Title: PATCHSTACK: Cross Site Scripting Vulnerability
Last modified: September 28, 2025

---

# PATCHSTACK: Cross Site Scripting Vulnerability

 *  Resolved [code3creative](https://wordpress.org/support/users/code3creative/)
 * (@code3creative)
 * [8 months, 1 week ago](https://wordpress.org/support/topic/patchstack-cross-site-scripting-vulnerability/)
 * Two days ago, Patchstack posted a Cross Site Scripting (XSS) vulnerability for
   this plugin:([https://patchstack.com/database/wordpress/plugin/ditty-news-ticker/vulnerability/wordpress-ditty-plugin-3-1-58-cross-site-scripting-xss-vulnerability?_a_id=350](https://patchstack.com/database/wordpress/plugin/ditty-news-ticker/vulnerability/wordpress-ditty-plugin-3-1-58-cross-site-scripting-xss-vulnerability?_a_id=350)).
 * Is there a patch coming from this?

Viewing 8 replies - 1 through 8 (of 8 total)

 *  [creativeimpact](https://wordpress.org/support/users/billygunn111/)
 * (@billygunn111)
 * [8 months, 1 week ago](https://wordpress.org/support/topic/patchstack-cross-site-scripting-vulnerability/#post-18660256)
 * Yes, it would be great if we could have a patch for this also. Many Thanks
 *  Plugin Support [Joe](https://wordpress.org/support/users/joemc/)
 * (@joemc)
 * [8 months, 1 week ago](https://wordpress.org/support/topic/patchstack-cross-site-scripting-vulnerability/#post-18660941)
 * Thanks for letting me know about this. For some reason I never received a notification
   on this issue so I am checking with Patchstack to get more details. As soon as
   I find out more and resolve the issue I will post an update.
 *  [rsb1234](https://wordpress.org/support/users/rsb1234/)
 * (@rsb1234)
 * [8 months, 1 week ago](https://wordpress.org/support/topic/patchstack-cross-site-scripting-vulnerability/#post-18661752)
 * Following
 *  Plugin Support [Joe](https://wordpress.org/support/users/joemc/)
 * (@joemc)
 * [8 months, 1 week ago](https://wordpress.org/support/topic/patchstack-cross-site-scripting-vulnerability/#post-18662031)
 * I was able to track down the patchstack notice and the issue listed was already
   fixed in version 3.1.58. I have resubmitted the update to patchstack so hopefully
   they close out the notice soon. They previously confirmed with me that it was
   closed, but for some reason it’s still open.
 *  Thread Starter [code3creative](https://wordpress.org/support/users/code3creative/)
 * (@code3creative)
 * [8 months, 1 week ago](https://wordpress.org/support/topic/patchstack-cross-site-scripting-vulnerability/#post-18662995)
 * Sounds good, thanks for the quick update!
 *  Plugin Support [Joe](https://wordpress.org/support/users/joemc/)
 * (@joemc)
 * [8 months ago](https://wordpress.org/support/topic/patchstack-cross-site-scripting-vulnerability/#post-18669926)
 * I released another small update to ensure this issue was resolved. Please update
   to version **3.1.59** when you get a chance.
 *  [mikii](https://wordpress.org/support/users/mikii/)
 * (@mikii)
 * [8 months ago](https://wordpress.org/support/topic/patchstack-cross-site-scripting-vulnerability/#post-18670881)
 * Hi [@joemc](https://wordpress.org/support/users/joemc/), thank you for fixing
   this. I can now confirm that the warning has disappeared from Wordfence too after
   updating to 3.1.59.
 *  Plugin Support [Joe](https://wordpress.org/support/users/joemc/)
 * (@joemc)
 * [8 months ago](https://wordpress.org/support/topic/patchstack-cross-site-scripting-vulnerability/#post-18671308)
 * [@mikii](https://wordpress.org/support/users/mikii/) thanks for letting me know!

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘PATCHSTACK: Cross Site Scripting Vulnerability’ is closed to new replies.

 * ![](https://ps.w.org/ditty-news-ticker/assets/icon.svg?rev=2650696)
 * [Ditty – Responsive News Tickers, Sliders, and Lists](https://wordpress.org/plugins/ditty-news-ticker/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/ditty-news-ticker/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/ditty-news-ticker/)
 * [Active Topics](https://wordpress.org/support/plugin/ditty-news-ticker/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/ditty-news-ticker/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/ditty-news-ticker/reviews/)

 * 8 replies
 * 5 participants
 * Last reply from: [Joe](https://wordpress.org/support/users/joemc/)
 * Last activity: [8 months ago](https://wordpress.org/support/topic/patchstack-cross-site-scripting-vulnerability/#post-18671308)
 * Status: resolved