Skip to main content

Web Stories

2 CVEs product

Monthly

CVE-2023-1979 MEDIUM PATCH This Month

The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

WordPress Authentication Bypass Web Stories
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-3708 CRITICAL PATCH Act Now

The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Web Stories
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.9%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

WordPress Authentication Bypass Web Stories
NVD GitHub
EPSS 1% CVSS 9.6
CRITICAL PATCH Act Now

The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Web Stories
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy