8 matches found
VulnCheck KEV: CVE-2025-8085
The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...
CVE-2025-8085
The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...
CVE-2025-8085
The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...
CVE-2025-8085
Summary: Ditty WordPress plugin versions prior to 3.1.58 expose an unauthenticated SSRF via the displayItems API (wp-json/dittyeditor/v1/displayItems), enabling requests to arbitrary URLs. The Nuclei template confirms the endpoint vulnerability and notes prior nonce-based fix did not prevent acce...
CVE-2025-8085 Ditty < 3.1.58 - Unauthenticated SSRF
The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...
WordPress plugin Ditty 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2025-36441
Name of the Vulnerable Software and Affected Versions Ditty WordPress plugin versions prior to 3.1.58 Description The Ditty WordPress plugin before version 3.1.58 has a flaw where the displayItems endpoint does not require authorization or authentication. This allows unauthenticated visitors to...
abstractearth.com XSS vulnerability
Vulnerable URL: http://www.abstractearth.com/displayitems.asp?discipline=Sculpture==3medium=Woodtype=1"...