CVE-2025-6792

MEDIUM

WPGuppy plugin <1.1.4 - Info Disclosure

Title source: llm

Description

The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/guppylite/v2/channel-authorize rest endpoint in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to intercept and view private chat messages between users.

References (2)

[Product] https://wordpress.org/plugins/wpguppy-lite/

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/03774303-c9f4-4666-ac88-78f92aaf81dc?source=cve

Scores

CVSS v3 5.3

EPSS 0.0006

EPSS Percentile 18.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-306

Status draft

Timeline

Published Feb 14, 2026

Tracked Since Feb 18, 2026