Spidersec

**Name of the Vulnerable Software and Affected Versions** The Real Cookie Banner versions up to and including 5.2.4 **Description** The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is susceptible to Server-Side Request Forgery. This is caused by inadequate validation of the user-supplied URL in the `/scanner/scan-without-login` API endpoint. Authenticated attackers with administrator-level access or higher can leverage this to make web requests to arbitrary locations from the web application. Exploitation involves the `url` parameter, allowing attackers to query and modify information from internal services. **Recommendations** Update The Real Cookie Banner to a version later than 5.2.4.