Medium severity6.5NVD Advisory· Published Dec 27, 2021· Updated Jun 17, 2026
CVE-2021-24997
CVE-2021-24997
Description
The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/747e6c7e-a167-4d82-b6e6-9e8613f0e900nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.