Security for everyone

CVE-2021-24997 Scanner

Detects 'Information Disclosure' vulnerability in WP Guppy plugin for Wordpress affects v. before 1.3.


Short Info




Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one


Parent Category

CVE-2021-24997 Scanner Detail

The WP Guppy plugin for WordPress is a tool designed for the purpose of helping website owners and administrators to provide a chat service between users. It is a simple and cost-effective solution that allows site visitors to connect with one another in real-time. With WP Guppy, website owners can add a chat feature to their site with ease. Users can chat privately or in groups, providing a sense of community among site visitors.

However, despite the benefits of the WP Guppy plugin, it has been found to contain a serious vulnerability, CVE-2021-24997. This vulnerability is a result of a lack of authentication in some of the plugin's REST API endpoints. As a result, anyone can call these endpoints, which can potentially lead to sensitive information disclosure. This vulnerability could expose users' personal data like usernames and chats between users. Even worse, it allows attackers to send messages as an arbitrary user.

When this vulnerability is exploited, it can lead to significant consequences for both website owners and users. Attackers could gain access to user data such as emails, phone numbers, and even passwords. They could use this information for identity theft or extortion. The risk is particularly high for sites that handle sensitive data like banking or healthcare information.

In conclusion, the WP Guppy plugin is a valuable tool for website owners to provide a chat service between users. However, it is critical to ensure the latest version of the plugin is used and that proper security precautions are taken to protect against vulnerabilities like CVE-2021-24997. By staying informed about vulnerabilities and taking proactive measures, website owners can safeguard their digital assets. Thanks to the pro features of, it's easy and quick to learn about vulnerabilities in your digital assets and how to protect against them.



cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture