CVE-2021-24997

Name of the Vulnerable Software and Affected Versions: WP Guppy WordPress plugin versions prior to 1.3

Description: The issue allows any user to call certain REST API endpoints without authorization, potentially leading to sensitive information disclosure, including usernames and chats between users. It also enables sending messages as an arbitrary user.

Recommendations: For WP Guppy WordPress plugin versions prior to 1.3, update to version 1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected REST API endpoints until the update is applied.