Security Advisory

CVE-2024-11638

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-10 06:00:01

Last updated 2025-08-27 12:00:28

Assigner WPScan

State PUBLISHED

Description

The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated attackers to retrieve a logged in user (such as admin) cookies by making them open a crafted URL as the request made to analysed the URL contains such cookies.

← Browse all CVEs View on cve.org ↗