CVE-2025-6792 One to one user Chat by WPGuppy <= 1.1.4 - Unauthenticated Information Disclosure via Chat Message Interception

The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/guppylite/v2/channel-authorize rest endpoint in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to...

PT-2026-8061

The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/guppylite/v2/channel-authorize rest endpoint in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to...

CVE-2025-49910 WordPress WPGuppy plugin <= 1.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPGuppy: from n/a through = 1.1.4...

CVE-2025-30775 WordPress WPGuppy plugin <= 1.1.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows SQL Injection.This issue affects WPGuppy: from n/a through = 1.1.3...

CVE-2025-24643

CVE-2025-24643 is a Missing Authorization vulnerability in the WordPress WPGuppy plugin (Amento Tech Pvt Ltd) affecting WPGuppy versions up to 1.1.0. Root cause: insufficient access control on WPGuppy features (e.g., One-to-one chat). Impact: unauthorized actions due to broken authorization. Reme...

CVE-2025-24643 WordPress WPGuppy plugin <= 1.1.0 - Broken Authentication vulnerability

Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPGuppy: from n/a through = 1.1.0...

WordPress WPGuppy plugin <= 1.1.0 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by l8BL in WordPress Plugin WPGuppy versions = 1.1.0...

CVE-2024-49222 WordPress WPGuppy plugin <= 1.1.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Object Injection.This issue affects WPGuppy: from n/a through = 1.1.0...

CVE-2024-56280

CVE-2024-56280 is a privilege-escalation vulnerability in the WordPress plugin WPGuppy by Amento Tech Pvt Ltd. The Red Hat advisory cites an “Incorrect Privilege Assignment” issue that enables privilege escalation for authenticated users (Subscriber+), affecting WPGuppy releases up to and includi...