44 matches found
CVE-2025-6792 One to one user Chat by WPGuppy <= 1.1.4 - Unauthenticated Information Disclosure via Chat Message Interception
The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/guppylite/v2/channel-authorize rest endpoint in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to...
WordPress plugin One to one user Chat by WPGuppy 访问控制错误漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
PT-2026-8061
The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/guppylite/v2/channel-authorize rest endpoint in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to...
CVE-2025-49910
Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPGuppy: from n/a through = 1.1.4...
EUVD-2025-35545
Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPGuppy: from n/a through = 1.1.4...
CVE-2025-49910
Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPGuppy: from n/a through = 1.1.4...
CVE-2025-49910
CVE-2025-49910 affects the WordPress plugin WPGuppy (wpguppy-lite) up to version 1.1.4. The issue is a missing authorization that allows access to functionality not properly constrained by ACLs, per Red Hat, NVD/CVE records, and third-party advisories. Affected versions are listed as
CVE-2025-49910 WordPress WPGuppy plugin <= 1.1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPGuppy: from n/a through = 1.1.4...
CVE-2025-49910 WordPress WPGuppy plugin <= 1.1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPGuppy: from n/a through = 1.1.4...
PT-2025-43177
Name of the Vulnerable Software and Affected Versions WPGuppy versions through 1.1.4 Description A missing authorization issue exists in AmentoTech Private Limited WPGuppy wpguppy-lite. This allows access to functionality that is not properly constrained by Access Control Lists ACLs...
WordPress Plugin WPGuppy 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
EUVD-2024-43768
Malicious code in bioql PyPI...
EUVD-2025-3842
Malicious code in bioql PyPI...
EUVD-2025-8383
Malicious code in bioql PyPI...
EUVD-2024-53077
Malicious code in bioql PyPI...
WordPress WPGuppy plugin <= 1.1.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WPGuppy versions = 1.1.4...
CVE-2025-30775
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows SQL Injection.This issue affects WPGuppy: from n/a through = 1.1.3...
WordPress WPGuppy plugin <= 1.1.3 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WPGuppy versions = 1.1.3...
CVE-2025-30775
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows SQL Injection.This issue affects WPGuppy: from n/a through = 1.1.3...
CVE-2025-30775 WordPress WPGuppy plugin <= 1.1.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows SQL Injection.This issue affects WPGuppy: from n/a through = 1.1.3...