Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

89 matches found

Nuclei
Nucleiadded yesterday19 views

WPEngine WPGraphQL 0.2.3 - Unauthenticated Comment Posting

The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled. id: CVE-2019-9881 info: name: WPEngine WPGraphQL 0.2.3 - Unauthenticated Comment Posting author: intelligent-ears severity:...

5.3CVSS6.4AI score0.18832EPSS
Exploits3References4
Nuclei
Nucleiadded 2 days ago26 views

WPGraphQL 0.2.3 - User Creation

The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation. id: CVE-2019-9879 info: name: WPGraphQL 0.2.3 - User Creation author: DhiyaneshDk severity:...

9.8CVSS7.4AI score0.46614EPSS
Exploits3References4
EUVD
EUVDadded 2026/06/15 9:30 p.m.7 views

EUVD-2026-36975

Unauthenticated SQL Injection in WPGraphQL 2.11.1 versions...

7.5CVSS5.7AI score0.00251EPSS
Exploits0References2
NVD
NVDadded 2026/06/15 9:16 p.m.5 views

CVE-2026-40762

Unauthenticated SQL Injection in WPGraphQL 2.11.1 versions...

7.5CVSS0.00251EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/15 8:18 p.m.27 views

CVE-2026-40762 WordPress WPGraphQL plugin < 2.11.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in WPGraphQL 2.11.1 versions...

7.5CVSS0.00251EPSS
Exploits0References1
CVE
CVEadded 2026/06/15 8:18 p.m.12 views

CVE-2026-40762

The WPGraphQL WordPress plugin is affected by an unauthenticated SQL Injection in versions earlier than 2.11.1. The issue originates in WPGraphQL

7.5CVSS5.7AI score0.00251EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/06/15 12:0 a.m.10 views

PT-2026-49410

Unauthenticated SQL Injection in WPGraphQL 2.11.1 versions...

7.5CVSS5.7AI score0.00251EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/06/05 7:41 p.m.7 views

CVE-2025-68604

Cross-Site Request Forgery CSRF vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3...

5.4CVSS5.4AI score0.00092EPSS
Exploits0References1
NVD
NVDadded 2026/05/15 7:16 p.m.11 views

CVE-2021-47959

WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloa...

8.7CVSS0.00451EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/15 6:36 p.m.4 views

CVE-2021-47959

WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloa...

8.7CVSS5.8AI score0.00451EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/05/15 6:36 p.m.33 views

CVE-2021-47959 WordPress Plugin WPGraphQL 1.3.5 Denial of Service

WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloa...

8.7CVSS0.00451EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/15 6:36 p.m.9 views

EUVD-2021-34814

WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloa...

8.7CVSS5.8AI score0.00451EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/15 12:0 a.m.10 views

PT-2026-41340

WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloa...

8.7CVSS5.8AI score0.00451EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/07 7:40 a.m.6 views

CVE-2025-68604 WordPress WPGraphQL plugin <= 2.5.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3...

5.4CVSS5.8AI score0.00092EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/07 7:40 a.m.33 views

CVE-2025-68604 WordPress WPGraphQL plugin <= 2.5.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3...

5.4CVSS0.00092EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/07 7:40 a.m.4 views

CVE-2025-68604

Cross-Site Request Forgery CSRF vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3...

5.4CVSS5.8AI score0.00092EPSS
Exploits0References2
Patchstack
Patchstackadded 2026/05/07 7:39 a.m.12 views

WordPress WPGraphQL plugin <= 2.5.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin WPGraphQL versions = 2.5.3...

5.4CVSS5.8AI score0.00092EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/07 12:0 a.m.11 views

PT-2026-38354

Cross-Site Request Forgery CSRF vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3...

5.4CVSS5.8AI score0.00092EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 3:9 p.m.4 views

CVE-2026-33290

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user including a custom role with zero capabilities to change moderation status of their own comment for example to APPROVE without the...

4.3CVSS5.8AI score0.00177EPSS
Exploits0References1
Patchstack
Patchstackadded 2026/03/24 7:36 p.m.6 views

WordPress WPGraphQL plugin <= 2.9.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by sshell in WordPress Plugin WPGraphQL versions = 2.9.1...

4.3CVSS5.8AI score0.00177EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder