Guppy Wordpress extension Sensitive Information Disclosure CVE-2021-24997 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

10

Guppy Wordpress extension Sensitive Information Disclosure CVE-2021-24997 Scanner Detail

Guppy Wordpress extension allows Sensitive Information Disclosure Vulnerability.

The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user

Some Advice for Common Problems

You should update to latest version.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service