Vulnerabilities > Google > WEB Stories

DATE CVE VULNERABILITY TITLE RISK
2023-05-08 CVE-2023-1979 Incorrect Authorization vulnerability in Google web Stories
The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password.
network
low complexity
google CWE-863
6.5
2022-10-28 CVE-2022-3708 Server-Side Request Forgery (SSRF) vulnerability in Google web Stories
The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint.
network
low complexity
google CWE-918
8.1