WordPress Plugin Vulnerabilities

Web Stories < 1.25.0 - Subscriber+ Server Side Request Forgery

Description

The plugin does not validate the url parameter passed to the v1/hotlink/proxy REST endpoint, allowing any authenticated users to perform SSRF attacks

Affects Plugins

Plugin icon
web-stories
Fixed in 1.25.0

References

CVE
CVE-2022-3708

Classification

Type
SSRF
OWASP top 10
A1: Injection
CWE
CWE-918
CVSS
6.4 (medium)

Miscellaneous

Original Researcher
Aymen Borgi
Verified
No
WPVDB ID
b28ef28a-8421-43eb-8f40-4644df68209c

Timeline

Publicly Published
2022-10-26 (about 1 years ago)
Added
2022-10-27 (about 1 years ago)
Last Updated
2022-10-27 (about 1 years ago)

Other

Published
Title
Published
2024-04-12
Title
ActiveCampaign < 8.1.15 - Authenticated (Administrator+) Server-Side Request Forgery
Published
2014-08-01
Title
WordPress 1.5.1-3.5 - XML-RPC Pingback API Internal/External Port Scanning
Published
2024-01-08
Title
Contact Form 7 Extension For Mailchimp <= 0.5.70 - Subscriber+ Server-Side Request Forgery
Published
2024-03-27
Title
CMP – Coming Soon & Maintenance < 4.1.11 - Authenticated (Admin+) Server-Side Request Forgery
Published
2022-03-28
Title
EXMAGE < 1.0.7 - Admin+ Blind SSRF