PatchstackVULNRICHMENT:CVE-2024-38746CVE-2024-38746 WordPress MakeStories (for Google Web Stories) plugin <= 3.0.3 - Arbitrary File Download and SSRF vulnerability
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
11.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in MakeStories Team MakeStories (for Google Web Stories) allows Path Traversal, Server Side Request Forgery.This issue affects MakeStories (for Google Web Stories): from n/a through 3.0.3.
CNA Affected
[
{
"vendor": "MakeStories Team",
"product": "MakeStories (for Google Web Stories)",
"versions": [
{
"status": "affected",
"changes": [
{
"at": "3.0.4",
"status": "unaffected"
}
],
"version": "n/a",
"versionType": "custom",
"lessThanOrEqual": "3.0.3"
}
],
"packageName": "makestories-helper",
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected"
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
11.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial