cleantalk
Vulnerabilities and Security Researches

WP Guppy Lite – A live chat plugin for WordPress, CVE-2025-6792

CVE, Research URL

CVE-2025-6792

Home page URL

Security reports for WP Guppy Lite – A live chat plugin for WordPress

Application

WP Guppy Lite – A live chat plugin for WordPress

Published on
Feb 14, 2026
Research Description
The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/guppylite/v2/channel-authorize rest endpoint in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to intercept and view private chat messages between users.
Affected versions
max 1.1.4.
Status
vulnerable
Previous vulnerability researches
Prodigy Commerce (CVE-2024-54251) , Dec 11, 2024
Prodigy Commerce (CVE-2026-0926) , Apr 15, 2026
Prodigy Commerce (CVE-2024-54250) , Dec 15, 2024
New vulnerability
Integration Rede for WooCommerce (CVE-2026-0939) , Apr 16, 2026
Integration Rede for WooCommerce (CVE-2026-0942) , Apr 16, 2026
Katalogportal-pdf-sync Widget (CVE-2026-3649) , Apr 16, 2026
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress (CVE-2026-4949) , Apr 16, 2026
Church Admin (CVE-2026-0682) , Apr 16, 2026