VYPR

Web Stories

by Google

Source repositories

CVEs (2)

  • CVE-2022-3708CriOct 28, 2022
    risk 0.55cvss 9.6epss 0.01

    The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This makes it possible for…

  • CVE-2024-54317MedDec 13, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Google Web Stories web-stories allows Stored XSS.This issue affects Web Stories: from n/a through <= 1.37.0.