Metaphorcreations

Ditty

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-60105

  • EPSS 0.03%
  • Veröffentlicht 26.09.2025 09:15:36
  • Zuletzt bearbeitet 26.09.2025 14:32:19

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaphorcreations Ditty allows Stored XSS. This issue affects Ditty: from n/a through 3.1.58.

8.6

CVE-2025-8085

Exploit
  • EPSS 10.92%
  • Veröffentlicht 08.09.2025 06:00:04
  • Zuletzt bearbeitet 09.02.2026 18:19:09

The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.

4.8

CVE-2024-13357

Exploit
  • EPSS 0.06%
  • Veröffentlicht 15.05.2025 20:15:39
  • Zuletzt bearbeitet 10.06.2025 13:31:40

The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (...

6.5

CVE-2023-47764

  • EPSS 0.16%
  • Veröffentlicht 09.12.2024 13:15:30
  • Zuletzt bearbeitet 09.12.2024 13:15:30

Missing Authorization vulnerability in Metaphor Creations Ditty allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ditty: from n/a through 3.1.24.

4.8

CVE-2024-9600

Exploit
  • EPSS 0.12%
  • Veröffentlicht 21.11.2024 11:15:37
  • Zuletzt bearbeitet 15.05.2025 16:04:05

The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks.

6.1

CVE-2024-6715

Exploit
  • EPSS 0.32%
  • Veröffentlicht 23.08.2024 06:15:04
  • Zuletzt bearbeitet 17.05.2025 02:08:32

The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue (https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/) in v3.1.39

5.4

CVE-2024-6710

  • EPSS 0.21%
  • Veröffentlicht 05.08.2024 06:16:41
  • Zuletzt bearbeitet 05.09.2024 15:30:07

The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.

4.7

CVE-2024-5575

Exploit
  • EPSS 0.27%
  • Veröffentlicht 13.07.2024 06:15:05
  • Zuletzt bearbeitet 13.05.2025 16:10:37

The Ditty WordPress plugin before 3.1.43 does not sanitise and escape some of its blocks' settings, which could allow high privilege users such as authors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

5.4

CVE-2024-3939

Exploit
  • EPSS 0.64%
  • Veröffentlicht 27.05.2024 06:15:09
  • Zuletzt bearbeitet 21.05.2025 19:05:31

The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (f...

8.8

CVE-2024-3954

  • EPSS 1.73%
  • Veröffentlicht 14.05.2024 15:42:37
  • Zuletzt bearbeitet 21.11.2024 09:30:46

The Ditty plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.1.38 via deserialization of untrusted input when adding a new ditty. This makes it possible for authenticated attackers, with contributor-level access and ab...