Name of the Vulnerable Software and Affected Versions: Ditty WordPress plugin versions prior to 3.1.58 Description: The Ditty WordPress plugin is susceptible to an unauthenticated Server-Side Request Forgery (SSRF) condition. This flaw resides in the wp-json/dittyeditor/v1/displayItems API endpoint, which does not enforce proper authorization. This allows unauthenticated attackers to make requests to arbitrary URLs, potentially enabling internal network reconnaissance or access to protected resources. Recommendations: Update Ditty WordPress plugin to version 3.1.58 or…Read More
PT-2025-36441
