Vulnerabilities > Metaphorcreations

DATE CVE VULNERABILITY TITLE RISK
2024-08-05 CVE-2024-6710 Cross-site Scripting vulnerability in Metaphorcreations Ditty
The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
network
low complexity
metaphorcreations CWE-79
5.4
5.4
2023-09-25 CVE-2023-4148 Cross-site Scripting vulnerability in Metaphorcreations Ditty
The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
network
low complexity
metaphorcreations CWE-79
6.1
6.1
2023-05-03 CVE-2023-23874 Cross-site Scripting vulnerability in Metaphorcreations Ditty
Auth.
network
low complexity
metaphorcreations CWE-79
5.4
5.4
2023-02-20 CVE-2016-15027 Cross-site Scripting vulnerability in Metaphorcreations Post Duplicator 2.18
A vulnerability was found in meta4creations Post Duplicator Plugin 2.18 on WordPress.
network
low complexity
metaphorcreations CWE-79
6.1
6.1
2022-03-10 CVE-2021-33852 Cross-site Scripting vulnerability in Metaphorcreations Post Duplicator 2.23
A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack.
network
low complexity
metaphorcreations CWE-79
5.4
5.4
2022-03-07 CVE-2022-0533 Cross-site Scripting vulnerability in Metaphorcreations Ditty
The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
metaphorcreations CWE-79
6.1
6.1