CVE-2024-6715 - Vulnerability Details - OpenCVE

The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue (https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/) in v3.1.39

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00231.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Metaphorcreations	Ditty

Configuration 1 [-]

cpe:2.3:a:metaphorcreations:ditty:*:*:*:*:*:wordpress:*:*

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://wpscan.com/vulnerability/19406acc-3441-4d4a-9163-ace8f1dceb78/

History

Sat, 17 May 2025 02:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:metaphorcreations:ditty::::::wordpress::*

Mon, 26 Aug 2024 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Metaphorcreations Metaphorcreations ditty
CPEs		cpe:2.3:a:metaphorcreations:ditty::::::::
Vendors & Products		Metaphorcreations Metaphorcreations ditty
Metrics		cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 23 Aug 2024 06:15:00 +0000

Type	Values Removed	Values Added
Description		The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue (https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/) in v3.1.39
Title		Ditty 3.1.39-3.1.45 - Author+ Stored XSS
References		https://wpscan.com/vulnerability/19406acc-3441-4d4a-9163-ace8f1dceb78/

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-08-23T06:00:04.204Z

Updated: 2024-08-26T14:12:50.015Z

Reserved: 2024-07-12T15:12:42.543Z

Link: CVE-2024-6715

Vulnrichment

Updated: 2024-08-26T14:12:44.046Z

NVD

Status : Analyzed

Published: 2024-08-23T06:15:04.070

Modified: 2025-05-17T02:08:32.527

Link: CVE-2024-6715

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6715", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2024-07-12T15:12:42.543Z", "datePublished": "2024-08-23T06:00:04.204Z", "dateUpdated": "2024-08-26T14:12:50.015Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-08-23T06:00:04.204Z"}, "title": "Ditty 3.1.39-3.1.45 - Author+ Stored XSS", "problemTypes": [{"descriptions": [{"description": "CWE-79 Cross-Site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Ditty", "versions": [{"status": "affected", "versionType": "semver", "version": "3.1.39", "lessThan": "3.1.46"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue (https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/) in v3.1.39"}], "references": [{"url": "https://wpscan.com/vulnerability/19406acc-3441-4d4a-9163-ace8f1dceb78/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Erwan LR (WPScan)", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"affected": [{"vendor": "metaphorcreations", "product": "ditty", "cpes": ["cpe:2.3:a:metaphorcreations:ditty:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.1.39", "status": "affected", "lessThan": "3.1.45", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-26T14:11:28.345102Z", "id": "CVE-2024-6715", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-26T14:12:50.015Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-6715", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-26T14:11:28.345102Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:metaphorcreations:ditty:*:*:*:*:*:*:*:*"], "vendor": "metaphorcreations", "product": "ditty", "versions": [{"status": "affected", "version": "3.1.39", "lessThan": "3.1.45", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-26T14:12:44.046Z"}}], "cna": {"title": "Ditty 3.1.39-3.1.45 - Author+ Stored XSS", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Erwan LR (WPScan)"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "Ditty", "versions": [{"status": "affected", "version": "3.1.39", "lessThan": "3.1.46", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://wpscan.com/vulnerability/19406acc-3441-4d4a-9163-ace8f1dceb78/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue (https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/) in v3.1.39"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-79 Cross-Site Scripting (XSS)"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-08-23T06:00:04.204Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6715", "state": "PUBLISHED", "dateUpdated": "2024-08-26T14:12:50.015Z", "dateReserved": "2024-07-12T15:12:42.543Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2024-08-23T06:00:04.204Z", "assignerShortName": "WPScan"}, "dataVersion": "5.1"}