ГлавнаяУязвимости → CVE-2025-8085
8.6высокая

CVE-2025-8085

Описание

The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.

Затрагиваемое ПО
Metaphorcreations Ditty
CVSS
Балл8.6 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Источники
https://wpscan.com/vulnerability/f42c37bb-1ae0-49ab-bd81-7864dff0fcff/