Authorization Flaw in Ditty Plugin for WordPress
CVE-2025-8085
Currently unrated
Key Information:
Badges
👾 Exploit Exists🟡 Public PoC
What is CVE-2025-8085?
The Ditty WordPress plugin prior to version 3.1.58 suffers from a significant vulnerability that allows unauthenticated users to exploit its displayItems endpoint. This security oversight enables unauthorized access to request arbitrary URLs, potentially exposing sensitive information or allowing for further attacks. Users of affected versions need to take prompt action to ensure their installations are secure.
Affected Version(s)
Ditty 0 < 3.1.58
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.