Enhancement: cves/2021/CVE-2021-24997.yaml by md
parent
618caa2387
commit
e48aac4d61
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2021-24997
|
||||
|
||||
info:
|
||||
name: Wordpress Guppy <=1.1 - User ID Disclosure
|
||||
name: WordPress Guppy <=1.1 - Information Disclosure
|
||||
author: Evan Rubinstein
|
||||
severity: medium
|
||||
description: Instances of the Guppy Wordpress extension up to 1.1 are vulnerable to an API disclosure vulnerability which allows remote unauthenticated attackrs to obtain all user IDs, and then use that information to make API requests to either get messages sent between users, or send messages posing as one user to another.
|
||||
description: WordPress Guppy plugin through 1.1 is susceptible to an API disclosure vulnerability. This can allow an attacker to obtain all user IDs and then use them to make API requests to get messages sent between users and/or send messages posing as one user to another.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/50540
|
||||
- https://patchstack.com/database/vulnerability/wp-guppy/wordpress-wp-guppy-plugin-1-2-sensitive-information-disclosure-vulnerability
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24997
|
||||
- https://wpscan.com/vulnerability/747e6c7e-a167-4d82-b6e6-9e8613f0e900
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24997
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
||||
cvss-score: 6.5
|
||||
|
@ -35,3 +35,5 @@ requests:
|
|||
- '"userId":'
|
||||
- '"type":'
|
||||
condition: and
|
||||
|
||||
# Enhanced by md on 2023/02/01
|
||||
|
|
Loading…
Reference in New Issue