Lucene search
K

89 matches found

NVD
NVD
added 2026/03/24 1:17 a.m.7 views

CVE-2026-33290

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user including a custom role with zero capabilities to change moderation status of their own comment for example to APPROVE without the...

4.3CVSS0.00177EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/23 11:58 p.m.12 views

EUVD-2026-14666

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user including a custom role with zero capabilities to change moderation status of their own comment for example to APPROVE without the...

4.3CVSS5.8AI score0.00177EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/23 11:58 p.m.33 views

CVE-2026-33290 WPGraphQL Repo's updateComment allows low-privileged authenticated users to change comment moderation status (comment_approved) without moderate_comments permission

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user including a custom role with zero capabilities to change moderation status of their own comment for example to APPROVE without the...

4.3CVSS0.00177EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/23 11:58 p.m.5 views

CVE-2026-33290 WPGraphQL Repo's updateComment allows low-privileged authenticated users to change comment moderation status (comment_approved) without moderate_comments permission

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user including a custom role with zero capabilities to change moderation status of their own comment for example to APPROVE without the...

4.3CVSS5.8AI score0.00177EPSS
Exploits0References2
OSV
OSV
added 2026/03/23 11:58 p.m.9 views

CVE-2026-33290 WPGraphQL Repo's updateComment allows low-privileged authenticated users to change comment moderation status (comment_approved) without moderate_comments permission

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user including a custom role with zero capabilities to change moderation status of their own comment for example to APPROVE without the...

4.3CVSS5.9AI score0.00177EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.9 views

CVE-2026-27938

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...

7.7CVSS5.8AI score0.00786EPSS
Exploits0References1
NVD
NVD
added 2026/02/26 2:16 a.m.20 views

CVE-2026-27938

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...

7.7CVSS0.00786EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/26 1:10 a.m.2 views

CVE-2026-27938

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...

7.7CVSS6.1AI score0.00786EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/26 1:10 a.m.26 views

CVE-2026-27938 WPGraphQL Repo Vulnerable to Command Injection via Unsanitized GitHub Actions Expression in Release Workflow

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...

7.7CVSS0.00786EPSS
Exploits0References2
OSV
OSV
added 2026/02/26 1:10 a.m.10 views

CVE-2026-27938 WPGraphQL Repo Vulnerable to Command Injection via Unsanitized GitHub Actions Expression in Release Workflow

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...

7.7CVSS6AI score0.00786EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/12/12 5:59 p.m.5 views

WordPress WPGraphQL Smart Cache plugin < 2.0.1 - Unauthenticated Private Content Disclosure vulnerability

Unauthenticated Private Content Disclosure vulnerability discovered by WPscan in WordPress Plugin WPGraphQL Smart Cache versions 2.0.1...

7AI score
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-1773

Malicious code in bioql PyPI...

6.5CVSS6.8AI score0.0045EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 2:38 a.m.8 views

CVE-2023-23684

Server-Side Request Forgery SSRF vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5...

6.5CVSS6.9AI score0.0045EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:52 a.m.22 views

CVE-2022-1563

The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL...

5.3CVSS6.9AI score0.00724EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:3 a.m.10 views

CVE-2019-25060

The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site...

5.3CVSS6.5AI score0.01766EPSS
Exploits1References1
NVD
NVD
added 2024/01/16 4:15 p.m.12 views

CVE-2022-1563

The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL...

5.3CVSS5.4AI score0.00724EPSS
Exploits2References2
Prion
Prion
added 2024/01/16 4:15 p.m.27 views

Design/Logic Flaw

The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL...

5CVSS7.2AI score0.00724EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2024/01/16 3:50 p.m.21 views

CVE-2022-1563 WPGraphQL WooCommerce <= 0.11.0 - Unauthenticated Coupon Codes Disclosure

The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL...

5.7AI score0.00724EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2024/01/16 3:50 p.m.5 views

CVE-2022-1563 WPGraphQL WooCommerce <= 0.11.0 - Unauthenticated Coupon Codes Disclosure

The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL...

5.3AI score0.00724EPSS
Exploits2References2
OSV
OSV
added 2024/01/16 3:50 p.m.8 views

CVE-2022-1563 WPGraphQL WooCommerce <= 0.11.0 - Unauthenticated Coupon Codes Disclosure

The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL...

5.3CVSS6.1AI score0.00724EPSS
Exploits2References4
Rows per page
Query Builder