Vulnerabilities > Metaphorcreations > Ditty > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-05 | CVE-2024-6710 | Cross-site Scripting vulnerability in Metaphorcreations Ditty The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. | 5.4 |
| 2023-09-25 | CVE-2023-4148 | Cross-site Scripting vulnerability in Metaphorcreations Ditty The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 6.1 |
| 2023-05-03 | CVE-2023-23874 | Cross-site Scripting vulnerability in Metaphorcreations Ditty Auth. | 5.4 |
| 2022-03-07 | CVE-2022-0533 | Cross-site Scripting vulnerability in Metaphorcreations Ditty The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |