{"vulnerability": "cve-2022-3708", "sightings": [{"uuid": "2f4238bd-0cc7-4ac6-a9cb-11014b8b0d7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3708", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14851", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3708\n\ud83d\udd25 CVSS Score: 9.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N)\n\ud83d\udd39 Description: The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This makes it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.\n\ud83d\udccf Published: 2022-10-28T18:58:21.842Z\n\ud83d\udccf Modified: 2025-05-05T12:57:12.593Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/7817a840-325a-4709-8374-84bb32d98d0e?source=cve\n2. https://wordpress.org/plugins/web-stories\n3. https://github.com/GoogleForCreators/web-stories-wp/compare/v1.24.0...v1.25.0\n4. https://github.com/GoogleForCreators/web-stories-wp/commit/3ad2099f95155d658624ffac2e34ce0da739e34b\n5. https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3708", "creation_timestamp": "2025-05-05T13:19:13.000000Z"}, {"uuid": "78229f9d-09b8-45ad-ad5d-648583bc4622", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3708", "type": "seen", "source": "https://t.me/cibsecurity/52248", "content": "\u203c CVE-2022-3708 \u203c\n\nThe Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This made it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-28T22:29:42.000000Z"}, {"uuid": "6b99dcef-7c19-4931-9476-dde500e2fe80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37085", "type": "seen", "source": "https://t.me/cibsecurity/48762", "content": "\u203c CVE-2022-37085 \u203c\n\nH3C H200 H200V100R004 was discovered to contain a stack overflow via the AddWlanMacList function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-25T18:37:08.000000Z"}, {"uuid": "be84b05d-4677-49ba-a791-85f0591e93b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37086", "type": "seen", "source": "https://t.me/cibsecurity/48761", "content": "\u203c CVE-2022-37086 \u203c\n\nH3C H200 H200V100R004 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-25T18:37:07.000000Z"}, {"uuid": "ee68a1cf-2645-4281-bef0-bf638b96b48f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37087", "type": "seen", "source": "https://t.me/cibsecurity/48752", "content": "\u203c CVE-2022-37087 \u203c\n\nH3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetMobileAPInfoById.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-25T18:34:06.000000Z"}, {"uuid": "cc554252-fa18-4ad1-853c-78ba2987aa74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37089", "type": "seen", "source": "https://t.me/cibsecurity/48736", "content": "\u203c CVE-2022-37089 \u203c\n\nH3C H200 H200V100R004 was discovered to contain a stack overflow via the function EditMacList.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-25T18:29:59.000000Z"}]}