CVE-2025-60105 — Cross-site Scripting in Ditty

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

—N/A

No vector

EPSS

0.0%

top 90.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Metaphorcreations Ditty

Timeline

PublishedSep 26

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaphorcreations Ditty ditty-news-ticker allows Stored XSS.This issue affects Ditty: from n/a through <= 3.1.58.

Affected Packages1 packages

▶CVEListV5metaphorcreations/ditty3.1.58

🔴Vulnerability Details

GHSA

GHSA-wh3v-h7p4-p97w: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaphorcreations Ditty allows Stored XSS↗2025-09-26

▶

CVEList

WordPress Ditty Plugin <= 3.1.58 - Cross Site Scripting (XSS) Vulnerability↗2025-09-26

▶