Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities by wp-guppy

    CVE-2021-24997 (GCVE-0-2021-24997)

    Vulnerability from cvelistv5 – Published: 2021-12-27 10:33 – Updated: 2024-08-03 19:49
    VLAI
    Title
    WP Guppy < 1.3 - Sensitive Information Disclosure
    Summary
    The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown WP Guppy Affected: 1.3 , < 1.3 (custom)
    Create a notification for this product.
    Credits
    Keyvan Hardani
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:49:14.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/747e6c7e-a167-4d82-b6e6-9e8613f0e900"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Keyvanhardani/WP-Guppy-A-live-chat-WP-JSON-API-Sensitive-Information-Disclosure"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WP Guppy",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.3",
                  "status": "affected",
                  "version": "1.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Keyvan Hardani"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-27T10:33:26.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/747e6c7e-a167-4d82-b6e6-9e8613f0e900"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Keyvanhardani/WP-Guppy-A-live-chat-WP-JSON-API-Sensitive-Information-Disclosure"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WP Guppy \u003c 1.3 - Sensitive Information Disclosure",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24997",
              "STATE": "PUBLIC",
              "TITLE": "WP Guppy \u003c 1.3 - Sensitive Information Disclosure"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WP Guppy",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.3",
                                "version_value": "1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Keyvan Hardani"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862 Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/747e6c7e-a167-4d82-b6e6-9e8613f0e900",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/747e6c7e-a167-4d82-b6e6-9e8613f0e900"
                },
                {
                  "name": "https://github.com/Keyvanhardani/WP-Guppy-A-live-chat-WP-JSON-API-Sensitive-Information-Disclosure",
                  "refsource": "MISC",
                  "url": "https://github.com/Keyvanhardani/WP-Guppy-A-live-chat-WP-JSON-API-Sensitive-Information-Disclosure"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24997",
        "datePublished": "2021-12-27T10:33:26.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:49:14.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24997 (GCVE-0-2021-24997)

    Vulnerability from nvd – Published: 2021-12-27 10:33 – Updated: 2024-08-03 19:49
    VLAI
    Title
    WP Guppy < 1.3 - Sensitive Information Disclosure
    Summary
    The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown WP Guppy Affected: 1.3 , < 1.3 (custom)
    Create a notification for this product.
    Credits
    Keyvan Hardani
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:49:14.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/747e6c7e-a167-4d82-b6e6-9e8613f0e900"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Keyvanhardani/WP-Guppy-A-live-chat-WP-JSON-API-Sensitive-Information-Disclosure"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WP Guppy",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.3",
                  "status": "affected",
                  "version": "1.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Keyvan Hardani"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-27T10:33:26.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/747e6c7e-a167-4d82-b6e6-9e8613f0e900"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Keyvanhardani/WP-Guppy-A-live-chat-WP-JSON-API-Sensitive-Information-Disclosure"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WP Guppy \u003c 1.3 - Sensitive Information Disclosure",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24997",
              "STATE": "PUBLIC",
              "TITLE": "WP Guppy \u003c 1.3 - Sensitive Information Disclosure"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WP Guppy",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.3",
                                "version_value": "1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Keyvan Hardani"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862 Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/747e6c7e-a167-4d82-b6e6-9e8613f0e900",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/747e6c7e-a167-4d82-b6e6-9e8613f0e900"
                },
                {
                  "name": "https://github.com/Keyvanhardani/WP-Guppy-A-live-chat-WP-JSON-API-Sensitive-Information-Disclosure",
                  "refsource": "MISC",
                  "url": "https://github.com/Keyvanhardani/WP-Guppy-A-live-chat-WP-JSON-API-Sensitive-Information-Disclosure"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24997",
        "datePublished": "2021-12-27T10:33:26.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:49:14.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }