-news-tickerditty-attr-idditty-wrapditty-tickerditty-content-wrapditty-contentditty-display-typeditty-layout+13 more

HTML Comments

Data Attributes

data-ditty-iddata-ditty-displaydata-ditty-speeddata-ditty-pausedata-ditty-transitiondata-ditty-direction+3 more

JS Globals

ditty

Shortcode Output

[ditty_news_ticker

FAQ

Ditty – Responsive News Tickers, Sliders, and Lists Security & Risk Analysis

Is Ditty – Responsive News Tickers, Sliders, and Lists Safe to Use in 2026?

Generally Safe

Key Concerns

Ditty – Responsive News Tickers, Sliders, and Lists Security Vulnerabilities

CVEs by Year

Severity Breakdown

Ditty – Responsive News Tickers, Sliders, and Lists Release Timeline

Ditty – Responsive News Tickers, Sliders, and Lists Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

Ditty – Responsive News Tickers, Sliders, and Lists Attack Surface

AJAX Handlers 16

Shortcodes 3

Scheduled Events 1

Ditty – Responsive News Tickers, Sliders, and Lists Maintenance & Trust

Maintenance Signals

Community Trust

Ditty – Responsive News Tickers, Sliders, and Lists Alternatives

Slider Pro

WP Post Ticker

Social LikeBox & Feed

Block Slider – Responsive Image Slider, Video Slider & Post Slider

News Ticker Widget for Elementor

Ditty – Responsive News Tickers, Sliders, and Lists Developer Profile

How We Detect Ditty – Responsive News Tickers, Sliders, and Lists

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Ditty – Responsive News Tickers, Sliders, and Lists