Vulnerabilities > Metaphorcreations > Ditty > 3.0.21
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-25 | CVE-2023-4148 | Cross-site Scripting vulnerability in Metaphorcreations Ditty The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 6.1 |
2023-05-03 | CVE-2023-23874 | Cross-site Scripting vulnerability in Metaphorcreations Ditty Auth. | 5.4 |