2 matches found
WPEngine WPGraphQL 0.2.3 - Unauthenticated Comment Posting
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled. id: CVE-2019-9881 info: name: WPEngine WPGraphQL 0.2.3 - Unauthenticated Comment Posting author: intelligent-ears severity:...
CVE-2019-9881
Summary (CVE-2019-9881): WPGraphQL 0.2.3 for WordPress allows unauthenticated users to post comments via the createComment mutation even when comments are disabled. This is evidenced by the Nuclei template for CVE-2019-9881 (and corroborating sources) which describe unauthenticated comment postin...