Lucene search

K

WPGraphQL Security Vulnerabilities

cve
cve

CVE-2022-1563

The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via...

5.3CVSS

5.4AI Score

0.001EPSS

2024-01-16 04:15 PM
20
cve
cve

CVE-2023-23684

Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through...

6.5CVSS

6.4AI Score

0.0005EPSS

2023-11-13 03:15 AM
2404
cve
cve

CVE-2019-25060

The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the...

5.3CVSS

5.1AI Score

0.001EPSS

2022-05-09 05:15 PM
2097
5
cve
cve

CVE-2019-9879

The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser...

9.8CVSS

9.3AI Score

0.728EPSS

2019-06-10 06:29 PM
77
cve
cve

CVE-2019-9880

An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and...

9.1CVSS

9.1AI Score

0.138EPSS

2019-06-10 06:29 PM
71
cve
cve

CVE-2019-9881

The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is...

5.3CVSS

5.6AI Score

0.048EPSS

2019-06-10 06:29 PM
77