CVE-2025-8085
BaseFortify
Publication date: 2025-09-08
Last updated on: 2026-02-09
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| metaphorcreations | ditty | to 3.1.58 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8085 is a Server-Side Request Forgery (SSRF) vulnerability in the Ditty WordPress plugin versions before 3.1.58. The vulnerability occurs because the plugin's displayItems endpoint does not require proper authorization or authentication, allowing unauthenticated users to send requests to arbitrary URLs through this endpoint. This means an attacker can craft requests that cause the server to make HTTP requests to attacker-controlled or other arbitrary URLs, potentially leading to unauthorized actions or information disclosure. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to make the server perform requests to arbitrary URLs, which can lead to several impacts such as accessing internal systems not normally reachable from outside, leaking sensitive information, or interacting with internal services. Because the server acts as a proxy for these requests, attackers might exploit this to bypass network restrictions or perform further attacks within the internal network. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized or unusual POST requests to the endpoint `/wp-json/dittyeditor/v1/displayItems`. Specifically, look for POST requests containing JSON data with layouts that include HTML image tags referencing external or suspicious URLs. A sample detection command using curl to test the endpoint could be: curl -X POST https://yourwordpresssite.com/wp-json/dittyeditor/v1/displayItems -H "Content-Type: application/json" -d '{"layout":"<img src=\"https://127.0.0.1:9393/poc\">"}' If the server processes this request without proper authorization, it indicates the vulnerability is present. Additionally, network monitoring tools can be configured to alert on outbound requests triggered by such POST requests to arbitrary URLs. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Ditty WordPress plugin to version 3.1.58 or later, where the vulnerability has been fixed. Until the update can be applied, restrict access to the `/wp-json/dittyeditor/v1/displayItems` endpoint by implementing authentication and authorization controls, or block access to this endpoint via web application firewall (WAF) rules or server configuration to prevent unauthenticated requests. [1]