Medium severity6.1NVD Advisory· Published Sep 25, 2023· Updated Jun 17, 2026
CVE-2023-4148
CVE-2023-4148
Description
The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Ditty plugindescription
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/aa39de78-55b3-4237-84db-6fdf6820c58dnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.