Metaphorcreations Ditty — known CVE vulnerabilities
Every CVE whose affected-product data names Metaphorcreations Ditty, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2025-8085 — CVSS 8.6 (high): The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing…
CVE-2022-0533 — CVSS 6.1 (medium): The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2023-4148 — CVSS 6.1 (medium): The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in…
CVE-2024-6715 — CVSS 6.1 (medium): The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue (https://wpscan.com/vulnerability/80a9eb3a-2cb1-484…
CVE-2024-6710 — CVSS 5.4 (medium): The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as…
CVE-2024-3939 — CVSS 5.4 (medium): The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as…
CVE-2024-13357 — CVSS 4.8 (medium): The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as…
CVE-2024-9600 — CVSS 4.8 (medium): The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as…
CVE-2024-5575 — CVSS 4.7 (medium): The Ditty WordPress plugin before 3.1.43 does not sanitise and escape some of its blocks' settings, which could allow high privilege users…