Ditty Security Vulnerabilities and Issues — Ditty CVE List

Lucene search

MetaphorcreationsDitty

10 matches found

CVE•added 2022/03/07 9:15 a.m.•121 views

CVE-2022-0533

The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.

6.1CVSS6AI score0.02936EPSS

CVE•added 2024/12/09 1:15 p.m.•73 views

CVE-2023-47764

Missing Authorization vulnerability in Metaphor Creations Ditty allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ditty: from n/a through 3.1.24.

6.5CVSS6.5AI score0.00125EPSS

CVE•added 2023/09/25 4:15 p.m.•57 views

CVE-2023-4148

The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

6.1CVSS6AI score0.03427EPSS

CVE•added 2024/05/27 6:15 a.m.•48 views

CVE-2024-3939

The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

5.4CVSS5.6AI score0.00257EPSS

CVE•added 2024/08/23 6:15 a.m.•39 views

CVE-2024-6715

The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue (https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/) in v3.1.39

6.1CVSS6.5AI score0.00032EPSS

CVE•added 2024/11/21 11:15 a.m.•38 views

CVE-2024-9600

The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks.

4.8CVSS4.8AI score0.00011EPSS

CVE•added 2024/07/13 6:15 a.m.•37 views

CVE-2024-5575

The Ditty WordPress plugin before 3.1.43 does not sanitise and escape some of its blocks' settings, which could allow high privilege users such as authors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.7CVSS4.8AI score0.00032EPSS

CVE•added 2023/05/03 2:15 p.m.•24 views

CVE-2023-23874

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Metaphor Creations Ditty plugin

6.5CVSS5.3AI score0.00077EPSS

CVE•added 2025/05/15 8:15 p.m.•20 views

CVE-2024-13357

The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS5.7AI score0.00046EPSS

CVE•added 2024/08/05 6:16 a.m.•18 views

CVE-2024-6710

The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.

5.4CVSS5.8AI score0.00027EPSS