CVE-2025-68604 WordPress WPGraphQL plugin <= 2.5.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3...

CVE-2019-25060

The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site...

WordPress WPGraphQL Plugin Denial of Service

A denial of service vulnerability exists in WordPress WPGraphQL Plugin. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

CVE-2019-9880

An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username...

CVE-2019-9881

Summary (CVE-2019-9881): WPGraphQL 0.2.3 for WordPress allows unauthenticated users to post comments via the createComment mutation even when comments are disabled. This is evidenced by the Nuclei template for CVE-2019-9881 (and corroborating sources) which describe unauthenticated comment postin...