cleantalk
Vulnerabilities and Security Researches

WP Guppy Lite – A live chat plugin for WordPress, CVE-2025-6792

CVE, Research URL

CVE-2025-6792

Home page URL

Security reports for WP Guppy Lite – A live chat plugin for WordPress

Application

WP Guppy Lite – A live chat plugin for WordPress

Published on
Feb 14, 2026
Research Description
The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/guppylite/v2/channel-authorize rest endpoint in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to intercept and view private chat messages between users.
Affected versions
max 1.1.4.
Status
vulnerable
Previous vulnerability researches
XO Event Calendar (CVE-2026-0556) , Apr 16, 2026
XO Event Calendar (92562c6c-94a4-427d-97dc-7f5ffddcb6d8) , Jun 07, 2024
New vulnerability
CP Image Store with Slideshow (CVE-2026-0684) , Apr 16, 2026
Payment Page | Best Payment Plugin for Stripe & PayPal (CVE-2026-0751) , Apr 16, 2026
SIBS woocommerce payment gateway (CVE-2026-1370) , Apr 16, 2026
Docus – YouTube Video Playlist (CVE-2026-1888) , Apr 16, 2026
Change WP URL (CVE-2026-1398) , Apr 16, 2026