Shodan
Vulnerabilities
Vulnerable Software
Metaphorcreations:  >> Ditty  >> 2.2  Security Vulnerabilities
CVE-2024-13357
The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS Score
4.8
EPSS Score
0.0
Published
2025-05-15
CVE-2024-9600
The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks.
CVSS Score
4.8
EPSS Score
0.0
Published
2024-11-21
CVE-2024-6715
The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue (https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/) in v3.1.39
CVSS Score
6.1
EPSS Score
0.0
Published
2024-08-23
CVE-2024-6710
The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
CVSS Score
5.4
EPSS Score
0.0
Published
2024-08-05
CVE-2024-5575
The Ditty WordPress plugin before 3.1.43 does not sanitise and escape some of its blocks' settings, which could allow high privilege users such as authors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVSS Score
4.7
EPSS Score
0.0
Published
2024-07-13
CVE-2024-3939
The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS Score
5.4
EPSS Score
0.0
Published
2024-05-27
CVE-2023-4148
The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVSS Score
6.1
EPSS Score
0.034
Published
2023-09-25
CVE-2023-23874
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Metaphor Creations Ditty plugin <= 3.0.32 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-05-03
CVE-2022-0533
The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.
CVSS Score
6.1
EPSS Score
0.025
Published
2022-03-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved