CVE-2021-24997
The CVE-2021-24997 entry concerns the WordPress WP Guppy plugin (versions before 1.3). The issue is a lack of authorization in certain REST API endpoints, enabling any user to call endpoints and potentially disclose sensitive information (e.g., usernames, user chats) and to send messages as anoth...