CVE-2025-8085 — Vulnetix

CVE-2025-8085 PUBLISHED CVSS 8.600000381469727 HIGH

The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.

EPSS 10.92% · 93.5th percentile

Risk Scores

CVSS v3.1

8.600000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS Score

10.92%

93.5th percentile

Affected Products

Vendor	Product	Versions
Unknown	Ditty	0
metaphorcreations	ditty	0

Timeline

Sep 8, 2025 EPSS Score
Sep 8, 2025 CVE Published
Sep 8, 2025 CVE Updated
Sep 8, 2025 PoC Published
Sep 10, 2025 PoC Published
Sep 11, 2025 PoC Published
Sep 11, 2025 PoC Published
Sep 14, 2025 EPSS Score
Sep 15, 2025 EPSS Score
Sep 22, 2025 EPSS Score
Oct 7, 2025 EPSS Score
Oct 10, 2025 EPSS Score

References

https://wpscan.com/vulnerability/f42c37bb-1ae0-49ab-bd81-7864dff0fcff/ exploit
https://nvd.nist.gov/vuln/detail/CVE-2025-8085 advisory
https://wpscan.com/vulnerability/f42c37bb-1ae0-49ab-bd81-7864dff0fcff url

Open in Interactive Console →