CVE-2023-4148: Ditty < 3.1.25 - Reflected XSS
First published: Mon Sep 25 2023(Updated: )
The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Credit: contact@wpscan.com contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Metaphor Creations Ditty | <3.1.25 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of the Ditty WordPress plugin vulnerability?
The vulnerability ID of the Ditty WordPress plugin vulnerability is CVE-2023-4148.
What is the severity level of CVE-2023-4148?
The severity level of CVE-2023-4148 is medium.
What software is affected by CVE-2023-4148?
The affected software is the Ditty WordPress plugin before version 3.1.25.
What is the CWE number of CVE-2023-4148?
The CWE number of CVE-2023-4148 is 79.
How can the Ditty WordPress plugin vulnerability be exploited?
The vulnerability can be exploited through Reflected Cross-Site Scripting attacks, which could be used against high privilege users such as admin.
- agent/author
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/metaphorcreations
- canonical/metaphor creations ditty