What the vulnerability does
01Description
Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPGuppy: from n/a through <= 1.1.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPGuppy: from n/a through <= 1.1.4.
Explanation of Vulnerability in Simple Terms
WPGuppy versions 1.1.4 and earlier lack proper authorization checks, allowing unauthenticated attackers to read sensitive data. The vulnerability requires no user interaction and can be exploited over the network. An attacker can access confidential information and make limited modifications to the application.
What an attacker can do
Read sensitive data and make limited changes without logging in.
Potential impact on your site
Confidential data may be exposed; unauthorized modifications possible without admin action.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources