Browse all 3 CVE security advisories affecting Metaphor Creations. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Metaphor Creations develops web-based collaboration tools with a core use case enabling team project management and document sharing. Historically, their products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and access control flaws. The organization has recorded three CVEs to date, with one notable incident involving an authentication bypass that allowed unauthorized access to sensitive project data. Their security posture has shown improvement in recent releases, though legacy deployments may remain vulnerable to exploitation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-49835 | WordPress Post Duplicator plugin <= 2.31 - Broken Access Control vulnerability — Post DuplicatorCWE-862 | 4.3 | Medium | 2024-12-09 |
| CVE-2024-32569 | WordPress Ditty plugin <= 3.1.31 - Cross Site Scripting (XSS) vulnerability — DittyCWE-79 | 6.5 | Medium | 2024-04-18 |
| CVE-2023-23874 | WordPress Ditty Plugin <= 3.0.32 is vulnerable to Cross Site Scripting (XSS) — DittyCWE-79 | 6.5 | Medium | 2023-05-03 |
This page lists every published CVE security advisory associated with Metaphor Creations. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.