Metaphorcreations Ditty

12 CVEs affecting Metaphorcreations Ditty. Latest disclosed: 2025-09-26. Critical: 0, High: 1.

Top CVEs affecting Metaphorcreations Ditty
CVESeverityScorePublishedSummary
CVE-2025-8085High8.62025-09-08The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors t…
CVE-2025-60105Medium6.52025-09-26Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaphorcreations Ditty ditty-news-ticker allows Stored X…
CVE-2023-47764Medium6.52024-12-09Missing Authorization vulnerability in metaphorcreations Ditty ditty-news-ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This i…
CVE-2023-23874Medium6.52023-05-03Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Metaphor Creations Ditty plugin <= 3.0.32 versions.
CVE-2024-6715Medium6.12024-08-23The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue (https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46…
CVE-2023-4148Medium6.12023-09-25The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to…
CVE-2022-0533Medium6.12022-03-07The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2024-6710Medium5.42024-08-05The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cr…
CVE-2024-3939Medium5.42024-05-27The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform St…
CVE-2024-13357Medium4.82025-05-15The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform S…
CVE-2024-9600Medium4.82024-11-21The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform S…
CVE-2024-5575Medium4.72024-07-13The Ditty WordPress plugin before 3.1.43 does not sanitise and escape some of its blocks' settings, which could allow high privilege users such as authors to…