Security Advisory

CVE-2025-8085

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-08 06:00:04

Last updated 2025-09-08 18:17:25

Assigner WPScan

State PUBLISHED

Description

The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.

← Browse all CVEs View on cve.org ↗