EUVD-2025-17506

Malicious code in bioql PyPI...

CVE-2025-31920

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AmentoTech WP Guppy wp-guppy allows SQL Injection.This issue affects WP Guppy: from n/a through = 4.3.3...

CVE-2025-31920

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AmentoTech WP Guppy wp-guppy allows SQL Injection.This issue affects WP Guppy: from n/a through = 4.3.3...

CVE-2025-31920 WordPress WP Guppy <= 4.3.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AmentoTech WP Guppy allows SQL Injection. This issue affects WP Guppy: from n/a through 4.3.3...

CVE-2025-31920

CVE-2025-31920 describes an SQL Injection vulnerability in WordPress WP Guppy up to version 4.3.3, arising from improper neutralization of input in SQL commands. Multiple connected sources confirm the affected software and the root cause (SQL injection via WP Guppy). The CVSS base score is 8.5 (H...

CVE-2025-31920 WordPress WP Guppy plugin <= 4.3.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AmentoTech WP Guppy wp-guppy allows SQL Injection.This issue affects WP Guppy: from n/a through = 4.3.3...

PT-2025-24490 · Amentotech · Amentotech Wp Guppy

Name of the Vulnerable Software and Affected Versions: AmentoTech WP Guppy versions n/a through 4.3.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

CVE-2021-24997

The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user...

CVE-2021-24997

The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user...

Information disclosure

The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user...

CVE-2021-24997

The CVE-2021-24997 entry concerns the WordPress WP Guppy plugin (versions before 1.3). The issue is a lack of authorization in certain REST API endpoints, enabling any user to call endpoints and potentially disclose sensitive information (e.g., usernames, user chats) and to send messages as anoth...

Wordpress WP Guppy 1.1 Plugin - WP-JSON API Sensitive Information Disclosure Vulnerability

Exploit Title: Wordpress Plugin WP Guppy 1.1 - WP-JSON API Sensitive Information Disclosure Exploit Author: Keyvan Hardani Vendor Homepage: https://wp-guppy.com/ Version: up to 1.1 Tested on: Kali Linux - Windows 10 - Wordpress 5.8.x and apache2 Usage ./exploit.sh -h !/bin/bash Help Display Help...

Wordpress Plugin WP Guppy 1.1 - WP-JSON API Sensitive Information Disclosure

Exploit Title: Wordpress Plugin WP Guppy 1.1 - WP-JSON API Sensitive Information Disclosure Exploit Author: Keyvan Hardani Date: 22/11/2021 Vendor Homepage: https://wp-guppy.com/ Version: up to 1.1 Tested on: Kali Linux - Windows 10 - Wordpress 5.8.x and apache2 Usage ./exploit.sh -h !/bin/bash...