**Name of the Vulnerable Software and Affected Versions:**

Ditty WordPress plugin versions prior to 3.1.58

**Description:**

The Ditty WordPress plugin is susceptible to an unauthenticated Server-Side Request Forgery (SSRF) condition. This flaw resides in the `wp-json/dittyeditor/v1/displayItems` API endpoint, which does not enforce proper authorization. This allows unauthenticated attackers to make requests to arbitrary URLs, potentially enabling internal network reconnaissance or access to protected resources.

**Recommendations:**

Update Ditty WordPress plugin to version 3.1.58 or later.