CVE-2024-6715 — Cross-site Scripting in Ditty

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 44.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Metaphorcreations Ditty

Timeline

PublishedAug 23

Description

The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue (https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/) in v3.1.39

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDmetaphorcreations/ditty< 3.1.46

🔴Vulnerability Details

CVEList

Ditty 3.1.39-3.1.45 - Author+ Stored XSS↗2024-08-23

▶

GHSA

GHSA-wp3m-rhjq-59fj: The Ditty WordPress plugin before 3↗2024-08-23

▶