Lucene search
China National Vulnerability DatabaseCNVD-2023-74817HistoryOct 31, 2022 - 12:00 a.m.
WordPress Web Stories plugin input validation error vulnerability
2022-10-3100:00:00
China National Vulnerability Database
www.cnvd.org.cn
1
wordpress
php
mysql
web stories plugin
input validation
vulnerability
rest api
web request
internal services.
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error vulnerability exists in versions of the WordPress Web Stories plugin prior to 1.25.0, which stems from insufficient URL validation by the url parameter of its /v1/hotlink/proxy REST API endpoint, which can be exploited by an attacker to make a web request to an arbitrary location from a web application, and can be used to query and modify information from internal services.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress web stories | lt | 1.25.0 |
Related
cve
cve
CVE-2022-3708
2022-10-28 19:15:10
prion
prion
Server side request forgery (ssrf)
2022-10-28 19:15:00
nvd
nvd
CVE-2022-3708
2022-10-28 19:15:10
wpvulndb
wpvulndb
Web Stories < 1.25.0 - Subscriber+ Server Side Request Forgery
2022-10-26 00:00:00
osv
osv
CVE-2022-3708
2022-10-28 19:15:10
patchstack
patchstack
cvelist
cvelist
CVE-2022-3708
2022-10-28 18:58:21