Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4148 | 1 Metaphorcreations | 1 Ditty | 2024-11-21 | N/A | 6.1 MEDIUM |
| The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||||
| CVE-2023-23874 | 1 Metaphorcreations | 1 Ditty | 2024-11-21 | N/A | 6.5 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Metaphor Creations Ditty plugin <= 3.0.32 versions. | |||||
| CVE-2022-0533 | 1 Metaphorcreations | 1 Ditty | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2024-6710 | 1 Metaphorcreations | 1 Ditty | 2024-09-05 | N/A | 5.4 MEDIUM |
| The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. | |||||