CVE-2022-3708 : The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forger

The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This makes it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Published 2022-10-28 19:15:10

Updated 2025-05-05 13:15:47

Source Wordfence

View at NVD, CVE.org

Vulnerability category: Server-side request forgery (SSRF)

Products affected by CVE-2022-3708

Google » Web Stories » For Wordpress
Versions before (<) 1.25.0
cpe:2.3:a:google:web_stories:*:*:*:*:*:wordpress:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-3708

EPSS FAQ

0.22%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 44 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-3708

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
8.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N	2.8	5.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: None
9.6	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N	3.1	5.8	Wordfence
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: None

CWE ids for CVE-2022-3708

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
- security@wordfence.com (Primary)

References for CVE-2022-3708

https://wordpress.org/plugins/web-stories

Web Stories – WordPress plugin | WordPress.org
Product;Release Notes;Third Party Advisory
https://github.com/GoogleForCreators/web-stories-wp/compare/v1.24.0...v1.25.0

Comparing v1.24.0...v1.25.0 · GoogleForCreators/web-stories-wp · GitHub
Patch;Release Notes;Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/7817a840-325a-4709-8374-84bb32d98d0e?source=cve

Web Stories <= 1.24.0 - Server Side Request Forgery
Third Party Advisory
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3708

Vulnerability Advisories Continued - Wordfence
Third Party Advisory
https://github.com/GoogleForCreators/web-stories-wp/commit/3ad2099f95155d658624ffac2e34ce0da739e34b

Improve URL checks in hotlinking controller · GoogleForCreators/web-stories-wp@3ad2099 · GitHub
Patch;Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-3708

Products affected by CVE-2022-3708

Exploit prediction scoring system (EPSS) score for CVE-2022-3708

CVSS scores for CVE-2022-3708

CWE ids for CVE-2022-3708

References for CVE-2022-3708