metaphorcreations CVE Vulnerabilities & Metrics

Focus on metaphorcreations vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About metaphorcreations Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with metaphorcreations. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total metaphorcreations CVEs: 6
Earliest CVE date: 07 Mar 2022, 09:15 UTC
Latest CVE date: 05 Aug 2024, 06:16 UTC

Latest CVE reference: CVE-2024-6710

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -50.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -50.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical metaphorcreations CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 1.97

Max CVSS: 4.3

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	4
4.0-6.9	2
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS metaphorcreations CVEs

These are the five CVEs with the highest CVSS scores for metaphorcreations, sorted by severity first and recency.

CVE-2022-0533 metaphorcreations Published on 07 Mar 2022, 09:15 UTC (CVSS: 4.3)
The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2016-15027 metaphorcreations Published on 20 Feb 2023, 17:15 UTC (CVSS: 4.0)
A vulnerability was found in meta4creations Post Duplicator Plugin 2.18 on WordPress. It has been classified as problematic. Affected is the function mtphr_post_duplicator_notice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.19 is able to address this issue. T...
CVE-2021-33852 metaphorcreations Published on 10 Mar 2022, 17:42 UTC (CVSS: 3.5)
A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Duplicate Title" text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or the application root page after duplicating any of the existing posts.
CVE-2024-6710 metaphorcreations Published on 05 Aug 2024, 06:16 UTC (CVSS: 0)
The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
CVE-2023-4148 metaphorcreations Published on 25 Sep 2023, 16:15 UTC (CVSS: 0)
The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

All CVEs for metaphorcreations

CVE-2024-6710 metaphorcreations vulnerability CVSS: 0 05 Aug 2024, 06:16 UTC

The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.

CVE-2023-4148 metaphorcreations vulnerability CVSS: 0 25 Sep 2023, 16:15 UTC

The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

CVE-2023-23874 metaphorcreations vulnerability CVSS: 0 03 May 2023, 14:15 UTC

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Metaphor Creations Ditty plugin <= 3.0.32 versions.

CVE-2016-15027 metaphorcreations vulnerability CVSS: 4.0 20 Feb 2023, 17:15 UTC

A vulnerability was found in meta4creations Post Duplicator Plugin 2.18 on WordPress. It has been classified as problematic. Affected is the function mtphr_post_duplicator_notice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.19 is able to address this issue. The name of the patch is ca67c05e490c0cf93a1e9b2d93bfeff3dd96f594. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221496.

CVE-2021-33852 metaphorcreations vulnerability CVSS: 3.5 10 Mar 2022, 17:42 UTC

A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Duplicate Title" text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or the application root page after duplicating any of the existing posts.

CVE-2022-0533 metaphorcreations vulnerability CVSS: 4.3 07 Mar 2022, 09:15 UTC

The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.