CVE Vulnerabilities

CVE-2024-11638

Published: Mar 10, 2025 | Modified: May 21, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated attackers to retrieve a logged in user (such as admin) cookies by making them open a crafted URL as the request made to analysed the URL contains such cookies.

Affected Software

Name Vendor Start Version End Version
Gtbabel Gtbabel * 6.6.9 (excluding)

References