Description
WordPress Plugin Web Stories is prone to a server-side request forgery vulnerability. An attacker may leverage this issue to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin Web Stories version 1.24.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.25.0 or latest
References
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3708
https://github.com/GoogleForCreators/web-stories-wp/commit/3ad2099f95155d658624ffac2e34ce0da739e34b
Related Vulnerabilities
WordPress Plugin Duplicator-WordPress Migration Cross-Site Scripting (1.2.28)
WordPress Plugin WPGraphQL Security Bypass (0.2.3)
Nginx CVE-2023-27729 Vulnerability (CVE-2023-27729)
Oracle JRE CVE-2013-5788 Vulnerability (CVE-2013-5788)
WordPress Plugin SodaHead Polls Multiple Cross-Site Scripting Vulnerabilities (2.0.2)