CVE-2021-24997

CVE-2021-24997: WP Guppy < 1.3 - Sensitive Information Disclosure

Vendor Unknown
Product WP Guppy
Weakness CWE-862 · Missing authorization
Published December 27, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user

Key dates

02Disclosure timeline

December 27, 2021 CVE published
August 3, 2024 Record updated