LinkedIn: Previous commentor on post can still comment even after comment permission is changed to disabled

A logic error existed in the comment permission system that allowed users who had previously commented on a post to continue posting additional comments even after the post owner disabled commenting functionality. The vulnerability occurred when an account created a post with comments enabled,...

PT-2019-19914

Name of the Vulnerable Software and Affected Versions: WPGraphQL version 0.2.3 Description: The issue allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled, through the createComment mutation. Recommendations: For WPGraphQL version 0.2.3, consider...