VDB

CESS-2025-8085

CESS-2025-8085 PUBLISHED CVSS 8.6 HIGH

The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.

Risk Scores

CVSS 3.1
8.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Timeline

  • Sep 8, 2025 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›