VulnCheck KEV: CVE-2025-8085

The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...

CVE-2025-8085

The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...

CVE-2025-8085

The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...

CVE-2025-8085 Ditty < 3.1.58 - Unauthenticated SSRF

The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...

CVE-2025-8085

Summary: Ditty WordPress plugin versions prior to 3.1.58 expose an unauthenticated SSRF via the displayItems API (wp-json/dittyeditor/v1/displayItems), enabling requests to arbitrary URLs. The Nuclei template confirms the endpoint vulnerability and notes prior nonce-based fix did not prevent acce...

WordPress plugin Ditty 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-36441

Name of the Vulnerable Software and Affected Versions Ditty WordPress plugin versions prior to 3.1.58 Description The Ditty WordPress plugin before version 3.1.58 has a flaw where the displayItems endpoint does not require authorization or authentication. This allows unauthenticated visitors to...

abstractearth.com XSS vulnerability

Vulnerable URL: http://www.abstractearth.com/displayitems.asp?discipline=Sculpture==3medium=Woodtype=1"...