Filtered by vendor Metaphorcreations
Subscriptions
Filtered by product Ditty
Subscriptions
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6710 | 1 Metaphorcreations | 1 Ditty | 2024-09-05 | 5.4 Medium |
| The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. | ||||
| CVE-2024-6715 | 1 Metaphorcreations | 1 Ditty | 2024-08-26 | 6.1 Medium |
| The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue (https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/) in v3.1.39 | ||||
| CVE-2022-0533 | 1 Metaphorcreations | 1 Ditty | 2024-08-02 | 6.1 Medium |
| The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2023-23874 | 1 Metaphorcreations | 1 Ditty | 2024-08-02 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Metaphor Creations Ditty plugin <= 3.0.32 versions. | ||||
| CVE-2023-4148 | 1 Metaphorcreations | 1 Ditty | 2024-08-02 | 6.1 Medium |
| The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-32569 | 1 Metaphorcreations | 1 Ditty | 2024-08-02 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metaphor Creations Ditty allows Stored XSS.This issue affects Ditty: from n/a through 3.1.31. | ||||
Page 1 of 1.