CVE-2025-8085
Published: 08 September 2025
Summary
CVE-2025-8085 is a high-severity SSRF (CWE-918) vulnerability in Metaphorcreations Ditty. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
The Ditty WordPress plugin before version 3.1.58 contains an authorization and authentication flaw in its displayItems endpoint. The issue is tracked as CVE-2025-8085 and assigned CWE-918, enabling unauthenticated requests to arbitrary URLs. It carries a CVSS 3.1 score of 8.6 reflecting network attack vector, low complexity, and no required privileges or user interaction, with impacts scoped to changed confidentiality.
Unauthenticated remote attackers can invoke the endpoint to perform server-side request forgery. Successful exploitation allows the attacker to reach internal or external resources that the WordPress server can access, potentially disclosing sensitive data without any prior authentication.
The primary public reference is the WPScan advisory located at https://wpscan.com/vulnerability/f42c37bb-1ae0-49ab-bd81-7864dff0fcff/.
EPSS probability rose from a low baseline to a peak of 0.1887 before settling at the current value of 0.1092, indicating that exploitation interest increased after disclosure.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-27111
Vulnerability details
The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF in public-facing WordPress plugin endpoint directly enables remote exploitation of the application (T1190) and specifically facilitates access to cloud instance metadata APIs (T1522) as described.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces authentication and authorization on the displayItems endpoint to prevent unauthenticated users from triggering SSRF requests to arbitrary URLs.
Validates URL inputs to the displayItems endpoint to block server-side fetches to unauthorized internal or external resources.
Enforces information flow control policies to restrict server-initiated requests from SSRF exploitation to unauthorized destinations.