Published: 27/12/2021 Updated: 07/01/2022

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 6.5 | Impact Score: 2.5 | Exploitability Score: 3.9

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

The WP Guppy WordPress plugin prior to 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user

Vulnerable Product	Search on Vulmon	Subscribe to Product
wp-guppy wp guppy

Exploit Title: Wordpress Plugin WP Guppy A live chat - WP-JSON API Sensitive Information Disclosure CVE: CVE-2021-24997 Exploit Author: Keyvan Hardani Date: 22/11/2021 Vendor Homepage: wp-guppycom/ Version: up to 11 Tested on: Kali Linux - Windows 10 - Wordpress 58x and apache2 Usage /exploitsh -h

CWE-862 https://wpscan.com/vulnerability/747e6c7e-a167-4d82-b6e6-9e8613f0e900 https://github.com/Keyvanhardani/WP-Guppy-A-live-chat-WP-JSON-API-Sensitive-Information-Disclosure https://nvd.nist.gov https://github.com/Keyvanhardani/WP-Guppy-A-live-chat-WP-JSON-API-Sensitive-Information-Disclosure

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-24997

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect