Vulnerabilities > Metaphorcreations > Ditty > 2.3.13

DATE CVE VULNERABILITY TITLE RISK
2023-09-25 CVE-2023-4148 Cross-site Scripting vulnerability in Metaphorcreations Ditty
The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
network
low complexity
metaphorcreations CWE-79
6.1
6.1
2023-05-03 CVE-2023-23874 Cross-site Scripting vulnerability in Metaphorcreations Ditty
Auth.
network
low complexity
metaphorcreations CWE-79
5.4
5.4
2022-03-07 CVE-2022-0533 Cross-site Scripting vulnerability in Metaphorcreations Ditty
The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability. 		4.3
4.3