Lucene search

[email protected]NVD:CVE-2022-3708

HistoryOct 28, 2022 - 7:15 p.m.

CVE-2022-3708

2022-10-2819:15:10

CWE-918

[email protected]

web.nvd.nist.gov

web stories

wordpress

ssrf

vulnerable

api

endpoint

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

42.9%

JSON

The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the ‘url’ parameter found via the /v1/hotlink/proxy REST API Endpoint. This makes it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Affected configurations

Nvd

Node

googleweb_storiesRange<1.25.0wordpress

VendorProductVersionCPE
googleweb_stories*cpe:2.3:a:google:web_stories:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
google	web_stories	*	cpe:2.3:a:google:web_stories::::::wordpress::*

References

github.com/GoogleForCreators/web-stories-wp/commit/3ad2099f95155d658624ffac2e34ce0da739e34b

github.com/GoogleForCreators/web-stories-wp/compare/v1.24.0...v1.25.0

wordpress.org/plugins/web-stories

www.wordfence.com/threat-intel/vulnerabilities/id/7817a840-325a-4709-8374-84bb32d98d0e?source=cve

www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3708

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

42.9%

JSON

Related for NVD:CVE-2022-3708

prion1 wpvulndb1 cve1 osv1 cvelist1 cnvd1 patchstack1