.. / CVE-2021-24997

Exploit for WordPress Guppy <=1.1 - Information Disclosure (CVE-2021-24997)

Description:

WordPress Guppy plugin through 1.1 is susceptible to an API disclosure vulnerability. This can allow an attacker to obtain all user IDs and then use them to make API requests to get messages sent between users and/or send messages posing as one user to another.

Nuclei Template

View the template here CVE-2021-24997.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-24997.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://wpscan.com/vulnerability/747e6c7e-a167-4d82-b6e6-9e8613f0e900
https://www.exploit-db.com/exploits/50540
https://nvd.nist.gov/vuln/detail/CVE-2021-24997
https://patchstack.com/database/vulnerability/wp-guppy/wordpress-wp-guppy-plugin-1-2-sensitive-information-disclosure-vulnerability

.. / CVE-2021-24997 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Guppy <=1.1 - Information Disclosure (CVE-2021-24997)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-24997