Описание
The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated attackers to retrieve a logged in user (such as admin) cookies by making them open a crafted URL as the request made to analysed the URL contains such cookies.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.6.9 (исключая)
cpe:2.3:a:gtbabel:gtbabel:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 41%
0.00194
Низкий
8.8 High
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.8
github
11 месяцев назад
The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated attackers to retrieve a logged in user (such as admin) cookies by making them open a crafted URL as the request made to analysed the URL contains such cookies.
EPSS
Процентиль: 41%
0.00194
Низкий
8.8 High
CVSS3
Дефекты
NVD-CWE-noinfo