Lucene search
WPScanCVELIST:CVE-2021-24997HistoryDec 27, 2021 - 10:33 a.m.
CVE-2021-24997 WP Guppy < 1.3 - Sensitive Information Disclosure
2021-12-2710:33:26
CWE-862
WPScan
www.cve.org
1
0.002 Low
EPSS
Percentile
56.5%
The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user
CNA Affected
[
{
"product": "WP Guppy",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "1.3",
"versionType": "custom"
}
]
}
]Related
patchstack
patchstack
nvd
nvd
CVE-2021-24997
2021-12-27 11:15:09
prion
prion
Information disclosure
2021-12-27 11:15:00
wpvulndb
wpvulndb
WP Guppy < 1.3 - Sensitive Information Disclosure
2021-11-22 00:00:00
cve
cve
CVE-2021-24997
2021-12-27 11:15:09
nuclei
nuclei
WordPress Guppy <=1.1 - Information Disclosure
2021-12-13 20:52:26
wpexploit
wpexploit
WP Guppy < 1.3 - Sensitive Information Disclosure
2021-11-22 00:00:00
cnvd
cnvd
WordPress WP Guppy Plugin Information Disclosure Vulnerability
2021-12-28 00:00:00