CVE-2025-8085
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-08

Last updated on: 2026-02-09

Assigner: WPScan

Description
The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-08
Last Modified
2026-02-09
Generated
2026-06-16
AI Q&A
2025-09-08
EPSS Evaluated
2026-06-15
NVD
CVE-2025-8085
EUVD
EUVD-2025-27111
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
metaphorcreations ditty to 3.1.58 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-8085 is a Server-Side Request Forgery (SSRF) vulnerability in the Ditty WordPress plugin versions before 3.1.58. The vulnerability occurs because the plugin's displayItems endpoint does not require proper authorization or authentication, allowing unauthenticated users to send requests to arbitrary URLs through this endpoint. This means an attacker can craft requests that cause the server to make HTTP requests to attacker-controlled or other arbitrary URLs, potentially leading to unauthorized actions or information disclosure. [1]

Impact Analysis

This vulnerability can allow attackers to make the server perform requests to arbitrary URLs, which can lead to several impacts such as accessing internal systems not normally reachable from outside, leaking sensitive information, or interacting with internal services. Because the server acts as a proxy for these requests, attackers might exploit this to bypass network restrictions or perform further attacks within the internal network. [1]

Detection Guidance

This vulnerability can be detected by monitoring for unauthorized or unusual POST requests to the endpoint `/wp-json/dittyeditor/v1/displayItems`. Specifically, look for POST requests containing JSON data with layouts that include HTML image tags referencing external or suspicious URLs. A sample detection command using curl to test the endpoint could be: curl -X POST https://yourwordpresssite.com/wp-json/dittyeditor/v1/displayItems -H "Content-Type: application/json" -d '{"layout":"<img src=\"https://127.0.0.1:9393/poc\">"}' If the server processes this request without proper authorization, it indicates the vulnerability is present. Additionally, network monitoring tools can be configured to alert on outbound requests triggered by such POST requests to arbitrary URLs. [1]

Mitigation Strategies

The immediate mitigation step is to update the Ditty WordPress plugin to version 3.1.58 or later, where the vulnerability has been fixed. Until the update can be applied, restrict access to the `/wp-json/dittyeditor/v1/displayItems` endpoint by implementing authentication and authorization controls, or block access to this endpoint via web application firewall (WAF) rules or server configuration to prevent unauthenticated requests. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-8085. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart