Ditty Security Vulnerabilities and Issues — Ditty CVE List

Lucene search

MetaphorcreationsDitty

5 matches found

CVE•added 2024/05/27 6:15 a.m.•49 views

CVE-2024-3939

The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

5.4CVSS5.6AI score0.00261EPSS

CVE•added 2024/08/23 6:15 a.m.•40 views

CVE-2024-6715

The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue (https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/) in v3.1.39

6.1CVSS6.5AI score0.00032EPSS

CVE•added 2024/07/13 6:15 a.m.•39 views

CVE-2024-5575

The Ditty WordPress plugin before 3.1.43 does not sanitise and escape some of its blocks' settings, which could allow high privilege users such as authors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.7CVSS4.8AI score0.0034EPSS

CVE•added 2024/11/21 11:15 a.m.•39 views

CVE-2024-9600

The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks.

4.8CVSS4.8AI score0.00018EPSS

CVE•added 2024/08/05 6:16 a.m.•20 views

CVE-2024-6710

The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.

5.4CVSS5.8AI score0.00108EPSS