WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error vulnerability exists in versions of the WordPress Web Stories plugin prior to 1.25.0, which stems from insufficient URL validation by the url parameter of its /v1/hotlink/proxy REST API endpoint, which can be exploited by an attacker to make a web request to an arbitrary location from a web application, and can be used to query and modify information from internal services.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress web stories | lt | 1.25.0 |