The Ditty WordPress plugin before 3.1.43 does not sanitise and escape some of its blocks' settings, which could allow high privilege users such as authors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowedCreditsDmitrii IgnatyevWPScanReferenceshttps://wpscan.com/vulnerability/65d1abb7-92e9-4cc4-a1d0-84985b484af3/
