Ditty Security Vulnerabilities and Issues — Ditty CVE List

Lucene search

MetaphorcreationsDitty

6 matches found

CVE•added 2024/12/09 1:15 p.m.•73 views

CVE-2023-47764

Missing Authorization vulnerability in Metaphor Creations Ditty allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ditty: from n/a through 3.1.24.

6.5CVSS6.5AI score0.00125EPSS

CVE•added 2024/05/27 6:15 a.m.•48 views

CVE-2024-3939

The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

5.4CVSS5.6AI score0.00257EPSS

CVE•added 2024/08/23 6:15 a.m.•39 views

CVE-2024-6715

The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue (https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/) in v3.1.39

6.1CVSS6.5AI score0.00032EPSS

CVE•added 2024/11/21 11:15 a.m.•38 views

CVE-2024-9600

The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks.

4.8CVSS4.8AI score0.00011EPSS

CVE•added 2024/07/13 6:15 a.m.•37 views

CVE-2024-5575

The Ditty WordPress plugin before 3.1.43 does not sanitise and escape some of its blocks' settings, which could allow high privilege users such as authors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.7CVSS4.8AI score0.00032EPSS

CVE•added 2024/08/05 6:16 a.m.•18 views

CVE-2024-6710

The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.

5.4CVSS5.8AI score0.00027EPSS