Medium severity5.3NVD Advisory· Published Feb 14, 2026· Updated Apr 15, 2026
CVE-2025-6792
CVE-2025-6792
Description
The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/guppylite/v2/channel-authorize rest endpoint in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to intercept and view private chat messages between users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.1.4
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.