Google Web Stories vulnerabilities

CVE-2024-54317 CWE-79 CVE-2024-54317: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Google Web Stories web-stories allows Stored XSS.This issue affects Web Stories: from n/a through <= 1.37.0.

CVE-2023-1979 [MEDIUM] CWE-863 CVE-2023-1979: The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting con The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the "Author" role can create stories, but don't have the ability to edit password protected stories. The vulnerability al

CVE-2022-3708 [CRITICAL] CWE-918 CVE-2022-3708: The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This makes it possible for authenticated users to make web requests to arbitrary locations originating fro