CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30775 – WordPress WPGuppy plugin <= 1.1.3 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-30775
27 Mar 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech Private Limited WPGuppy allows SQL Injection. This issue affects WPGuppy: from n/a through 1.1.3. The WPGuppy plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level a... • https://patchstack.com/database/wordpress/plugin/wpguppy-lite/vulnerability/wordpress-wpguppy-plugin-1-1-3-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24643 – WordPress WPGuppy plugin <= 1.1.0 - Broken Authentication vulnerability
https://notcve.org/view.php?id=CVE-2025-24643
09 Jan 2025 — Missing Authorization vulnerability in Amento Tech Pvt ltd WPGuppy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPGuppy: from n/a through 1.1.0. The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.0. This is due to the plugin not properly verifying a user's identity prior to using wp_set_current_user(). This makes it possible for unauthenticated attackers to spoof other users a... • https://patchstack.com/database/wordpress/plugin/wpguppy-lite/vulnerability/wordpress-wpguppy-plugin-1-1-0-broken-authentication-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56280 – WordPress WPGuppy plugin <= 1.1.0 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-56280
03 Jan 2025 — Incorrect Privilege Assignment vulnerability in Amento Tech Pvt ltd WPGuppy allows Privilege Escalation.This issue affects WPGuppy: from n/a through 1.1.0. La vulnerabilidad de asignación incorrecta de privilegios en WPGuppy de Amento Tech Pvt ltd permite la escalada de privilegios. Este problema afecta a WPGuppy: desde n/a hasta 1.1.0. The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.0. This makes it possible for authen... • https://patchstack.com/database/wordpress/plugin/wpguppy-lite/vulnerability/wordpress-wpguppy-plugin-1-1-0-privilege-escalation-vulnerability?_s_id=cve • CWE-266: Incorrect Privilege Assignment •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49222 – WordPress WPGuppy plugin <= 1.1.0 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-49222
03 Jan 2025 — Deserialization of Untrusted Data vulnerability in Amento Tech Pvt ltd WPGuppy allows Object Injection.This issue affects WPGuppy: from n/a through 1.1.0. La vulnerabilidad de deserialización de datos no confiables en Amento Tech Pvt ltd WPGuppy permite la inyección de objetos. Este problema afecta a WPGuppy: desde n/a hasta 1.1.0. The WPGuppy plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.1.0 via deserialization of untrusted input. This makes it possible for ... • https://patchstack.com/database/wordpress/plugin/wpguppy-lite/vulnerability/wordpress-wpguppy-plugin-1-1-0-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •