The Ditty plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.1.38 via deserialization of untrusted input when adding a new ditty. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain.....
8.8CVSS
7AI Score
0.001EPSS
A vulnerability was found in meta4creations Post Duplicator Plugin 2.18 on WordPress. It has been classified as problematic. Affected is the function mtphr_post_duplicator_notice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross site scripting. It is....
6.1CVSS
6AI Score
0.001EPSS
The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.1CVSS
6AI Score
0.001EPSS
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Metaphor Creations Ditty plugin <= 3.0.32...
6.5CVSS
5.2AI Score
0.0005EPSS
A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Duplicate Title" text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or....
5.4CVSS
5.3AI Score
0.001EPSS
The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS)...
6.1CVSS
6AI Score
0.001EPSS