metaphorcreations ditty CVE Vulnerabilities (10)

CVEs: 10 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting metaphorcreations ditty (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 110 of 10 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2025-8085 The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. [email protected] 8.6 16.40% 2025-09-08 2026-06-17
CVE-2024-13357 The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). [email protected] 4.8 0.27% 2025-05-15 2026-06-17
CVE-2024-9600 The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks. [email protected] 4.8 0.36% 2024-11-21 2026-06-17
CVE-2024-6715 The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue (https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/) in v3.1.39 [email protected] 6.1 0.32% 2024-08-23 2026-06-17
CVE-2024-6710 The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. [email protected] 5.4 0.33% 2024-08-05 2026-06-17
CVE-2024-5575 The Ditty WordPress plugin before 3.1.43 does not sanitise and escape some of its blocks' settings, which could allow high privilege users such as authors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed [email protected] 4.7 0.41% 2024-07-13 2026-06-17
CVE-2024-3939 The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) [email protected] 5.4 0.40% 2024-05-27 2026-06-17
CVE-2023-4148 The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. [email protected] 6.1 0.81% 2023-09-25 2026-06-17
CVE-2023-23874 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Metaphor Creations Ditty plugin <= 3.0.32 versions. [email protected] 6.5 0.39% 2023-05-03 2026-06-17
CVE-2022-0533 The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability. [email protected] 6.1 1.86% 2022-03-07 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence