CVE-2022-3708: 
WordPress vulnerability analysis and mitigation

The Web Stories plugin for WordPress was found to be vulnerable to Server-Side Request Forgery (SSRF) in versions up to and including 1.24.0. The vulnerability was discovered by researcher Aymen Borgi and was publicly disclosed on October 26, 2022. The issue affected the plugin's hotlink proxy REST endpoint, which failed to properly validate URL parameters, potentially allowing authenticated users with subscriber-level access or higher to perform SSRF attacks (WPScan).

The vulnerability received a CVSS score of 9.6 (Critical) with the vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N. The security flaw existed in the URL validation mechanism of the v1/hotlink/proxy REST endpoint. The fix was implemented in version 1.25.0 through improved URL checks in the hotlinking controller, which added additional validation for various private IP ranges including 100.64.0.0/10, 169.254.0.0/16, and other internal network ranges (GitHub Commit).

The vulnerability could allow authenticated attackers to perform Server-Side Request Forgery attacks, potentially leading to unauthorized access to internal resources and AWS metadata theft. This could result in the exposure of sensitive information and potential access to internal systems (Dark Reading).

The vulnerability was patched in version 1.25.0 of the Web Stories plugin. Users are strongly advised to update to this version or later to protect against potential SSRF attacks. The fix includes improved URL validation checks that prevent access to internal IP ranges and private networks (GitHub Commit).