CVE-2022-3708

9.6CRITICAL

Key Information:

Vendor: Google
Status: Web Stories
Vendor: CVE Published:; 28 October 2022

Summary

The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This makes it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Affected Version(s)

Web Stories * <= 1.24.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/web-stories

https://github.com/GoogleForCreators/web-stories-wp/compa...

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 28, 2022
Vulnerability Reserved
Oct 26, 2022

Collectors

NVD DatabaseMitre Database

Credit

Aymen Borgi