VDB
CESS-2025-8085
CESS-2025-8085
PUBLISHED
CVSS 8.6 HIGH
The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.
Risk Scores
CVSS 3.1
8.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Timeline
- Sep 8, 2025 CVE Published