CVE-2025-8085
Published Sep 8, 2025
Last updated a day ago
AI description
CVE-2025-8085 is an unauthenticated Server-Side Request Forgery (SSRF) vulnerability found in the Ditty WordPress plugin, specifically in versions prior to 3.1.58. The vulnerability exists in the `wp-json/dittyeditor/v1/displayItems` endpoint, which allows unauthenticated users to force the server to fetch arbitrary URLs, whether external or internal. The lack of authentication and authorization checks on requests to the `displayItems` endpoint means that any visitor can make the server request arbitrary URLs. This could expose internal network resources or lead to further exploits like remote code execution or data exfiltration.
- Description
- The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.
- Source
- contact@wpscan.com
- NVD status
- Awaiting Analysis
- Hype score
- Not currently trending
📱 CVE-2025-8085: SSRF Vulnerability in WordPress Ditty Plugin Exposes Thousands of Sites 🔍 A critical flaw has been identified in the Ditty plugin for WordPress that allows attackers to send arbitrary requests without requiring authentication. https://t.co/3oKUxp8iOn
@tpx_Security
8 Sept 2025
217 Impressions
2 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
📱 CVE-2025-8085: Vulnerabilidad SSRF en plugin Ditty de WordPress expone miles de sitios 🔍 Se identificó una falla crítica en el plugin Ditty para WordPress que permite a atacantes realizar solicitudes arbitrarias sin necesidad de autenticación. https://t.co/PEKLEDVEvg
@tpx_Security
8 Sept 2025
205 Impressions
2 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 New Research Alert! 🚨 CVE-2025-8085 – Unauthenticated SSRF in the WordPress Ditty plugin could allow attackers to pivot through your server into internal networks! Dive deep into the technical analysis and PoC here 👇 🔗 https://t.co/HThxKSPc5p #WordPress #SSRF #
@NullSecurityX
8 Sept 2025
922 Impressions
3 Retweets
20 Likes
7 Bookmarks
0 Replies
1 Quote
CVE-2025-8085: SSRF in Ditty WordPress plugin, 8.6 rating❗️ The vulnerability allows attackers without authentication to make requests to arbitrary URLs. Search at https://t.co/hv7QKSr5Jp: 👉 Link: https://t.co/Ch7nLlneQj https://t.co/oGYJ8Tel9s
@Netlas_io
8 Sept 2025
110 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-8085 Unauthenticated URL Request Vulnerability in Ditty WordPress Plugin Before 3.1.58 https://t.co/8b0NgbSnZn
@VulmonFeeds
8 Sept 2025
723 Impressions
1 Retweet
1 Like
0 Bookmarks
2 Replies
0 Quotes
CVE-2025-8085 The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make re… https://t.co/fEjAG6ZfUK
@CVEnew
8 Sept 2025
395 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-8085: Unauthenticated SSRF in Ditty WordPress plugin lets anyone make your server fetch internal URLs. Patch to 3.1.58+ now! Full advisory ➡️ https://t.co/wfytyUEGLV #WordPress #infosec #AppSec
@VolerionSec
8 Sept 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes