Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

metaphorcreations — Vulnerabilities & Security Advisories 7

Browse all 7 CVE security advisories affecting metaphorcreations. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Metaphorcreations develops web applications and content management systems, primarily serving businesses needing customizable online platforms. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and access control flaws. The organization has addressed multiple critical security issues, with seven CVEs documenting weaknesses in components allowing unauthorized administrative access and persistent XSS attacks. While no major public security incidents have been widely reported, their vulnerability history indicates a pattern of security gaps in user authentication and data sanitization that have required remediation through security patches and version updates.

Top products by metaphorcreations: Post Duplicator Ditty Ditty – Responsive News Tickers, Sliders, and Lists Metaphor Widgets
CVE IDTitleCVSSSeverityPublished
CVE-2026-2301 Post Duplicator <= 3.0.8 - Missing Authorization to Authenticated (Contributor+) Protected Post Meta Insertion via 'customMetaData' Parameter — Post DuplicatorCWE-862 4.3 Medium2026-02-25
CVE-2025-60105 WordPress Ditty Plugin <= 3.1.58 - Cross Site Scripting (XSS) Vulnerability — DittyCWE-79 6.5 Medium2025-09-26
CVE-2025-24736 WordPress Post Duplicator plugin <= 2.35 - Broken Access Control vulnerability — Post DuplicatorCWE-862 4.3 Medium2025-01-24
CVE-2025-23816 WordPress Metaphor Widgets plugin <= 2.4 - Stored Cross Site Scripting (XSS) vulnerability — Metaphor WidgetsCWE-79 6.5 Medium2025-01-16
CVE-2024-12472 Post Duplicator <= 2.36 - Authenticated (Contributor+) Protected Post Disclosure — Post DuplicatorCWE-639 4.3 Medium2025-01-11
CVE-2023-47764 WordPress Ditty plugin <= 3.1.24 - Broken Access Control vulnerability — DittyCWE-862 6.5 Medium2024-12-09
CVE-2024-3954 Ditty – Responsive News Tickers, Sliders, and Lists <= 3.1.38 - Authenticated (Contributor+) PHP Object Injection — Ditty – Responsive News Tickers, Sliders, and ListsCWE-502 8.8 High2024-05-09

This page lists every published CVE security advisory associated with metaphorcreations. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.