Plataforma
wordpress
Componente
web-stories
Corrigido em
1.24.1
CVE-2022-3708 is a Server-Side Request Forgery (SSRF) vulnerability affecting the WordPress Web Stories plugin. This flaw allows authenticated users to initiate web requests to arbitrary locations, effectively bypassing security controls and potentially exposing sensitive internal resources. The vulnerability impacts versions of the plugin up to and including 1.24.0, but a patch is available in version 1.25.0.
The SSRF vulnerability in Web Stories allows an attacker, once authenticated within the WordPress site, to craft malicious requests through the /v1/hotlink/proxy endpoint. This bypasses URL validation, enabling the attacker to send requests to internal services that are not directly accessible from the outside. Successful exploitation could lead to information disclosure, modification of internal data, or even potential access to other systems within the same network. The impact is particularly severe because it can be leveraged to scan internal networks and identify vulnerable services, potentially leading to further compromise. This is similar to SSRF vulnerabilities found in other WordPress plugins where internal resources were inadvertently exposed.
CVE-2022-3708 was publicly disclosed on October 28, 2022. The vulnerability is considered high probability due to its relatively simple exploitation path and the widespread use of the Web Stories plugin. No public proof-of-concept (PoC) code has been widely publicized, but the SSRF nature of the vulnerability makes it likely that exploits will emerge. It is not currently listed on the CISA KEV catalog.
Websites using the WordPress Web Stories plugin, particularly those with custom authentication mechanisms or internal services accessible via HTTP, are at risk. Shared hosting environments where multiple websites share the same server are also at increased risk, as a compromise of one site could potentially lead to exploitation of the vulnerability on other sites.
• wordpress / plugin:
wp plugin list | grep Web Stories• wordpress / plugin: Check the version of the Web Stories plugin using wp plugin list and verify it is below 1.25.0.
• wordpress / plugin: Review WordPress access logs for requests to /v1/hotlink/proxy originating from authenticated users.
• wordpress / plugin: Examine the plugin's code for instances of URL validation related to the /v1/hotlink/proxy endpoint.
disclosure
Status do Exploit
EPSS
0.86% (percentil 75%)
Vetor CVSS
The primary mitigation for CVE-2022-3708 is to immediately upgrade the WordPress Web Stories plugin to version 1.25.0 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to block requests to the /v1/hotlink/proxy endpoint or restrict the allowed domains. Additionally, review and restrict the permissions of authenticated users to minimize the potential impact of a successful exploit. Monitor WordPress access logs for unusual outbound requests originating from the plugin.
Atualize o plugin Web Stories para a versão 1.25.0 ou superior. Esta versão contém uma correção para a vulnerabilidade de Server-Side Request Forgery (SSRF). A atualização pode ser realizada diretamente do painel de administração do WordPress.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2022-3708 is a critical Server-Side Request Forgery vulnerability in the WordPress Web Stories plugin, allowing authenticated users to make arbitrary web requests.
You are affected if you are using WordPress Web Stories plugin versions 1.24.0 or earlier. Upgrade to 1.25.0 or later to mitigate the risk.
Upgrade the WordPress Web Stories plugin to version 1.25.0 or later. Consider WAF rules as a temporary workaround if upgrading is not immediately possible.
While no widespread exploitation has been confirmed, the SSRF nature of the vulnerability makes it likely that exploits will emerge. Proactive patching is recommended.
Refer to the official WordPress security advisory for details: https://wpscan.com/scan/114557
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.